Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet. Show all posts
Social Media
Crypto Cyber Security Facebook Instagram Internet Meta Pig Butchering Scam Social Media

Beware of Pig Butchering Scams That Steal Your Money

Beware of Pig Butchering Scams That Steal Your Money

Pig butchering, a term we usually hear in the meat market, sadly, has also become a lethal form of cybercrime that can cause complete financial losses for the victims. 

Pig Butchering is a “form of investment fraud in the crypto space where scammers build relationships with targets through social engineering and then lure them to invest crypto in fake opportunities or platforms created by the scammer,” according to The Department of Financial Protection & Innovation. 

Pig butchering has squeezed billions of dollars from victims globally. Cambodian-based Huione Group gang stole over $4 billion from August 2021 to January 2025, the New York Post reported.

How to stay safe from pig butchering?

Individuals should watch out for certain things to avoid getting caught in these extortion schemes. Scammers often target seniors and individuals who are not well aware about cybercrime. The National Council on Aging cautions that such scams begin with receiving messages from scammers pretending to be someone else. Never respond or send money to random people who text you online, even if the story sounds compelling. Scammers rely on earning your trust, a sob story is one easy way for them to trick you. 

Another red flag is receiving SMS or social media texts that send you to other platforms like WeChat or Telegram, which have fewer regulations. Scammers also convince users to invest their money, which they claim to return with big profits. In one incident, the scammer even asked the victim to “go to a loan shark” to get the money.

Stopping scammers

Last year, Meta blocked over 2 million accounts that were promoting crypto investment scams such as pig butchering. Businesses have increased efforts to combat this issue, but the problem still very much exists. A major step is raising awareness via public posts broadcasting safety tips among individuals to prevent them from falling prey to such scams. 

Organizations have now started releasing warnings in Instagram DMs and Facebook Messenger warning users about “potentially suspicious interactions or cold outreach from people you don’t know”, which is a good initiative. Banks have started tipping of customers about the dangers of scams when sending money online. 

Read more »
URL
Email Internet phishing QR code Scams Social Media Technology URL

URL Scams Everywhere? These Steps Will Help You Stay Safe

Scams Everywhere? These Steps Will Help You Stay Safe

Scam links are difficult to spot, but it has become an everyday issue for internet users who accidentally click on malicious URLs that are part of a phishing attack. Most fake links include standard “https” encryption and domains similar to real websites. Phishing and spoofing scams caused over $70 million in losses for victims in 2024 says FBI’s Internet Crime Complaint Center. 

When users click on a scam link, they might suffer monetary losses, and worse, give up private info such as name and credit card details to scammers, they may also accidentally install malware on their device. 

How to spot scam link

They are generally found in text messages and emails sent by scammers, designed to trick us into downloading malware or bringing us to a scam website to steal our personal identifying information. A few examples include gold bars, employment, and unpaid toll scams. Scammers send these links to the masses— with the help of AI these days. Since a lot of users fall victim to phishing scams every year,  scammers haven’t changed their attack tactics over the years.

How to avoid scam link

Always check the URL

These days, smartphones try to block scam links, so scammers have adapted making links that escape detection. Users are advised to look for typos-quatting, a technique that uses spelling mistakes. For eg: 'applle' instead of 'apple'. 

Be cautious of URLs you visit regularly

Most brands don’t change their domain names. If you find the domain name is different in the URL, it is a fake link. 

Watch out for short links

Shortlists are generally found on social media and texts. Experts say there is no way to determine the authenticity of a shortened URL, advising users to not open them. Instead, users should check the language for any suspicious signs. 

How do victims receive scam links?

Text scams

These don’t need website links, they are sent via phone numbers. Users accidentally click on a malicious phone number thinking it is their bank or someone important. Experts suggest not to interact with unknown phone numbers. 

Email

The most popular means to send scam links is via e-mail, resulting in the biggest monetary losses. To stay safe, users can copy the link in their notepad first and inspect it before opening it. 

QR code scams

Malicious QR codes have become common in public avenues, from restaurants to parking stands. Scammers embed fake codes over real ones or fill them with phishing emails that redirect to fake sites or malware downloads. 

DMs on social media

Scammers pretend to be someone you know, they may fake a medical emergency and demand you for money to help them. Always call the person to cross-check the identity before giving money, opening a link, or revealing any personal information. 

Read more »
TrickBot
Conti Cyber Crime Dark Web FBI ID Leak Internet Ransomware TrickBot

Mysterious Entity ExposedGang Exposes Cyber Criminals


An anonymous leaker is exposing the identities of the world’s most wanted cybercriminals. 

Recently, a mysterious leaker exposed leaders behind Trickbot and Conti ransomware, hacking groups that are known for some of the biggest extortions in recent times. 

Recently, The Register contacted an anonymous individual known by the alias GangExposed, who is on a personal mission to “fight against an organized society of criminals known worldwide”. GangExposed takes pleasure in thinking he can rid society of at least some of the cybercriminals. "I simply enjoy solving the most complex cases,” he said. 

