Tag: MOBILE

Dubbed information stealer spotted stealing sensitive Data

Phishing sites are becoming an increasingly attractive target for Threat Actors (TAs) to lure victims into stealing sensitive information, and downloading other malware, such as RAT, Ransomware, etc., to damage the victim’s machine. Generally, the link of these phishing pages arrives to users via SMS, Email, social networks, etc.…

Read More
Windows Shortcut files used to deliver payload

Online digital tools are used by many people today simply due to their ease of use and the fact that they provide a platform for the user to perform various operations effectively. These tools are web-based software hosted on websites and can be accessed via the internet without having to download and install anything on the user’s machine.…

Read More
Fake Windows Defender Alerts weaponized to target users

A tech support scam is an extensive fraud where the scammer offers a support service for any legitimate entity and lures the victim into contacting the scammer via a fake support helpline number. After contacting the helpline, the scammer gains access to the victim’s machine and can perform activities such as fraudulent transactions, stealing sensitive data, etc.…

Read More
Threat Actor Leveraging Discord Channel to Spread Malware

Cyble Research and Intelligence Labs (CRIL) has continuously monitored phishing campaigns that distribute different malware families such as stealer, proxyware, among others.

Recently, CRIL identified a malicious site hxxps://cloud-spoofer[.]xyz, which redirects the user to a discord channel where the announcement is made by the Threat Actor (TA) for selling the spoofer to get unban from FiveM.…

Read More
Destructive Fake Ransomware Wiping Out System Drives

Cyble Research and Intelligence Labs (CRIL) has continuously monitored phishing campaigns that distribute different malware families. Recently, CRIL spotted an adult website, distributing a fake ransomware executable. The Fake Ransomware does not encrypt files instead it changes file names and their extensions, drops ransom notes, and threatens victims to pay ransom like usual ransomware families.…

Read More

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

We discovered a threat actor we named Water Labbu that was targeting cryptocurrency scam websites. Typically, cryptocurrency scammers use social engineering techniques,  interacting with victims to gain their trust and then manipulating them into providing the permissions needed to transfer cryptocurrency assets.…

Read More
Threat Actor Leaking Victim Details Via Telegram

Ransomware is one of the most serious cybersecurity threats and possibly the most effective form of cybercrime that plagues organizations today. It has quickly become one of the most prominent and profitable types of malware for cybercriminals.

“Bl00dy” is a new ransomware strain targeting organizations using double extortion techniques.…

Read More
Executive SummaryThe cyber mercenary group known as Void Balaur continues to expand their hack-for-hire campaigns into 2022 unphased by disruptions to their online advertising personas. New targets include a wide variety of industries, often with particular business or political interests tied to Russia. Void Balaur also goes after targets valuable for prepositioning or facilitating future attacks.…
Read More
Executive Summary

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper.…

Read More
Scammers impersonating National Tax Agency to steal V-Preca Card details

During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned a new phishing campaign imitating the page of the National Tax Agency, which targets Japanese users by tricking users into sharing sensitive information with Threat Actors (TAs).…

Read More
Delivers Payload Using Post Exploitation Framework

During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns.

Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc.…

Read More

While conducting our routine threat hunting exercises, Cyble Research and Intelligence Labs (CRIL) came across instances of the PowerShell Empire command and control (C&C) infrastructure. The PowerShell Empire is a post-exploitation red teaming tool used for creating stagers that connect to C&C servers after an initial compromise through vectors such as phishing emails, exploiting public-facing IT systems, and watering hole attacks, etc.…

Read More
Payment Data Stolen From Compromised Magento Sites

During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting JavaScript skimmer created by the Magecart threat group (a consortium of malicious hacker groups who target online shopping cart systems) that steals payment information from the Magento e-commerce website.…

Read More

Proofpoint’s Threat Research Team details a recent cyber espionage campaign targeting entities globally and conducted by a threat actor publicly which was attributed in 2021 by multiple governments and was the focus of a 2021 indictment by the US Department of Justice. The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea.…

Read More