The top countries affected by tech support scams are the United States, Brazil, Japan, Canada, and France. These scams typically start with a pop-up window claiming a malware infection and urging the person to call a helpline for resolution.
A single malware author published several packages with entirely different names but with similar codes designed to launch attacks. Authors can execute attacks with a single python script, such as stealing sensitive data using webhooks on Discord.
Reddit says they learned of the breach after the employee self-reported the incident to the company. Investigating the incident Reddit says the stolen data includes limited contact information for company contacts and current and former employees.
The security firm reports seeing Portuguese used as a language in the JavaScript code comments and variables, while the root page of the blogger domain mimics a Brazilian dessert business.
If a user enters any of the bogus domain names in a browser, it will be redirected to a real URL shortening service: Bitly, Cuttly, or ShortUrl.at, which makes it look like they are just alternative domains for the well-known services.
The threat actor targets victims using phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros, URLs linking to .pub files with macros, or PDFs containing URLs that download dangerous JavaScript files.
Although it is still early in the investigation and the company has not released any information about the method used to breach its systems, the hackers may have used data collected by information-stealing malware to gain access to Indigo’s network.
A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), which allows easier abuse of sensitive permissions.
The initial stage of Enigma, Interview conditions.word.exe, is a downloader written in C++. Its primary objective is to download, deobfuscate, decompress, and launch the secondary stage payload.
Researchers at Cyble uncovered a new Medusa DDoS botnet version based on the leaked Mirai source code. With this, it has appropriated Mirai’s DDoS attack choices and Linux targeting capabilities. It comes with a ransomware module and Telnet brute-forcer. Additionally, a dedicated portal now advertises Medusa as a malware-as-a-service for DDoS or mining.