Threat Intelligence

Predator Surveillance Software May Not Be Lawful at All

As technology advances, so does the world of espionage. That has given birth to several companies, such as Cytrox, that specialize in creating spyware. Predator, along with other applications of its kind, has been advertised as legal spyware-for-hire. more

GALLIUM APT Group and Other Threat Actors in Disguise

Two cyber threats recently caught the attention of WhoisXML API researchers, primarily since parts of their infection chain hide behind legitimate services. This tactic is tricky for security teams because blocking the domains involved means blocking legitimate applications, too. more

Both Aged and New Domains Play a Role in the NDSW/NDSX Malware Campaign

Cyber attackers typically use newly registered domains (NRDs) in their campaigns to evade detection, particularly since the implementation of privacy protection in WHOIS records. But some also use aged domains like the SolarWinds hackers to render a sense of legitimacy to their pages. more

Careful, the Next Premium SMS Offer You Subscribe to May Be Malicious

Premium Short Message Service (SMS) abuse is no longer new. But it's pretty rare for such threats to rack up hundreds of dollars in additional phone bill costs for every victim each year. more

Father’s Day: Bad Guys’ Activities

Threat actors don't rest. Their malicious campaigns operate 24/7, especially when special occasions are approaching. Last May, we discovered over a thousand web properties related to Mother's Day, many of which either hosted questionable content or have been flagged as malicious. more

Phishing Automated through Chatbots, We Found Potentially Connected Domains

Threat actors have found a way to make phishing websites appear more legitimate by employing chatbots. The newly discovered tactic starts with an email about a delivery from DHL. more

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

In an earlier post, we looked at how cybersquatters took advantage of the popularity of seven car manufacturers to lure unwitting victims to fake sites. Since then, we were alerted to a phishing campaign this time targeting several German car dealers via age-old but still effective phishing. more

Blurring the Lines between APTs and Cybercrime: Cobalt Mirage Uses Ransomware to Target U.S. Organizations

In the past, security experts typically made a distinction between a cybercrime and an advanced persistent threat (APT). While cybercrime focused on obtaining financial gain, APTs trailed their sights on specific organizations, often to steal nation-state secrets. more

Online Shopping Danger? 13K+ Cybersquatting Properties of Top E-Commerce Sites Discovered

AliExpress is among the most visited business-to-customer (B2C) e-commerce sites globally, with millions of visitors daily. Therefore, a recent cybersquatting campaign targeting the platform could lure many victims into buying counterfeit products, divulging their login credentials, downloading malware, and many other actions that could jeopardize their data and devices. more

A Look into New Cybersquatting and Phishing Domains Targeting Facebook, Instagram, and WhatsApp

When Facebook changed its parent company name to Meta in October 2021, we detected more than 5,500 newly registered domains (NRDs) a week after the announcement. In more recent news, a judge dismissed the company's cybersquatting and trademark infringement case against Namecheap. more