Researchers have observed a current credit card stealing campaign dubbed Classicscam in Singapore, in which the payment details of the sellers on classified websites are swiped via an elaborate phishing scheme. The credit card stealers tried to transfer funds to their accounts through a one-time passcode on the targeted bank’s authentic platform. The researchers monitoring...Continue Reading
Malicious threat actors have been abusing the open redirects of Amex and Snapchat websites as part of their phishing campaign that targets Microsoft 365 users. An open redirect is when a website lets any random users specify a redirect URL at will and enables traffic transfer. In three months, the threat actors were discovered distributing...Continue Reading
Our team on iZOOlogic has recently spotted malicious operators having an ongoing exploit with Hostinger’s preview domain feature to host phishing websites. The domain “preview-domain[.]com”, owned by Hostinger International and registered in 2019, is a service offering website preview provider once a customer purchases hosting services. Users can access the site via the preview domain...Continue Reading
A warning was sent to Chase Bank customers regarding a newly discovered phishing attack that threatened to harvest numerous credentials. A researcher revealed how the threat actors used the fraudulent website to deceive the banking institutions’ clients. Based on the analysis, the malicious phishing operators attempted to harvest different credentials by designing a phishing site...Continue Reading
The Holy Ghost ransomware campaign operated by North Korea has been active for more than a year. This ransomware operation has been a menace to small businesses in different countries. Cybersecurity researchers from MSTIC constantly monitor the Holy Ghost ransomware group, which they call DEV-0530. Based on the latest report from an analyst, the initial...Continue Reading
A new botnet, dubbed Mantis, that security researchers spotted last June was said to have performed a record-breaking DDoS (distributed denial-of-service) attack against its targets, being described as one of the most powerful botnet variants. From the reports about the Mantis botnet, its attacks had topped at 26 million HTTPS requests per second, coming from...Continue Reading
Researchers discovered a new Android malware called Revive that targets the BBVA bank accounts in Spain by impersonating its 2FA app. The malware focuses its attacks on the bank and its customers. The Android malware heavily depends on phishing attacks to target victims. The phishing messages instruct the targeted customers that the 2FA app included...Continue Reading
One of the largest NFT marketplaces, OpenSea, announced suffering from a data breach and warned its users against cyberattacks like phishing since threat actors could use the stolen data for carrying out malicious activities. With over 600,000 active users, the NFT marketplace boasts over $20 billion in transaction volume since its emergence. Based on the...Continue Reading
The BRATA banking trojan has upped its games by evolving and improving its capabilities. Based on reports, the trojan has now included an information-stealing ability to target financial applications. Moreover, BRATA has shown that it can now execute an extensive persistence in the targeted entity while harvesting essential information. Some of the new changes in...Continue Reading
The Flagstar Bank published an advisory regarding a data breach incident where hackers got ahold of the personal data of its 1.5 million customers during a cyberattack last year. Flagstar is a Michigan-based financial services provider and one of the biggest banks in the United States. Reports stated that the bank’s current total assets are...Continue Reading