This Windows PowerShell Phish Has Scary Potential

Credit to Author: BrianKrebs| Date: Thu, 19 Sep 2024 19:39:09 +0000

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

Read more

Phishing campaigns are using AMP URLs to avoid detection

Categories: Awareness

Categories: News

Tags: phishing

Tags: amp

Tags: url

Tags: captcha

Tags: redirection

Researchers have found a new phishing tactic that uses Google Accelerated Mobile Pages (AMP) URLs to look trustworthy

(Read more…)

The post Phishing campaigns are using AMP URLs to avoid detection appeared first on Malwarebytes Labs.

Read more

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

Credit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000

A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.

The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.

Read more

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Credit to Author: Pieter Arntz| Date: Mon, 16 May 2022 11:54:12 +0000

Threat actors have launched a new campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites designed to get visitors to accept web push notifications.

The post Fake reCAPTCHA forms dupe users via compromised WordPress sites appeared first on Malwarebytes Labs.

Read more

Drive-by cryptomining campaign targets millions of Android users

Credit to Author: Jérôme Segura| Date: Mon, 12 Feb 2018 14:00:24 +0000

Android users have been exposed to drive-by cryptomining in one of the largest campaigns that we have detected so far.

Categories:

Tags:

(Read more…)

The post Drive-by cryptomining campaign targets millions of Android users appeared first on Malwarebytes Labs.

Read more

Where’s the Macro? Malware authors are now using OLE embedding to deliver malicious files

Recently, we’ve seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we’ve seen macros used in a similar matter, and this use of OLE might indicate a shift in behavior as administrators and enterprises are mitigating against this…

Read more