Cybercrime

Black Friday and Cyber Monday Bring on the Scariest Sales

Black Friday and Cyber Monday are two of the most-awaited shopping events each year. That said, they have also become favored scammer targets for the most ingenious campaigns designed to part shoppers with their cash or, worse, identities.

Dormant Colors IoC Expansion: Don’t Install Browser Extensions from These Domains

Internet users are being tricked into installing browser extensions that can hijack their web searches. The end goal could be to insert affiliate links, but who knows what other malicious activities the threat actors behind them are capable of?

Rogue Tor Browser: When Search for Anonymity Leads to Exposure Instead

Anyone who wishes to browse the Internet without the prospect of being spied upon by others, whether for legal or illegal purposes, can always rely on using the Tor browser if they're so inclined.

Domain Shadowing IoC Expansion Led to Thousands of Possible Connections

Palo Alto Networks threat analysts discovered more than 12,000 cases of domain shadowing after scanning the Web from April to June 2022. For this threat, all cybercriminals need to do is create malicious subdomains under legitimate domains...

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

More sophisticated BazarCall campaigns have been circulating and delivering ransomware entry points to victims. While the bait still involves urgent notification emails about nonexistent purchases or subscriptions, the subsequent phase highlights the threat actors' manipulative skills.

Eternity’s LilithBot, Soon Available to Regular Internet Users?

Eternity, also known as the "EternityTeam" or "Eternity Project," has been active since January 2022 and tied to the Jester Group. It gained infamy for using the as-a-service subscription model to distribute its own brand of malware modules via underground forums.

A Closer Look at Active Cyber Jihad Web Properties

Cyber jihad loosely refers to Islamic extremist terrorists' use of the Internet as a communications, fundraising, recruitment, training, and planning tool in their war against their enemies. Some of their most commonly cited enemies include the U.S., Western European countries, secular Arab governments, and Israel.

On the Frontlines of the Syrian Electronic Army’s Digital Arsenal

The Syrian Electronic Army (SEA) is a group of threat actors that have been around since 2011. Some of their possible victims are PayPal, eBay, Twitter, media outlets, and some U.S. government websites.

Probing an Active Digital Trail of Iranian Hackers

WhoisXML API threat researcher Dancho Danchev obtained a publicly accessible list of email addresses known to be owned and used by Iranian hackers. The email addresses led us to more than 4,400 domain names, any of which can be weaponized and used in phishing, credential theft, and other forms of cyber attacks.

Who Could Be Behind the Latest GitHub-Hosted Malware Infrastructure?

GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times.