A new Android malware, named DroidBot, is rewriting the rules of financial cybercrime, infiltrating cryptocurrency exchanges and banking apps across Europe. With 776 unique infections identified, this threat is turning smartphones into gateways for devastating financial losses. Exploitation knows no boundaries as Earth Minotaur uses the MOONSHINE kit to breach Android apps targeting Tibetan and Uyghur communities. Cyberespionage took a dramatic turn when Russia-linked Secret Blizzard infiltrated Pakistani hacker group Storm-0156’s infrastructure to exfiltrate data. Here are the top 10 highlights from the past 24 hours.
01
A new Android banking malware called DroidBot targets over 77 cryptocurrency exchanges and banking apps. DroidBot's botnets show 776 unique infections across the U.K, Italy, France, Spain, and Portugal.
02
Earth Minotaur has been targeting Tibetan and Uyghur communities using the MOONSHINE exploit kit, which compromises Android apps. The kit deploys the DarkNimbus backdoor for surveillance and data theft on Android and Windows, exploiting social engineering tactics.
03
Trellix spotted Celestial Stealer, a sophisticated JavaScript-based info-stealer disguised as Electron or NodeJS applications, targeting browsers, crypto wallets, and applications like Discord and Exodus.
04
Russian threat group Secret Blizzard breached Pakistani hacker group Storm-0156’s infrastructure to deploy backdoors and extract data from the latter’s victims in Afghanistan and India.
05
Data published by Comparitech revealed that ransomware attacks caused an estimated $17 billion in downtime for manufacturing companies since 2018, with each day of downtime costing an average of $1.9 million.
06
Cybereason discovered a new cluster of C2 servers linked to the Andromeda malware family. It is actively targeting APAC, particularly the manufacturing and logistics industries.
07
A threat group known as Payroll Pirates has been conducting ongoing HR payroll redirection phishing scams targeting organizations' employees, particularly those using Workday.
08
The National Tax Service (NTS) is facing a significant increase in phishing emails, with threat actors impersonating the NTS to distribute malware. These phishing emails use various file formats, such as DLL and CHM.
09
The U.K's National Crime Agency revealed Operation Destabilise disrupted two Russian criminal networks, Smart and TGR, involved in money laundering.
10
The FBI warned of criminals using generative AI to enhance fraud schemes, creating realistic text, images, audio, and video. Applications include phishing, social engineering, scams, and identity theft.
