BleepingComputer reports that at least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message capability to disseminate information-stealing malware.
Armorblox researchers discovered that the new WhatsApp voice message phishing attack involves the use of an email from the "Whatsapp Notifier" service using an address owned by the Center for Road Safety of the Moscow Region, which notifies recipients regarding a new private message, with the email including a "Play" button, as well as the duration of the audio clip and details regarding the creation of the message. Clicking on the "Play" button will redirect recipients to a website that will trigger an allow/block prompt for JS/Kryptic trojan installation, with users lured to click "Allow" to confirm that they are not a robot. Selecting "Allow" would then prompt the installation of the information-stealing malware, according to researchers. Users have been urged to identify signs of fraudulent activity to better protect themselves from phishing attempts.
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool
Threat actors have been leveraging Telegram to promote the new Titan Stealer information-stealing malware, which targets Windows machines to exfiltrate browser and cryptocurrency wallet data, reports The Hacker News.