Fake
-
Blog
What are Fake Trojan Scams and How Can You Avoid Them?
You probably know about trojan viruses to some degree. You likely have an antivirus program installed on your computer to detect and block them – as you should. But did you know that fake trojan viruses can be just as dangerous? If you’re not careful, a fake trojan virus can lead to a real one. A fake trojan virus attack…
Read More » -
Blog
Phishing campaign targets developers with fake CrowdStrike job offers
Developers are being targeted in a new phishing campaign using fake CrowdStrike job offers, the security company has warned. The firm noted that the campaign, first identified on 7 January, uses CrowdStrike’s recruitment branding to load crypto-mining malware onto the victim’s systems. The campaign begins with phishing emails purporting to be part of a recruitment process informing victims that they…
Read More » -
Blog
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to use the…
Read More » -
Blog
Fake CrowdStrike job offer emails target devs with crypto miners
CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). The company discovered the malicious campaign on January 7, 2025, and based on the phishing email’s content, it likely didn’t start much earlier. The attack starts with a phishing email sent…
Read More » -
Blog
Fake CAPTCHA attacks surged in late 2024 – here’s what to look out for
A new variant of social engineering attack using fake CAPTCHA pages to deceive victims has spiked in the last few months, security experts have warned. Recent analysis from cyber specialists Reliaquest revealed criminals were leveraging fraudulent CAPTCHA pages that mimic trusted services like Google and Cloudflare to trick users into running malicious scripts on their machines. Although the campaign was…
Read More » -
Blog
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. Stars are similar to “Like” buttons on social media sites, allowing GitHub users to favorite a repository. GitHub uses the stars as part of a global ranking system and to show you related…
Read More » -
Blog
New ‘OtterCookie’ malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret. A report from NTT Security…
Read More » -
Blog
New fake Ledger data breach emails try to steal crypto wallets
A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency. The funds in these wallets are secured using 24-word recovery phrases or 12…
Read More » -
Blog
How to Identify a Fake Screenshot
You don’t have to scroll very far down most social media feeds to find a screenshot of a text, comment, or post—maybe a ridiculous Reddit post, or a hilarious reply on X, or an incriminating WhatsApp conversation. But how can you tell the screenshot is genuine, and not artificially created to mislead you? First of all, it’s important to bear…
Read More » -
Blog
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. The campaign leveraged the Monetag ad network to propagate over one million ad impressions daily across three thousand websites. The malicious operation, dubbed “DeceptionAds” by Guardio Labs and Infoblox researchers, is believed…
Read More »