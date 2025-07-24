Cybernews reports that threat actors have been using fraudulent credit card alerts to enable password-stealing malware compromise.
Attacks commence with the distribution of malicious purchase confirmation emails purportedly from credit card firms that include an HTML-spoofing LNK file attachment, which opens a seemingly legitimate security page that downloads an HTA file, according to an analysis from the AhnLab Security Intelligence Center. Such a file then facilitates the deployment of a malicious DLL that compromises targeted systems' Chrome browser with malware through reflective DLL injection. Aside from enabling keylogging and data exfiltration, the injected malware also allows backdoor access for subsequent intrusions, said ASEC researchers. The findings come as information-stealing malware was noted by Huntress researchers to continue being among the most pervasive cybersecurity threats, with detections increasing 104% year-over-year. Another Cybernews report showed ransomware intrusions to increase 108% during the first three months of 2025.
