Russian Hackers Exploit CVE-2025-26633 Via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Russian hackers are exploiting the CVE-2025-26633 vulnerability in Microsoft Windows using the MSC EvilTwin technique to deploy backdoors SilentPrism and DarkWisp. The group, known as Water Gamayun, uses malicious .msi and .msc files for installation, allowing for persistence and data theft. The malware facilitates system reconnaissance and command execution through PowerShell, maintaining active control over compromised systems. Additional payloads include Rhadamanthys Stealer and various variants of EncryptHub Stealer, designed to collect sensitive information and evade detection.

https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

Phishing Platform ‘Lucid’ Behind Wave of iOS, Android SMS Attacks

, ,

Phishing platform ‘Lucid,' operated by the XinXin group, targets 169 entities across 88 countries using iMessage and RCS for SMS attacks. Sold on a subscription model, it provides phishing domains and tools to attackers. Lucid sends 100,000 smishing messages daily, bypassing spam filters with encrypted messaging tech. The operation employs device farms and impersonates legitimate services to steal personal data, including financial information, often demonstrating ease of use through public videos.

https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/

Malware Is Harder to Find When Written in Obscure Languages

Malware authors are increasingly using obscure programming languages like Delphi and Haskell to evade detection. Researchers found that using less common languages complicates static analysis, making malware harder to identify and analyze. While C and C++ remain prevalent, many threat groups now employ diverse languages and compilers to obscure malicious code. This shift makes automated detection less effective, as unique signatures are harder to create for various programming languages, leading to greater challenges for security analysts. More focus on these lesser-used languages in security measures is necessary.

https://www.theregister.com/2025/03/29/malware_obscure_languages/

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Crocodilus Malware Summary: Crocodilus is a newly identified Android banking Trojan featuring advanced techniques such as overlay attacks, keylogging, and remote control. Unlike other Trojans, it deploys a sophisticated dropper to bypass Android restrictions, aims at banks primarily in Spain and Turkey, and exploits Accessibility Services to capture user credentials and sensitive information. It employs social engineering to manipulate victims into revealing wallet keys. Analysts trace potential links to the “sybra” threat actor, suggesting a connection to known malware families. The emergence of Crocodilus highlights the need for enhanced security measures in financial institutions.

https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

Multiple Crypto Packages Hijacked, Turned Into Info-stealers

Multiple npm cryptocurrency packages hijacked to steal sensitive information, including environment variables. Malicious scripts found in recent versions of longstanding packages have exfiltrated user data. The hijack is suspected to involve compromised maintainer accounts. Organizations urged to enhance supply chain security to prevent malware in open-source dependencies.

https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers

New Atlantis AIO Platform Automates Credential Stuffing on 140 Services

New Atlantis AIO platform automates attacks on 140 services, enabling credential stuffing against e-commerce sites, banks, and email accounts. It offers pre-configured modules for brute-force attacks, CAPTCHA bypass, and account recovery, facilitating the exploitation and resale of compromised accounts. Multi-factor authentication and strong passwords are key defenses against such attacks.

https://www.bleepingcomputer.com/news/security/new-atlantis-aio-automates-credential-stuffing-on-140-services/

Oracle Customers Confirm Data Stolen in Alleged Cloud Breach Is Valid

Oracle Cloud faces allegations of a breach as customers confirm that stolen data—claimed to include information from 6 million accounts—are valid. The hacker, known as ‘rose87168', asserts they exploited a vulnerability to access the data and is selling it. Despite evidence, Oracle maintains there was no breach. Multiple companies verified the authenticity of the leaked info, contradicting Oracle's claims. An email exchange between the hacker and an alleged Oracle representative has surfaced, further complicating the situation. Oracle has not responded to further inquiries.

https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/

FBI Warnings Are True—fake File Converters Do Push Malware

FBI warns fake online document converters distribute malware, including ransomware, targeting users' sensitive information. Cybercriminals create deceptive sites mimicking legitimate converters. Victims report scams to IC3, leading to malware like Gootloader, causing serious breaches. Not all converters are harmful, but users should research before using them.

https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/

Coinbase Was Primary Target of Recent GitHub Actions Breaches

Coinbase was the main target of a GitHub Actions attack that revealed secrets in numerous repositories. Researchers noted that the breach began with malicious code inserted into a GitHub Action, which leaked CI/CD secrets when invoked by other actions. Despite initial successful data access, Coinbase claimed the attack did not harm their assets, and overall, only 218 repositories were impacted out of over 20,000 using the vulnerable action.

https://www.bleepingcomputer.com/news/security/coinbase-was-primary-target-of-recent-github-actions-breaches/

Microsoft Trusted Signing Service Abused to Code-sign Malware

Microsoft's Trusted Signing service is exploited by cybercriminals to code-sign malware using short-lived three-day certificates. These signed executables can bypass security filters. Criminals prefer this method due to easier access compared to Extended Validation certificates. Microsoft monitors and revokes misuse of their signing service, citing active threat intelligence measures.

https://www.bleepingcomputer.com/news/security/microsoft-trusted-signing-service-abused-to-code-sign-malware/

Arrests in Tap-to-Pay Scheme Powered by Phishing

Chinese nationals arrested for tap-to-pay fraud using mobile wallets linked to phishing scams. They bought gift cards with stolen credit card info, traveling across states. Authorities recovered over $23,000 in gift cards. Scammers utilize a custom Android app for transactions, leveraging stolen data acquired through sophisticated phishing techniques. This highlights vulnerabilities in mobile wallet security and the evolving tactics of cybercriminals.

https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Recent details reveal the root cause and impact of the GitHub Actions supply chain hack. The attack compromised the ‘tj-actions/changed-files' action, affecting over 23,000 repositories, allowing attackers to execute a script that could leak CI/CD secrets. Initial investigations identified the compromise of the ‘reviewdog/action-setup' action as the root cause, which inadvertently provided an attacker access to a personal access token. The attack initially targeted Coinbase but expanded to a broader scope, potentially affecting about 160,000 dependencies. However, only 218 repositories leaked sensitive information, primarily short-lived tokens. GitHub confirmed no evidence of system compromise and encouraged users to review actions before usage.

https://www.securityweek.com/impact-root-cause-of-github-actions-supply-chain-hack-revealed/

FBI Warning For All iPhone, Android Users—Hang Up Now, Use This Code

, ,

FBI warns iPhone and Android users about AI-powered deepfake scams. Users should hang up on suspicious calls and create a secret code for verification with close family to combat voice cloning threats. Social media poses risks as it provides voice samples for cybercriminals. Ongoing AI attacks are reshaping crime, making scams increasingly sophisticated and difficult to detect.

https://www.forbes.com/sites/daveywinder/2025/03/22/fbi-warns-iphone-and-android-users-hang-up-now-use-this-code/

Cybersecurity in FinTech Applications: Protecting Financial Data and Preventing Fraud

Cybersecurity is crucial in the rapidly growing FinTech sector for safeguarding financial data and combating fraud. As FinTechs innovate, they face significant cybersecurity threats, evidenced by costly data breaches. This article by Vasilii Domnikov outlines solutions for enhancing security, including data encryption, multi-factor authentication, and strategies like tokenization and machine learning for fraud detection. It emphasizes the necessity for compliance with regulations and adapting to evolving cyber threats to maintain consumer trust and ensure operational integrity in financial services.

https://hackernoon.com/cybersecurity-in-fintech-applications-protecting-financial-data-and-preventing-fraud

Scroll to Top