Cyble

Threat Actor Targets Manufacturing Industry With Lumma Stealer and Amadey Bot

This campaign leverages multiple Living-off-the-Land Binaries (LOLBins), such as ssh.exe, powershell.exe, and mshta.exe, to bypass traditional security mechanisms and remotely execute the next-stage payload.

ErrorFather Campaign Deploys Cerberus Android Banking Trojan to Amplify Cyber Threats

This malware communicates with a Telegram bot and conducts financial fraud through remote attacks, keylogging, and overlay attacks. Despite modifications, ErrorFather is still based on the original Cerberus code.

Stealthy Fileless Attack Targets Attendees Of Upcoming US-Taiwan Defense Industry Event

The attack involves a malicious ZIP archive pretending to be a PDF registration form, dropping an executable into the startup folder to establish persistence on the system.

Reputation Hijacking With JamPlus: A Maneuver To Bypass Smart App Control (SAC)

The initial infection involves downloading a malicious package containing a legit CapCut app, JamPlus utility, and a malicious script. The script triggers the download and execution of the final payload from a remote server.

Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government

This campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.

Unmasking the Overlap Between Golddigger and Gigabud Android Malware

Initially discovered in January 2023 impersonating government entities, Gigabud and Golddigger malware campaigns have overlapped, suggesting the same threat actors behind both.

Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site

The phishing site tricks users into downloading a malicious file disguised as Google Authenticator, which then drops the two malware components. The ACR Stealer exfiltrates data to a C&C server, while Latrodectus maintains persistence on the machine.

Regional Transport Office Themed Phishing Campaign Targets Android Users In India

Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".

Increase in the Exploitation of Microsoft SmartScreen Vulnerability

Cyble Research and Intelligence Labs (CRIL) has identified an increase in the exploitation of the Microsoft SmartScreen vulnerability (CVE-2024-21412) through an active campaign targeting regions like Spain, the US, and Australia.

Rising Wave Of QR Code Phishing Attacks: Chinese Citizens Targeted Using Fake Official Documents

One campaign discovered by Cyble Research and Intelligence Labs (CRIL) impersonates the Ministry of Human Resources and Social Security of China. The malicious Word document appears as an application notice for receiving labor subsidies.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags