How account takeovers work Account takeover – the criminal use of compromised online accounts – has the potential to be immensely profitable. Hackers steal credentials from individuals (see phishing) or target an entire organization using bots. They then use these stolen credentials to take ownership of the compromised accounts or sell credentials lists to other cybercriminals. Whoever […]
Phishing As A Service Tool
A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. Greatness, for now, is only focused on Microsoft 365 phishing pages, […]
Rhadamanthys: New Stealer Spreading Through Google Ads
Recently, Cyble came across a new strain of malware called “Rhadamanthys Stealer.” This stealer variant is active, and the TA behind the malware stealer is selling this under the Malware as a Service (MaaS) model. Rhadamanthys stealer spreads by using Google Ads that redirect the user to phishing websites that mimic popular software such as […]
Phishing Attack leads to Remote Admin Access
Iranian cybercrime group, MuddyWater, used legitimate companies’ emails in phishing attacks, Deep Instinct reported in their recent blog, New MuddyWater Threat: Old Kitten; New Tricks. The attackers tried to install malicious remote administration software on recipients’ systems by sending spam links as HTML attachments—a tactic to evade email security solutions. Since 2017, the group has targeted […]
Spear-phising for Malware Delivery
Since it first started being active in 2020, Earth Longzhi’s long-running campaign can be divided into two based on the range of time and toolset. During its first campaign deployed from 2020 to 2021, Earth Longzhi targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China. In its second campaign […]
Why Cybercriminal like IPFS
The InterPlanetary File System (IPFS) is a Web3 technology designed to enable decentralized storage of resources on the internet. When content is stored on the IPFS network, it is mirrored across many systems that participate in the network, so that when one of these systems is unavailable, other systems can service requests for this content. […]
EvilProxy Phishing with MFA bypass found in Dark Web
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources […]
Monkeypox Phishing: Outbreak Becomes Latest Lure
Cofense’s Phishing Defense Center (PDC) has seen attempts to deceive enterprise staff with a series of monkeypox themed phishing emails. As this rare infection spreads around the globe and gains media attention, attackers are likely to continue tweaking their tactics. https://community.riskiq.com/article/9cd0632c
Phishing Domains Mimic Fortinet
RiskIQ: Phishing Domains Mimic Fortinet A suspicious domain mimicking Fortinet is currently hosted on an IP that has been previously flagged as a BUMBLEBEE command and control (C2) server.