Cybernews reports that widely used macOS utility CleanMyMac had its website impersonated to deploy the SHub Stealer malware, which not only compromises saved credentials, cryptocurrency wallets, and other data but also maintains a backdoor for persistence.
Fake installation guide pages for Anthropic's Claude Code have been leveraged to spread the Amatera information-stealing malware as part of a new InstallFix attack campaign, a new variant of the ClickFix social engineering method, reports BleepingComputer.
Threat actors have exploited the Windows Terminal app to facilitate the distribution of the Lumma Stealer malware as part of a sweeping ClickFix attack campaign initially observed last month, according to The Hacker News.
Multiple batch scripts have been weaponized to facilitate the delivery of the XWorm, AsyncRAT, and Xeno RAT payloads as part of the new multi-stage VOID#GEIST malware attack campaign, The Hacker News reports.
Interview with Anna Pham. Breaking in with ClickFix: Anatomy of a modern endpoint attack. Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also creat...
Cybernews reports that trojanized ZIP files purporting to be legitimate software, which are hosted in GitHub repositories promoted in Google search results, have enabled the compromise of nine web browsers, including Google Chrome, Microsoft Edge, and Brave, for the subsequent exfiltration of cryptocurrency wallets as part of the BoryptGrab attack campaign.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
