New FakeCall Malware Takes Control of Android Devices for Banking Fraud
What is FakeCall Malware? FakeCall is a sophisticated Android malware family first identified in 2022. It uses social engineering techniques to deceive users and gain access to their banking information. Since its emergence, companies like Kaspersky, Check Point, and ThreatFabric have analyzed it, finding its primary victims among mobile users in South Korea. This new […]
Frankenstein Cryptojacking: A Threat with “Copy-Paste” Code
What is Frankenstein, and why is it a threat? Recently, a new type of cryptojacking threat was identified on Pastebin, named “Frankenstein” due to its peculiar composition: a “monster code” created by copying and pasting scripts and functions with little cohesion. Despite its lack of sophistication, this threat has become an effective method to mine […]
EDR Evasion Attempt Reveals Tools and Methods of an Extortion Actor
In a recent case investigated by Palo Alto Networks’ Unit 42 team, a group of cybercriminals unsuccessfully attempted to evade the Cortex XDR endpoint detection and response system. Although the attack failed, the incident provided an unexpected opportunity to examine the tools and tactics employed by the actor, thereby improving the defensive capabilities of other […]
BrazenBamboo APT Explota una Vulnerabilidad Crítica en FortiClient para Robar Credenciales de Usuarios
Una amenaza sofisticada y persistente El grupo de cibercriminales conocido como BrazenBamboo ha lanzado una campaña de ciberespionaje altamente avanzada, aprovechando una vulnerabilidad de día cero no parchada en FortiClient, el software de VPN de Fortinet. Este ataque tiene como objetivo robar credenciales de usuarios de empresas y organizaciones que utilizan este software, el cual […]
Black Basta uses Microsoft Teams to impersonate IT support and compromise corporate networks
In October 2024, the Black Basta ransomware operation began using the Microsoft Teams collaboration platform to conduct social engineering attacks, impersonating IT support to deceive employees and gain access to corporate networks. This shift in their tactics demonstrates how cybercriminals evolve and adapt their methods to bypass corporate defenses. The evolution of the Black Basta […]
Brecha masiva de seguridad: Datos de empleados de Amazon, McDonald’s, HSBC y otras empresas comprometidas
El origen del ataque: MOVEit y CVE-2023-34362 La vulnerabilidad CVE-2023-34362, descubierta en MOVEit, un software de transferencia de archivos, ha sido explotada recientemente por un actor de amenazas conocido como Nam3L3ss. Esta falla, que permite a los atacantes eludir la autenticación y acceder a datos confidenciales, fue detectada por primera vez en mayo de 2023, […]