Key TakeawaysA new Android Banking Trojan, “Brokewell”, was identified as distributing via a fake Chrome Update phishing site.
The malware’s development is attributed to the developer, “Baron Samedit,” who manages the “Brokewell Cyber Labs” project.
Utilizing Gitea, the malware developer hosts the Brokewell Android Loader project repository and shares underground forum links related to their profile. …
Read More Tag: MOBILE
Summary: The Department of Justice has announced the arrest of the founders of Samourai Wallet, a cryptocurrency mixing service that allegedly facilitated money laundering and sanctions evasion, obscuring the origins of at least $100 million in criminal proceeds.
Threat Actor: Samourai Wallet | Samourai Wallet Victim: N/A
Key Point :
The founders of Samourai Wallet, Keonne Rodriguez and William Lonergan Hill, created features explicitly designed to help criminals engage in large-scale money laundering and sanctions evasion.…Summary: The Federal Trade Commission (FTC) is providing $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked due to insufficient security measures.
Threat Actor: Amazon employees and contractors
Victim: Ring users
Key Point :
The FTC is sending $5.6 million in refunds to Ring users who had their private video feeds accessed without consent or experienced security breaches.…Victim: hominemclinic.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=142 Discovered: 2024-04-25 00:17:01.138591 Published: 2024-04-24 19:44:01.000000 Description :
We are a medical clinic specialized in male sexual health care, focusing on the treatment of erectile dysfunction, premature ejaculation, and andropause. Message to all men with sexual problems who are Hominem patients: THIS CLINIC DOES NOT PROTECT YOUR DATA AND YOUR PRIVACY, AND SOON EVERYONE WILL KNOW ABOUT YOUR PROBLEMS.…Threat Actor: APT73 (Eraleign) | APT73 Victim: Trifecta Technologies, Inc. | Trifecta Technologies Price: Not specified Exfiltrated Data Type: Private and personal confidential data, confluence dump, clients documents, budget, payroll, IDs, taxes, finance information, personal details of employees
Additional Information :
APT73 is a new ransomware group known as Eraleign.…Summary: Security vulnerabilities in cloud-based pinyin keyboard apps have been discovered, which could allow threat actors to access users’ keystrokes.
Threat Actor: Various threat actors targeting users of cloud-based pinyin keyboard apps. Victim: Users of cloud-based pinyin keyboard apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.…
Summary: The US State Department is imposing visa restrictions on individuals involved in the development and sale of commercial spyware, targeting those who have targeted journalists, academics, human rights defenders, dissidents, and US government personnel.
Threat Actor: Commercial spyware developers and sellers.
Victim: Journalists, academics, human rights defenders, dissidents, and US government personnel.…
Key TakeawaysCyble Research & Intelligence Labs (CRIL) identified a DragonForce ransomware binary based on LOCKBIT Black ransomware, suggesting the threat actors behind DragonForce used a leaked builder of LOCKBIT Black ransomware to generate their binary.
In September 2022, an X (Twitter) user shared the download link for the LockBit ransomware builder, which allows threat actors to customize ransomware payloads according to their preferences. …
Read More Victim: www.drwilliansegalin.com.br Country : Brazil Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=128 Discovered: 2024-04-24 00:10:12.685358 Published: 2024-04-23 19:56:05.000000 Description :
Another outlaw plastic surgeon who does not protect his patients’ privacy safely. Dr. Willian, if you care about your patients’ data and privacy, stop driving your Mustang around like a negligent doctor and avoid remaining silent.…Threat Actor: Unknown | Unknown Victim: Chinese iPhone and Huawei Users | Chinese iPhone and Huawei Users Price: $6200 for iPhone dataset, $1300 for Huawei dataset Exfiltrated Data Type: Personal information of iPhone iOS and Huawei mobile phone users in China
Additional Information :
The database contains the personal information of iPhone iOS and Huawei mobile phone users across China.…
Key PointsAvast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers
Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved
The campaign was orchestrated by a threat actor with possible ties to Kimsuky
Two different types of backdoors have been discovered, targeting large corporate networks
The final payload distributed by GuptiMiner was also XMRigIntroduction
Read More We’ve been tracking a curious one here.…
Victim: draandrearechia.com.br Country : Unknown Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=75 Discovered: 2024-04-23 02:00:47.923489 Description :
Dr. Andrea Rechia is another Brazilian plastic surgeon who doesn’t care about the data and privacy of her patients. Numerous attempts were made to contact her; however, she chose to remain silent instead of protecting her patients’ privacy.…Have you ever encountered the term ‘double agent’? Recently, we’ve had the opportunity to revisit this concept in Austria. Setting aside real-world affairs for prosecutors and journalists, let’s explore what this term means in the digital world as I continue my journey tracking malicious Python packages.…
Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.
Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces
Key Point :
Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.
Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services
Key Point :
Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.
They are broken down into appropriate categories such as:
area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…Victim: www.drlincoln.com.br Country : Brazil Actor: qiulong Source: http://62brsjf2w77ihz5paods33cdgqnon54gjns5nmag3hmqv6fcwamtkmad.onion/?p=50 Discovered: 2024-04-22 04:36:40.432900 Description :
If you are a patient of Dr. Lincoln Graça Neto, you should know that he doesn’t care about your data and your privacy. The clinic is located in Curitiba, in the Batel neighborhood, a noble area of the capital of Paraná, with easy access and a modern and pleasant physical structure.…As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the nation remains a prime target for a myriad of cyber threats. From state-sponsored actors seeking to undermine national security to sophisticated cybercriminal organizations aiming to exploit vulnerabilities for financial gain, the USA’s threat landscape is diverse and complex.…
In early 2024, Group-IB’s Threat Intelligence team observed a surge in phishing URLs targeting INTERAC, a Canadian payment service. Subsequently, a client operating in Canada reported an uptick in phishing attempts against their customers and shared a suspicious URL, lab-host[.]ru, prompting an investigation.
This inquiry unveiled a connection between the shared URL and INTERAC phishing pages, all originating from the LabHost Phishing-as-a-Service (PhaaS) platform.…
New research from Recorded Futures Insikt Group focuses on the growing threat of a possible "mobile NotPetya" event. Through zero-click exploits, a self-propagating mobile malware could infiltrate smartphones at scale. The threat has increased sharply in the past few years as spyware companies continually refine zero-click exploits.…