EtherRAT Spreads via Fake IT Support Calls on Microsoft Teams
Unit 42 uncovers Node.js-based RAT using Ethereum smart contracts for C2. Attackers impersonate IT staff on Teams calls to install remote access tools before deploying EtherRAT.
33 articles tagged with "Social Engineering"
Unit 42 uncovers Node.js-based RAT using Ethereum smart contracts for C2. Attackers impersonate IT staff on Teams calls to install remote access tools before deploying EtherRAT.
Opera becomes the first browser to ship native protection against ClickFix attacks with Paste Protect, blocking malicious clipboard content before users can execute it in terminals or command prompts.
19-year-old Peter Stokes extradited from Finland to face U.S. charges for alleged role in Scattered Spider operations including an $8 million jewelry retailer breach.
Scammers insert fake Norton, McAfee, and PayPal invoices into Shopify's Shop order-tracking app, then social engineer victims into installing remote access tools. Here's how it works.
Cybercriminals are using TikTok and Instagram Reels videos to distribute Vidar malware through fake software tutorials. One campaign accumulated over 100,000 views promoting 'free Spotify Premium' hacks.
Attackers exploited CVE-2026-26980 SQL injection in Ghost CMS to compromise 700+ websites including Harvard and Oxford, deploying ClickFix social engineering malware through fake CAPTCHA prompts.
Mandiant tracks UNC3753 hitting dozens of law firms via vishing and physical intrusions. Data theft to extortion in under one hour. FBI issues flash alert.
Silent Ransom Group escalates from vishing to physical infiltration. FBI FLASH alert warns 38+ law firms already breached, with operatives plugging USB drives into office computers.
Peter Stokes, 19, was detained while boarding a flight to Japan. Federal prosecutors allege he participated in breaches that forced companies to pay millions in ransoms.
North Korean threat actors are befriending targets on Facebook, building trust over weeks, then delivering RokRAT malware through trojanized PDF readers. Military and government officials targeted.
New extortion group BlackFile impersonates IT helpdesks via phone calls to steal credentials and demand seven-figure ransoms. Targets include retail chains and hospitality companies.
Google Cloud uncovers UNC6692, a threat actor impersonating IT helpdesk staff on Microsoft Teams to deploy the modular SNOW malware suite targeting senior executives.
Threat actors pose as VCs on LinkedIn, share weaponized Obsidian vaults that silently deploy an AI-generated backdoor using blockchain C2 infrastructure.
Microsoft Defender Experts identify multi-stage malware campaign using WhatsApp messages to deliver VBS scripts that bypass UAC and establish persistent Windows backdoors.
A new macOS infostealer combines ClickFix social engineering with Nuitka-compiled Python to evade detection. First documented campaign pairing these techniques.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
Storm-1811 actors flood inboxes with spam, then call via Microsoft Teams posing as IT support. Quick Assist grants access for A0Backdoor deployment.
Active phishing campaign uses spoofed email chains to trick LastPass users into revealing master passwords. Attackers generate thousands of URL variants leading to fake SSO pages.
Scattered Lapsus$ Hunters offers $500-$1,000 to recruit women for IT help desk social engineering attacks. The supergroup combines LAPSUS$, Scattered Spider, and ShinyHunters tactics.
Elastic Security Labs uncovers ClickFix campaign abusing compromised bincheck.io to deliver MIMICRAT, a custom C++ RAT with SOCKS5 tunneling and token impersonation capabilities.
Microsoft warns of ClickFix variant using nslookup commands to stage malware via DNS traffic. Delivers ModeloRAT through fileless attack chain.
SANS ISC documents phishing campaign using fabricated incident reports to steal MetaMask wallet credentials. Attackers host phishing pages on AWS S3.
Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.
Check Point documents 44% spike in fake Valentine's domains with 97.5% unclassified. Four in ten Valentine-themed emails are scams targeting U.S. consumers.
Germany's BfV and BSI issued a joint advisory warning of state-sponsored phishing campaigns targeting politicians, military officials, and journalists through Signal's device linking feature.
Learn how to detect deepfakes with visual clues, audio patterns, and authentication methods. Covers detection signs, AI tools, and practical defense strategies.
Learn what phishing is, the different types of phishing attacks (email, SMS, voice), red flags to watch for, and how to protect yourself from scams.
Attackers exploit Google Presentations' publish mode to host phishing pages that bypass Google's own security warnings, targeting Vivaldi Webmail users.
New campaign combines fake CAPTCHA pages with signed Microsoft scripts to bypass security tools and install Amatera infostealer on enterprise systems.
Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.
Fake maintenance emails urge users to backup their vaults before a deadline, redirecting victims to credential-harvesting sites. The campaign launched over MLK weekend.
North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.
Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.