< ciso
brief />
Tag Banner

All news with #phishing tag

695 articles · page 4 of 35

Google advisory on evolving global fraud and scams

🛡️ Google outlines recent global scam trends and mitigation efforts, highlighting sophisticated Adversary-in-the-Middle (AITM) phishing, QR-code and calendar-based scams, AI-driven cryptocurrency fraud, mobile extortion apps, and government impersonation campaigns. The advisory describes technical responses, policy enforcement, and legal actions to disrupt abuse, plus practical safety tips for users.
read more →

Silent Ransom Group Targets U.S. Law Firms Now

🛡️ Mandiant reports the Silent Ransom Group (UNC3753) is targeting U.S. law firms and professional services with invoice-themed phishing followed by voice calls impersonating IT staff. Attackers use callback phishing to trick victims into installing remote support tools like AnyDesk or Zoho Assist, granting access to networks and enabling rapid data theft and extortion. The campaign involves phishing domains, self-destructing messaging, and fast-flux infrastructure to host leak sites.
read more →

Suspicious polyfill login prompts hit major Japanese sites

🔐 Toshiba and Muji warned visitors about unexpected sign-in pop-ups generated by the external service polyfill.io, advising users to cancel and change passwords if they entered credentials. The prompts were caused by remnants of a 2024 incident when the polyfill domain served malicious scripts after changing hands; the domain began responding again in late May 2026 with HTTP 401 requests. Both companies suspended the service and removed the offending code, and other Japanese sites were also affected.
read more →

FIFA World Cup 2026: Rising ticket and streaming scams

🛡️ Security researchers and law enforcement warn that FIFA-themed fraud is already targeting World Cup 2026 fans ahead of the June 11 kickoff. Threat actors have registered thousands of lookalike domains, deployed phishing kits that clone FIFA's login pages, and hidden banking trojans inside pirate streaming apps. Scams include counterfeit ticket sales, fake merchandise shops, malicious streaming apps that install banking malware, and social-media ad campaigns driving victims to phishing pages.
read more →

FIFA World Cup 2026: Rising Cybercrime Threats

🛡️ FortiGuard Labs warns that cybercriminals are actively exploiting FIFA World Cup 2026 demand, registering thousands of themed domains and creating fake ticketing sites, malicious apps, and impersonation accounts to steal credentials and payments. Their research found over 13,000 new tournament-related domains and identified numerous scams across social media, underground forums, and stealer telemetry. Organizations and fans are urged to prepare early and verify official channels.
read more →

Chinese hackers deploy new Atlas RAT across Europe

🔍 Proofpoint attributes a surge of financially motivated campaigns to TA4922, a Chinese-speaking cybercrime group now targeting organizations in Germany, Italy, the UK, and South Africa. The actor uses localized phishing lures and messaging apps to deliver a growing arsenal that includes the newly observed Atlas RAT, multiple custom loaders such as RomulusLoader and SilentRunLoader, and the ValleyRAT family. Researchers warn the toolset supports reconnaissance, credential theft, keylogging, audio/video capture, and plugin payloads, and note operational expansion and possible use of LLMs in development.
read more →

DoubleClick Redirects Used to Deliver DesckVB RAT

🛡️ Huntress researchers disclosed a malspam campaign that abuses Google DoubleClick redirectors to funnel victims to personalized phishing landing pages and drop a .NET remote access trojan called DesckVB RAT. The attack starts with an HTML attachment that redirects through DoubleClick, decodes a Base64 email, and serves a ZIP containing a JavaScript loader which executes a PowerShell script to fetch a .NET loader. The loader disables security controls, establishes persistence, and injects the RAT via process hollowing into Microsoft-signed processes to evade detection.
read more →

2026 U.S. Midterms: The Real Cyber Threats Ahead

🛡️ Check Point warns that the primary cyber threat to the 2026 U.S. midterms is not vote tampering but a coordinated assault on trust through misinformation, lookalike news sites, and domain abuse. Attackers are cloning major media brands, registering thousands of election-themed domains, and exploiting leaked credentials to fuel phishing and impersonation. Security teams must prioritize brand protection, rapid takedown, and credential monitoring to mitigate politically motivated campaigns that exploit familiar operational vectors at greater scale.
read more →

The Great Messaging Heist: Organized Scam Ecosystem

📩 Kaspersky examines how everyday messaging channels like SMS, WhatsApp, and email are being exploited by organized scam cartels that use speed, familiarity, and AI to trick victims. The research shows average losses of $733 per victim, rapid attack timelines often under 30 minutes, and widespread emotional damage eroding trust in digital communications. The post highlights common schemes, platform distribution, and recommendations to protect yourself.
read more →

ChatGPhish vulnerability turns ChatGPT into phishing surface

🛡️ Cybersecurity researchers disclosed a vulnerability dubbed ChatGPhish that exploits ChatGPT's trust in Markdown links and images to perform prompt injections and enable phishing. The flaw causes the assistant to auto-fetch attacker-hosted images and render malicious links and QR codes inside the trusted UI, potentially leaking client metadata like IP and User-Agent. The technique highlights summarization as an adversarial surface that can convert benign web pages into phishing vectors.
read more →

