More threat actors have been leveraging the InterPlanetary File System for bulletproof malware hosting, SecurityWeek reports.
Utilizing IPFS allows attackers to not only have more resilient servers for malware hosting but also no malware storage-related costs, according to a Cisco Talos report. Attacks discovered using IPFS include a phishing scheme involving a fraudulent DocuSign PDF that exfiltrates collected data to an attacker-controlled web server, as well as an AgentTesla malspam campaign.
Such attacks may be averted by preventing IPFS gateway access, the report recommended.
"For now, if you're an organization that has no association with web3, and you're not dealing with NFTs, I would recommend simply blocking access to all the IPFS gateways because there's a maintained list of them. That would provide quite a bit of mitigation to this," said Cisco Talos, which noted that a long-term solution to the problem is yet to be seen amid the increased pervasiveness of NFT/blockchain apps on IPFS.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.
Numerous web browsers and cryptocurrency wallets on Windows systems are being targeted by the new Bandit Stealer information-stealing malware, which could also evade Windows Defender, and be used to facilitate data breaches, account takeovers, identity theft, and credential stuffing attacks, reports The Record, a news site by cybersecurity firm Recorded Future.