Attackers who made fraudulent but verified Ross Ulbricht accounts on X, formerly Twitter, sought to lure users into joining Telegram channels purporting to be Ulbricht portals, which provided a walk through on the bogus Safeguard identity verification process leading to a Telegram mini app with a hoax verification dialog.
Attackers have used a malicious Google ad with Homebrew's proper "brew.sh" URL to redirect to the typosquatted "brewe[.]sh" site, which lures targets into downloading the package manager that enables infostealer malware execution, according to security researcher Ryan Chenkie.
Threat actors leveraged a phishing webpage luring targets into downloading a legitimate software-spoofing Microsoft Installer package that conceals its malicious nature by launching the app while executing a malicious DLL to deploy the multi-stage PNGPlug loader, a report from Intezer showed.
STAC5143 commenced its attacks with the delivery of a deluge of spam messages followed by a Teams call purporting to be from "Help Desk Manager" that sought Teams-based remote screen control access to enable command execution and backdoor deployment, according to an analysis from Sophos.
Aside from engaging in a fraud scheme against the Texas Department of Motor Vehicles via smishing victim data, Honesty and his co-conspirators also dabbled in bogus Paycheck Protection Program loan applications and fake tax returns from April to October 2021 that led the Small Business Administration to lose more than $500,000, court documents showed.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
