FortiGuard Labs recently observed a sophisticated campaign dubbed RolandSkimmer. This threat actor targets users in Bulgaria, leveraging malicious browser extensions across Chrome, Edge, and Firefox.

1,082 packages employed minimal code within a low file count, around 1,052 packages utilized suspicious installation scripts, 1,043 instances lacked repository URLs, and 974 packages contained suspicious URLs for C2 servers communication.

According to a report released in November 2024, Winos4.0 was distributed through gaming-related applications, however, it spread via an email masquerading as from Taiwan's National Taxation Bureau in the campaign in January 2025.

Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.

Fortinet flagged two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, exhibiting behaviors like keylogging, data exfiltration, webhook injection, and anti-VM checks while employing obfuscation to evade detection.

Fortinet's FortiGuard Labs uncovered a sophisticated phishing scheme spreading a new version of Remcos RAT. The attack starts with a phishing email with an Excel file exploiting CVE-2017-0199, allowing remote code execution on the victim's device.

The Python-based infostealer collects user information, text files, PDF files, browser data, crypto wallets, game platforms, browser extensions, and cookies. The stolen data is sent via email to the attacker.

The malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.

The FortiGuard Labs team has discovered a malicious PyPI package that poses a significant risk to individuals and institutions by potentially leaking credentials and sensitive information.

FortiGuard Labs Threat Research team has identified a fraud campaign targeting India Post users on social media, specifically iPhone users through smishing attacks. The Smishing Triad, a Chinese threat actor, is believed to be behind this campaign.