phishing

CISA and FBI Warn Fast Flux Is Powering Resilient Malware, C2, and Phishing Networks

,

CISA and FBI warn that “fast flux” technique aids malware, C2, and phishing networks by obscuring malicious server locations through rapid DNS record changes. It's a persistent network security threat, complicating tracking and blocking by authorities. Recommended countermeasures include blocking malicious IPs and domains and enhancing monitoring.

https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html

Threat Actors Leverage Tax Season to Deploy Tax-themed Phishing Campaigns

Microsoft warns of tax-themed phishing campaigns as Tax Day approaches, where attackers use social engineering to steal credentials and deploy malware. Techniques include URL shorteners, QR codes, and fake IRS notifications leading to malicious downloads, such as BruteRatel and Latrodectus. Microsoft’s recommendations for protection emphasize user education, advanced anti-phishing solutions, and using tools like Microsoft Defender Office 365 to block suspicious emails.

https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

The Weaponization of PDFs : 68% of Cyber Attacks Begin in Your Inbox, With 22% of These Hiding in PDFs

68% of cyberattacks start via email; 22% involve malicious PDFs. With over 400 billion PDFs opened in a year, PDFs serve as effective delivery mechanisms for attacks due to their complexity and perceived safety. Attackers leverage social engineering and advanced evasion techniques, making it hard for security systems to detect threats. Typical PDF attacks include link-based campaigns leading to phishing sites, utilizing benign links and QR codes for obfuscation. Users are advised to verify senders, be cautious with unexpected attachments, and keep software updated to mitigate risks.

https://blog.checkpoint.com/research/the-weaponization-of-pdfs-68-of-cyberattacks-begin-in-your-inbox-with-22-of-these-hiding-in-pdfs/

YouTube Warns of AI-generated Video of Its CEO Used in Phishing Attacks

YouTube warns that scammers are using AI-generated videos of CEO Neal Mohan in phishing attacks to steal creators' credentials. These videos are sent via emails claiming changes to monetization policies, urging recipients to click links leading to credential-stealing sites. YouTube advises against clicking suspicious links and highlights that it will never communicate through private videos. Many creators have already been victimized, resulting in hijacked accounts used for scams.

https://www.bleepingcomputer.com/news/security/youtube-warns-of-ai-generated-video-of-its-ceo-used-in-phishing-attacks/

LARVA-208

LARVA-208 is a threat actor known for sophisticated spear-phishing attacks since June 2024, utilizing smishing and vishing tactics to install RMM software on victims' machines. Their methods include creating phishing sites to harvest VPN credentials and using fake calls or messages to divert victims to malicious links. They deploy data stealers and ransomware after gaining access, having compromised over 618 organizations, often linked to LARVA-148 for domain acquisitions. LARVA-208 exemplifies advanced, targeted cyber attack strategies emphasizing social engineering and evasion of security measures, posing ongoing threats to corporate networks.

https://catalyst.prodaft.com/public/report/larva-208/overview

Cybercriminals Weaponize Graphics Files in Phishing Attacks

Cybercriminals are increasingly using graphics files, especially SVGs, in phishing attacks to bypass traditional security measures. These files can contain active web content, allowing attackers to link to malicious websites while disguising their intent. The tactics have evolved, with attacks impersonating known brands and employing various lures, such as notifications and confirmations. The attacks often capture victim login credentials, showcasing new phishing techniques aimed at evading detection and multi-factor authentication protections.

https://www.infosecurity-magazine.com/news/cybercriminals-graphics-files/

Phishing Campaign Baits Hook With Malicious Amazon PDFs

,

Phishing campaign uses malicious PDFs claiming expired Amazon Prime memberships to trick users into revealing personal and financial data. Researchers at Palo Alto Networks Unit42 found 31 such PDFs linking to fake Amazon sites, utilizing cloaked domains to evade detection. Users are advised to be cautious of suspicious emails.

https://www.darkreading.com/cyberattacks-data-breaches/phishing-campaign-malicious-amazon-pdfs

Targeted Supply Chain Attack Against Chrome Browser Extensions

, ,

TLDR: On December 26, 2024, Cyberhaven reported a targeted supply chain attack on their Chrome extension via compromised developer permissions gained through phishing. The attacker injected malicious code into a dozen extensions, aiming to harvest sensitive data (API keys, session cookies) from hundreds of thousands of users, including those of ChatGPT and Facebook. The report details phishing tactics, the compromised extensions, and the adversary's infrastructure, urging users to remove affected extensions and monitor their accounts for suspicious activity.

https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/

Sneaky 2FA: Exposing a New AiTM Phishing-as-a-Service

, , ,

TLDR: Sekoia.io identified a new phishing kit named “Sneaky 2FA,” part of a phishing-as-a-service operation targeting Microsoft 365 accounts. Discovered in December 2024, it utilizes advanced techniques, including autograb for email input and anti-bot measures. The service is marketed via a Telegram bot and relies on compromised domains. It captures session cookies post-authentication, making it a significant threat. Detection measures focus on identifying inconsistent user-agent strings indicative of phishing attempts.

https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/

Scroll to Top