Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The platform, dubbed “Fantasy Hub,” allows unskilled threat actors to launch sophisticated malware campaigns that trick victims into granting access to their bank accounts.

Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim into copying and pasting a malicious command, then running it on their computer. In the instance observed by Push Security, the phishing page has a pop-up box that appears to be from Cloudflare, instructing the user to press the keyboard shortcuts necessary to open a terminal and run a command.

KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass certain technical controls. Welcome to the era of “Quantum Route Redirect.".

Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these apps simply collect user data to be sold to advertising services, while others act as full-fledged malware.

A phishing campaign is using invisible characters to evade security filters, according to Jan Kopriva at the SANS Internet Storm Center. The emails use soft hyphens to break up the subject line “Your Password is About to Expire” so the messages aren’t flagged as malicious. The email client doesn’t render the hyphens, however, so the user sees a normal sentence.

I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my! Not only is Microsoft holding five emails headed to me, but my “subscription” is expiring on the same day. The “Unsubscribe” link was just a graphic, no URL. The URL to the main button, “Review All Held Messages results” was linked to the following path (shown below): That is clearly not Microsoft or microsoft.com.