After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious code eventually resulting in the deployment of stealer malware that targets Windows, macOS, and Linux systems.
Intrusions part of the campaign, which has been primarily targeted at the education sector, commenced with the distribution of notification-spoofing phishing emails deceiving recipients into clicking a link that redirects to a seemingly legitimate ADFS portal seeking to compromise targets' second-factor authentication, according to an analysis from Abnormal Security.
Riot provides a cybersecurity training platform that simulates phishing attacks, detects data leaks, and educates employees through a chatbot named Albert.
Execution of the nefarious DeepSeek-spoofing "deepseeek" and "deepseekai" packages enabled the theft of user and system information, as well as database credentials.
Attackers who targeted Casio UK's website between Jan. 14 and 24 deployed a two-stage skimmer that consisted of an unobfuscated loader purporting to be a third-party script that triggers the second-stage skimmer that not only encrypted and exfiltrated contact information, credit card details, and billing addresses but also concealed malicious activity through XOR-based string masking and custom encoding.
Attacks involved luring targets looking for "Microsoft Ads" and other similar terms on Google Search into clicking on nefarious sponsored links, which redirect to a phishing page resembling the "ads.microsoft[.]com" site that seeks users' login credentials and two-factor authentication codes later used for account takeovers.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
