A Chrome Extension propelling quick access to fake ChatGPT functionality was found to be hijacking Facebook accounts and installing hidden account backdoors. Particularly noticeable is the use of a malevolent silently forced Facebook app “backdoor” giving the threat actors super-admin permissions. By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of […]
Supply Chain Attack Using Identical PyPI Packages
The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. […]
Malicious Excel Add in
Cisco Talos reports advanced persistent threat actors and commodity malware families are using XLLs as an infection vector and this number continues to grow. Since Microsoft has started rolling out versions of Office applications which will block execution of any VBA macros by default, attackers have turned to abusing Add-ins. In terms of the file […]
Malicious PyPL module Poses as Security SDK
A malicious Python package is posing as a software development kit (SDK) for the security firm SentinelOne, researchers at ReversingLabs discovered. The package, SentinelOne has no connection to the noted threat detection firm of the same name and was first uploaded to PyPI, the Python Package Index, on Dec 11, 2022. It has been updated […]
Supply Chain Attack with Different PyPl Methods
In the beginning of November several malicious python packages distributing the W4SP malware were found in the Python Package Index (PyPI) open source repository. These packages contain malicious code, hidden inside init.py or setup.py scripts, which downloads a stage 2 payload from a remote location. Stage 2 payload is W4SP stealer capable of stealing a wide […]
RomCom Threat Actor Spoofs Keepass and Solarwinds
The threat actor known as RomCom is actively deploying new campaigns aimed at victims in Ukraine and English-speaking regions. The BlackBerry Threat Research and Intelligence Team discovered new campaigns that spoof popular brand-name software packages. The United Kingdom is possibly a new target, while Ukraine is still the main focus. Blackberry found RomCom leveraging the […]
Malicious extensions “Dormant Colors” Spreads to millions
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. The campaign starts with malvertising in the form of ads on web pages or redirects from videos and download links. If a site visitor […]
New Malicious Clicker Found in Android App
Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations. The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, […]
Malicious Tor Browser Spreads Through YouTube
While performing regular threat hunting activities, Kaspersky identified multiple downloads of previously unclustered malicious Tor Browser installers. According to their telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites. In this […]