Phishing news & analysis | SC Media

Phishing

Phishing emails imitate North American banks to infect recipients with TrickBot

By

An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list

By

Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

Hundreds of Delaware residents among the victims of BenefitMall breach

By

Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…

Phishing campaign throws Shade ransomware at Russians

By

Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments. The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous…

Russians targeted in Redaman banking malware operation

By

An ongoing email phishing campaign designed to spread Redaman banking malware aggressively targeted Russian-speakers, especially those with .ru addresses, over the last four months of 2018. Researchers at Palo Alto Networks’ Unit 42 division reported this week in a company blog post that from September through December, its threat intelligence service detected 3,845 email sessions…

Phishing kit leverages web fonts to obfuscate source code

By

In an apparent first, researchers last year observed an unusual phishing kit that obfuscates its landing page’s source code with web fonts as a means to avoid detection. Attackers recently used the kit as part of a credential harvesting scheme that targeted a major retail bank, researchers from Proofpoint revealed in a Jan. 3 blog…

Electrum wallet phishing and malware attacks net more than $750,000 in Bitcoin

By

A clever phishing attack targeting Electrum Bitcoin wallets has resulted in the theft of more than $750,000 worth of cryptocurrency at the time of writing. Electrum is a popular Bitcoin wallet which doesn’t require users to download the full blockchain and instead uses servers to remotely provide users with blockchain accessed through their wallet. A…

$30 RAT, WinSpy, involved in two phishing campaigns

Dozens of companies impersonated in evolving ‘Three Questions Quiz’ scam

By

There’s no question about it: the “Three Questions Quiz” is a scam, regardless of which legitimate brand it’s attempting to imitate. Indeed, a new blog post from Akamai Technologies identifies 78 unique brands impersonated over the past year by this well-established online phishing scheme, in which victims are tricked into giving away personal information to…

phishing tech2

Malicious document builder LCG Kit a key component in recent phishing campaigns

By

Researchers at Proofpoint have uncovered a sophisticated tool commonly used by malicious actors to build weaponized documents for phishing campaigns. Dubbed LCG Kit, the service has helped small crime groups create docs capable of spreading a variety of remote access trojans and information stealers, such as Loki Bot, FormBook, Agent Tesla, Remcos, AZORult, REvcode RAT and…

No news on if Iran will retaliate yet...

Charming Kitty targets U.S., Arab officials in wake of Iran sanctions

By

Hackers believed to be associated with Charming Kitty has ramped up their activities with a phishing campaign against American officials charged with enforcing economic sanctions imposed on Iran by President Trump. Citing research from Certfa, which discovered an open server listing Gmail and Yahoo email addresses in the hackers’ sights, AP said that the Iranian hacking group…

Next post in Security News