Modern crypto drainers don’t hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. […]
Tag: trick
AI, Global Security News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying.…
AI, Compliance, Global Security News
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 countries, but concentrated primarily on targets in the United States. Microsoft didn’t say…
Global Security News, malware
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. […]
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer. This malware steals “… sensitive data including saved passwords, browser…
Global Security News
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates.
Global Security News
Phishing Pages for Zoom and Google Meet Install Teramind Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates.
AI, Global Security News
Hackers Use 1Campaign to Hide Malicious Ads From Google Reviewers
Varonis Threat Labs reveals 1Campaign, a platform used to trick Google Ads and hide phishing pages. Learn how this cloaking tool targets real users while evading security.
AI, Global Security News
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer
Malicious OpenClaw skills trick AI agents and users into installing a new AMOS variant that steals extensive data at scale.
AI, china, Global Security News, malware, Network Security
SmartLoader hackers clone Oura MCP project to spread StealC malware
Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks…
AI, Global Security News, malware
ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT
ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows
A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that display convincing Cloudflare-style security checks, prompting victims to manually execute malicious PowerShell commands under the guise of routine verification. “StealC exfiltrates browser credentials, cryptocurrency wallets, Steam accounts, Outlook…