Malware

According to security researchers at web security firm c/side, the attack is widespread, with over 10,000 websites reportedly compromised.

Over 1,000 malicious apps and nearly 1,000 phone numbers have been leveraged by a single threat actor to facilitate the deployment of about 900 malware samples with similar code and user interface that were primarily aimed at banking app users, a Zimperium report showed.

Both Android and iOS versions of SparkCat exploit the Google ML Kit library's optical character recognition model to facilitate the exfiltration of crypto wallet recovery phrase-containing images to attackers' command-and-control server via Rust, a report from Kaspersky revealed.

Initial exploitation of SimpleHelp RMM vulnerabilities to link with a targeted endpoint is followed by the execution of several discovery commands obtaining system and network data, domain controller details, and CrowdStrike Falcon information, according to an analysis from cybersecurity provider Field Effect.

The North Korean APT group has leveraged a custom RDP Wrapper and new malware called forceCopy in recent campaigns.

Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs showed.

After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious code eventually resulting in the deployment of stealer malware that targets Windows, macOS, and Linux systems.

While infostealers are often seen as less dangerous compared with trojans, they can exfiltrate sensitive data, leading to data breaches.