Lumma Stealer – Threat Note

From The Hacker News – OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers

A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service. The threat intelligence firm said it

shaikh Saqib April 4, 2025

News

From The Hacker News – CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The purpose of the malware is to download and execute second-stage payloads while evading

shaikh Saqib March 28, 2025

Articles

From Krebs on Security – ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is…

Samir K March 15, 2025

News

From Cyber Security News – Microsoft Warns of Cyber Attack Mimic Booking .com To Deliver Password Stealing Malware

Microsoft Threat Intelligence has identified an ongoing phishing campaign impersonating Booking.com to deliver credential-stealing malware. The campaign, which began in December 2024, targets hospitality organizations in North America, Oceania, Asia,…

shaikh Saqib March 14, 2025

News

From The Hacker News – Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It's

shaikh Saqib March 13, 2025

News

From Security Week – Microsoft Warns of Hospitality Sector Attacks Involving ClickFix

[[{"value":"A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared…

shaikh Saqib March 13, 2025

News

From Dark Reading – GitHub-Hosted Malware Infects 1M Windows Users

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind. Read More

shaikh Saqib March 10, 2025

News

From Security Week – Microsoft Says One Million Devices Impacted by Infostealer Campaign

[[{"value":"Microsoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub. The post Microsoft Says One Million Devices Impacted by Infostealer Campaign appeared first on SecurityWeek."}]] Read…

shaikh Saqib March 7, 2025

Vulnerabilities

From Cybersecurity Help – Cybersecurity Week in Review: February 28, 2025

In brief: Russia’s Sandworm APT targets critical infrastructure in Ukraine, suspected Desorden hacker arrested, and more. Read More

shaikh Saqib February 28, 2025

News

From The Hacker News – New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop

shaikh Saqib February 24, 2025

News

From The Hacker News – Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)

shaikh Saqib February 20, 2025

News

From The Hacker News – New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake

shaikh Saqib February 18, 2025