BTMOB MaaS Android trojan targets Latin America

🛡️ BTMOB is an Android remote access trojan offered as malware-as-a-service with a builder that generates customized APKs tailored to phishing lures. The platform lets customers choose permissions, hide icons, disable Google Play, and configure behaviors to evade removal. ESET and other researchers link campaigns to Brazil and Latin America and note distribution via fake streaming and crypto mining sites. Subscriptions are sold through private Telegram channels.
read more →

FBI: Physical tech-support scams target law firms

🛡️ The FBI warns of a gang dubbed the Silent Ransom Group (SRG) that has shifted from phishing and remote access scams to in-person impersonation of IT support, gaining physical access to devices to install malware or exfiltrate data. The group, active since at least 2022, typically steals data to extort victims without using ransomware encryption. Indicators include unauthorized installs of remote-access tools, new USB or external drive activity, and unexpected data uploads to services like OneDrive or Google Drive.
read more →

Grandoreiro and BTMOB campaigns target Latin Europe

🛡️ WatchGuard and ESET report two active campaigns spreading Windows and Android banking trojans across Latin America and Europe. The Grandoreiro campaign leverages DLL side-loading, WebRTC/STUN/ICE communications, and phishing to target Portuguese banks and international financial services. ESET details BTMOB, a rapidly evolving Android RAT sold as a service with an APK builder that enables mass phishing-based distribution and remote device control.
read more →

AppSheet-phishing: attackers abusing Google-linked emails

📧 Recent phishing campaigns exploit Google’s AppSheet platform to send convincing emails from a legitimate noreply{@}appsheet.com address, making them likely to bypass filters. Attackers craft personalized messages — urgent warnings or enticing job offers — to trick victims into submitting identity details on clone sites, then harvest credentials and data. The compromises can lead to account takeover, device control, and secondary targeted attacks using the stolen information.
read more →

Ghost Stadium fraud targets 2026 FIFA World Cup fans

🎯 Group-IB has identified over 4,300 fraudulent domains impersonating FIFA since last August, organized across six schemes and four threat actors targeting 2026 World Cup fans. The main operator, dubbed Ghost Stadium, uses a Chinese-speaking developer and a phishing kit that clones fifa.com, including its PingIdentity SSO flow, and leverages paid Facebook ads. Other actors include domain squatters, a PhaaS supplier and infostealer campaigns, which have already harvested around 2,500 FIFA credentials. Group-IB warns ticket fraud losses could reach into the hundreds of millions and advises fans to buy only from fifa.com, avoid crypto-based offers and enable MFA.
read more →

FBI warns of Kali365 phishing kit bypassing MFA

🔒 The FBI has alerted organisations to Kali365, a phishing-as-a-service platform that can hijack Microsoft 365 accounts without stealing passwords and can bypass multi-factor authentication. Launched in April 2026 and sold via Telegram, Kali365 offers AI-generated lures, automated templates, dashboards, and OAuth token capture for as little as $250 monthly. The kit exploits Microsoft’s device code flow, tricking victims into authorising attacker devices on legitimate Microsoft pages, granting access to Outlook, Teams, and OneDrive. The FBI recommends blocking device code flow with a conditional access policy in Microsoft Entra ID and deploying phishing-resistant MFA such as hardware security keys.
read more →

Chinese PhaaS Grow More Sophisticated, Live Theft

🛡️ Google researchers report a rapid rise in Chinese phishing-as-a-service (PhaaS) operations that have shifted from static password harvesting to real-time credential interception and tokenization. These services use encrypted messaging protocols like RCS and iMessage to deliver convincing lures and employ live admin panels to capture OTPs and bypass MFA. Platforms also monetize stolen payment details via digital wallet provisioning and increasingly leverage AI to generate unique phishing pages and evade detection.
read more →

BTMOB Android RAT: No-Code Builder Spreads Globally

🛡️ ESET researchers identified a no-code Android remote access trojan (RAT) named BTMOB that is distributed via phishing campaigns and fake app stores. The malware includes an APK builder so buyers can produce customized payloads quickly and retool lures for different countries without coding. BTMOB abuses Android Accessibility Services to escalate permissions and enable data theft, screenshots, activity recording and full remote control. Sold as a malware-as-a-service offering with relatively low pricing, it lowers the barrier for criminals and allows rapid variant turnover.
read more →

Phishing Delivers JavaScript-Driven PureLogs Variant

🛡️ FortiGuard Labs uncovered a phishing campaign using purchase-order-themed emails to deliver a RAR attachment containing an obfuscated JavaScript file that drops and executes a PowerShell script. The PowerShell payload employs fileless techniques and process hollowing to load .NET modules into a suspended MsBuild.exe process, which then extracts and runs a downloader module. The downloader retrieves a fileless PureLogs plugin from a C2 server to harvest credentials, browser data, Discord tokens, and cryptocurrency wallet information before encrypting and exfiltrating it.
read more →

Experts warn MFA alone won’t stop token phishing

🔐 Security researchers and agencies are warning that phishing campaigns are increasingly targeting Microsoft 365 OAuth device codes and access tokens to bypass multifactor authentication. New commercial services like Kali365 and older kits such as EvilTokens automate token capture, AI‑generated lures, and large-scale campaign management. The FBI and vendors urge admins to restrict device code flows, apply conditional access, monitor token misuse, and adopt identity‑centric controls beyond MFA.
read more →