Tag Archive for: Lures

Valorant aimbot hack lures the unwary into malware infection • Graham Cluley

/in


Valorant aimbot hack lures the unwary into malware infection

Just what would you do to be better at video games? Devote yourselves to hundreds of hours of practice, or search the internet for cheats and hacks that might give you an unfair competitive advantage.

Cheating in online games is nothing new, and some players have no qualms about resorted to installing “aimbots” that might help them by automatically aiming at their fellow rivals or even auto-shoot.

However, as South Korean security experts at AhnLab warn, you might be wise to resist the temptation to cheat.

Sign up to our newsletter
Security news, advice, and tips.

According to the security researchers, malware has been distributed via descriptions in a YouTube video related to the Valorant first person shooter game.

The video’s description cheekily advises users to disable their anti-virus software before downloading the cheat (boy… the things people will do if they think it will improve their aim in a video game.)

FREE CHEAT = <LINK>
if link dont work – Try VPN
TURN OFF ANTI VIRUS

The YouTube video’s description contains a link which points to a website containing a file called Pluto Valrant cheat.rar.

If you’re unlucky enough to be duped into downloading the .RAR archive file, and then run the enclosed executable (named Cheat Installer.exe), your computer will be infected with an information-stealing Trojan horse called RedLine.

According to the AhnLab researchers, the malware collects a wide array of information from infected Windows systems, including login credentials, Discord tokens, Steam and Telegram session files, cryptocurrency wallets, and more.

The stolen data is then sent to cybercriminals via a Discord server.

As ever you should be highly suspicious of software of unknown provenance, and links to downloads from YouTube videos. It should go without saying that if you’re ever advised to disable your anti-virus, steer well clear!

Many of us might need a helping hand to defeat our video game rivals, but you could end up shooting yourself in the foot.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of…

Source…

Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1

/in


Credential Theft O365 Lures Dominate Corporate Inboxers in Q1

 

In Q1, PhishLabs analyzed and mitigated hundreds of thousands of
phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes.

 

Threats Found in Corporate Inboxes 

 

Credential Theft

Credential theft attacks continue to be the most prolific threats observed in corporate inboxes. In Q1, nearly two-thirds of all reported email threats attempted to steal credentials. This was an 11.6% increase from Q4 2020. 

 

Eighty-four percent of credential theft phishing attacks contained a link that led to a web page with a login form designed to harvest credentials. The remaining 16% delivered attachments similarly designed to lead victims to fake sites and steal sensitive information. Both tactics rely heavily on brand impersonation. 

 

O365

Corporate credentials for
Microsoft Office 365  continued to be targeted heavily in Q1. More than 44% of credential theft email lures targeted O365 logins. This is a 10.4% increase from Q4 2020. 

 

Response-Based

Response-based attacks such as BEC and 419 scams continued to thrive during Q1, contributing to 31% of total phishing emails that targeted corporate users. Advanced-Fee or 419 scams contributed to 60.6% of reported response-based threats. 

 

Breakdown of response-based threats:

 

  1. 419 (60.6%)
  2. BEC (19.7%)
  3. Job Scams (7.7%)
  4. Vishing (6.3%)
  5. Tech Support (5.7%)

 

Although BEC attacks contributed to less than a quarter of response-based attacks Q1, they continue to be a top threat to enterprises. Last year, losses attributed to BEC totaled more than
$1.8 Billion.  

 

Malware

In Q1, 6% of reported phishing lures delivered attachments or links to malware. This suggests email security controls are far better at detecting malicious code in email traffic than they are at detecting social engineering techniques. 

 

ZLoader accounted for 62% of all reported email-based payload activity. This was driven by a
one-day spike in attacks in February that represented one of the largest surges of a single payload we have seen in a 24-hour period.

 

ZLoader and…

Source…

QBot phishing lures victims using US election interference emails

/in


The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns.

Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features [1, 2, 3] actively used since at least 2009 to steal financial data and banking credentials, as well as to log user keystrokes, to deploy backdoors, and to drop additional malware.

Election interference baits

The malspam emails recently spotted by Malwarebytes Labs’ Threat Intelligence Team are camouflaged as replies in previously stolen email threads, a tactic used to add legitimacy in the targets’ eyes.

Each of the phishing messages come with malicious Excel spreadsheet attachments disguised as secure DocuSign file allegedly containing information related to election interference.

This new template has been adopted to abuse the public’s concerns regarding the 2020 US elections’ outcome, and to make it easier for the threat actors to lure potential victims into opening bait documents and enabling macros used to drop malware payloads.

After the Qbot malware is executed and infects the victims’ computers, it will reach out to its command and control center to ask for further instructions.

“In addition to stealing and exfiltrating data from its victims, QBot will also start grabbing emails that will later be used as part of the next malspam campaigns,” Malwarebytes’ Jérôme Segura and Hossein Jazi explain.

US elections phishing

Aggressive malware used in targeted campaigns

Besides phishing campaigns, attackers are also often using exploit kits to drop Qbot payloads, with the bot subsequently infecting other devices on the victims’ network using network share exploits and highly aggressive brute-force attacks that target Active Directory admin accounts.

Even though active for over a decade, the Qbot banking trojan was mostly used in targeted attacks against corporate entities that provide a higher return on investment.

As proof of this, Qbot campaigns have been quite uncommon over time, with researchers detecting one in October 2014, one in April 2016, and another one in May 2017.

Qbot process flow
Qbot process flow (Malwarebytes)

Qbot has also seen a…

Source…

Fake iOS Jailbreak Site Lures in Apple Users

/in

A fake website purports to enable iPhone users to download an iOS jailbreak – but ultimately prompts them to download a gaming app and conducts click fraud.
Mobile Security – Threatpost