A new strain of Android banking malware called ToxicPanda has infected over 1,500 Android devices, enabling cybercriminals to carry out fraudulent banking transactions.

According to researchers Michele Roviello, Alessandro Strino, and Federico Valentini from Cleafy, the main goal of ToxicPanda is to steal money by taking over bank accounts on compromised devices. This is done using a method known as on-device fraud (ODF), where the malware bypasses...

Recent reports indicate that North Korean hackers known as Jumpy Pisces have teamed up with the Play ransomware group between May and September 2024. This is notable as it marks the first collaboration between a state-sponsored group from North Korea and a ransomware network.

Jumpy Pisces, associated with North Korea’s Reconnaissance General Bureau, has previously used other ransomware strains. In August, three U.S. organizations were targeted by the group, but no ransomware was...

Hackers are trying to misuse the open-source EDRSilencer tool to interfere with endpoint detection and response (EDR) systems and hide their malicious activities.

Trend Micro has reported that these hackers are attempting to use EDRSilencer in their attacks to avoid being detected.

EDRSilencer, which is based on the NightHawk FireBlock tool from MDSec, is meant to block outgoing traffic from EDR processes using the Windows Filtering Platform (WFP).

It can stop various...

Google is launching a new pilot program in India to automatically block the sideloading of potentially harmful Android apps from third-party sources, following similar tests in Singapore, Thailand, and Brazil. The feature aims to protect users from apps that request sensitive permissions often exploited for financial fraud, such as accessing SMS messages or using accessibility services for malicious activities.

The initiative will start next month and will be gradually rolled out...

A large fraud scheme has been uncovered, involving fake trading apps on the Apple App Store and Google Play Store, along with phishing websites. This was reported by Group-IB.

This scam is part of a consumer investment fraud scheme known as "pig butchering." In this scheme, scammers trick people into investing in cryptocurrency or other financial products after gaining their trust, often pretending to be romantic partners or investment advisors.

These deceptive tactics usually...

Cybersecurity experts are warning about North Korean hackers trying to target potential victims on LinkedIn with malware called RustDoor.

According to Jamf Threat Labs, they discovered an attack where a user was approached on LinkedIn by someone pretending to be a recruiter for a legitimate decentralized cryptocurrency exchange called STON.fi.

This attack is part of a broader strategy by North Korean cybercriminals aiming to breach networks by pretending to conduct job...

Two men have been indicted in the U.S. for allegedly running WWH Club, a dark web marketplace specializing in sensitive personal and financial information. Alex Khodyrev, 35, from Kazakhstan, and Pavel Kublitskii, 37, from Russia, face charges of conspiracy to commit access device fraud and wire fraud.

From 2014 to 2024, Khodyrev and Kublitskii are accused of managing WWH Club and its associated sites, including wwh-club[.]ws, wwh-club[.]net, and skynetzone[.]org. These sites served...

North Korean hackers have used a fake Windows video conferencing app that pretends to be FreeConference.com to secretly access developers' systems. This is part of an ongoing campaign called Contagious Interview, which is financially motivated.

In August 2024, the Singaporean company Group-IB discovered this new attack. It shows that these hackers are also using installers for both Windows and Apple macOS to spread malware.

Contagious Interview, also known as DEV#POPPER, is a...

A new cyber threat has emerged, connected to the RansomHub ransomware, designed to shut down security software on infected computers. Named EDRKillShifter by the cybersecurity company Sophos, this tool joins other similar programs that disable security measures. 

Sophos discovered EDRKillShifter during a failed ransomware attack in May 2024. This tool acts as a delivery system for vulnerable drivers, which can be misused to bypass security protections. Security expert Andreas...

A new phishing campaign is exploiting Google Drawings and WhatsApp’s shortened links to deceive users and steal sensitive data. Cybersecurity researchers, including Menlo Security's Ashwin Vamshi, revealed that attackers are using these trusted platforms to craft fake Amazon account verification pages.

The scheme begins with a phishing email directing users to a Google Drawings graphic containing a link to a fake Amazon login page. This page, obscured by multiple URL shorteners,...