Fake
-
Blog
Fake AI video generators infect Windows, macOS with infostealers
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. Lumma Stealer is a Windows malware and AMOS is for macOS, but both steal cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and…
Read More » -
Blog
Fraud network uses 4,700 fake shopping sites to steal credit cards
A financially motivated Chinese threat actor dubbed “SilkSpecter” is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. The fraud campaign started in October 2024, offering steep discounts for the upcoming Black Friday shopping period that usually sees elevated shopping activity. EclecticIQ threat researcher Arda Buyukkaya, who discovered the…
Read More » -
Blog
DocuSign’s Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. Using a legitimate service, the attackers bypass email security protections as they come from an actual DocuSign domain, docusign.net. The goal is to have their targets e-sign the documents, which they can then use to authorize payments…
Read More » -
Blog
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. LastPass is a popular password manager that utilizes a LastPass Chrome…
Read More » -
Blog
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. Lazarus tank games Kaspersky discovered the…
Read More » -
Blog
Fake IT workers from North Korea have started blackmailing their victims – Computerworld
A new report from Secureworks shows that the North Korean group Nickel Tapestry has expanded its operations from getting North Korean IT workers illegally employed by companies in other countries to allowing the workers to steal data that can be used for extortion if they’re fired, according to The Register. To avoid falling victim to such scams, companies are being…
Read More » -
Blog
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity. The tactic and its damaging effect on…
Read More » -
Blog
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. ClickFix is a social-engineering tactic that emerged in May, first reported by cybersecurity company Proofpoint, from a threat actor (TA571) that used messages impersonating errors for Google Chrome, Microsoft Word, and OneDrive. The errors prompted…
Read More » -
Blog
Be Careful When Cleaning Your MacBook’s (Mostly Fake) Speaker Grille
Have you ever noticed what looks like dust getting stuck in your MacBook’s speaker grille? Your instinct might be to use a brush to clean it, but that’s actually the opposite of what you should do. That’s because, as outlined in this excellent video by BarTech TV, the two rows of symmetrical dots on either side of the MacBook’s keyboard…
Read More » -
Blog
How to Spot and Avoid Fake Amazon Driver Text Messages
Scammers worldwide target consumers with fake Amazon driver chat text messages. The scam tricks unsuspecting individuals into sharing personal information or making fraudulent payments. Unfortunately, because of existing laws, scammers can easily leverage people-finder sites like Intelius, TruthFinder, Instant Checkmate, Spokeo, and WhitePages to create long lists of phone numbers. Once they have these numbers, they send out phishing texts…
Read More »