Stern doxxed

One of the criminals doxxed is Stern, the mastermind of Conti ransomware operations and TrickBot. GangExposed claims Stern is Vitaly Nikolaevich, CySecurity reported about this case recently.

After the doxxing of Stern, GangExposed went after another important criminal, AKA professor, who is a 39-year-old Russian called Vladimir Viktorovich Kvitko. He is living in Dubai. Apart from exposing important individuals, GangExposed also leaked videos, ransom negotiations, and chat logs. 

About GangExposed

The leaker said it was not an “IT guy,” it just observed patterns that other people missed. 

"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," the leaker said. 

"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than most of my investigations' subjects."

Leaked bought info to expose IDs

To expose the IDs of infamous threat actors, GangExposed used information received via “semi-closed databases, darknet services,” and through purchases. It has “access to the leaked FSB border control database.” GangExposed claims it purchased the database from the dark web for $250,000. 

GangExposed could have gotten at least $10 million in bounty from the FBI if it wanted to, but it has decided not to demand money.  This suggests the leakers may be resentful of former members looking for revenge, while some experts think taking the bounty would make them criminal as well. 

CySecurity had earlier reported on this incident, you can read the full story about the international crackdown on cybercrime gangs here

Read more »
Web browser
Google Internet malware Microsoft RustStealer Web browser

Rust-Developed InfoStealer Extracts Sensitive Data from Chromium-Based Browsers

Rust-Developed InfoStealer Extracts Sensitive Data from Chromium-Based Browsers

Browsers at risk

The latest information-stealing malware, made in the Rust programming language, has surfaced as a major danger to users of Chromium-based browsers such as Microsoft Edge, Google Chrome, and others. 

Known as “RustStealer” by cybersecurity experts, this advanced malware is made to retrieve sensitive data, including login cookies, browsing history, and credentials, from infected systems. 

Evolution of Rust language

The growth in Rust language known for memory safety and performance indicates a transition toward more resilient and hard-to-find problems, as Rust binaries often escape traditional antivirus solutions due to their combined nature and lower order in malware environments. 

RustStealers works with high secrecy, using sophisticated obfuscation techniques to escape endpoint security tools. Initial infection vectors hint towards phishing campaigns, where dangerous attachments or links in evidently genuine emails trick users into downloading the payload. 

After execution, the malware makes persistence via registry modifications or scheduled tasks, to make sure it remains active even after the system reboots. 

Distribution Mechanisms

The main aim is on Chromium-based browsers, abusing the accessibility of unencrypted information stored in browser profiles to harvest session tokens, usernames, and passwords. 

Besides this, RustStealer has been found to extract data to remote C2 servers via encrypted communication channels, making detection by network surveillance tools such as Wireshark more challenging.

Experts have also observed its potential to attack cryptocurrency wallet extensions, exposing users to risks in managing digital assets via browser plugins. This multi-faceted approach highlights the malware’s goal to increase data robbery while reducing the chances of early detection, a technique similar to advanced persistent threats (APTs).

About RustStealer malware

What makes RustStealer different is its modular build, letting hackers rework its strengths remotely. This flexibility reveals that future ve

This adaptability suggests that future replications could integrate functionalities such as ransomware components or keylogging, intensifying threats in the longer run. 

The deployment of Rust also makes reverse-engineering efforts difficult, as the language’s output is less direct to decompile in comparison to scripts like Python or other languages deployed in outdated malware strains. 

Businesses are advised to remain cautious, using strong phishing securities, frequently updating browser software, and using endpoint detection and response (EDR) solutions to detect suspicious behavior. 

Read more »
Operation Endgame
Anti Virus Dark Web FBI Internet malware Operation Endgame

Undercover Operation Shuts Down Website Helping Hackers Internationally


Hackers used AVCheck to see malware efficiency

International police action has shut down AVCheck, an anti-virus scanning website used by threat actors to check whether their malware was detected by mainstream antivirus before using it in the attacks. The official domain “avcheck.net” now shows a seizure banner with the logos of the U.S. Secret Service, the U.S. Department of Justice, the FBI, and the Dutch Police (Politie).  

The site was used globally by threat actors

According to the announcement, AVCheck was a famous counter antivirus (CAV) website globally that enabled hackers to check the efficiency of their malware. Politie’s Matthijs Jaspers said, “Taking the AVCheck service offline marks an important step in tackling organized cybercrime." With the collaborative effort, the agencies have disrupted the “cybercriminals as early as possible in their operations and prevent victims." 

The officials also discovered evidence linking AVCheck’s administrators to encrypting services Cryptor.biz  (seized) and Crypt.guru (currently offline). Crypting services allow threat actors to hide their payloads from antivirus, blending them in the ecosystem. Hackers also use a crypting service to hide their malware, check it on AVCheck or other CAV services to see if is detected, and finally launch it against their targets. 

Details about the operation

Before the shutdown of AVCheck, the police made a fake login page warning users of the legal risks when they log in to such sites. The FBI said that “cybercriminals don't just create malware; they perfect it for maximum destruction.” Special Agent Douglas Williams said threat actors leverage antivirus services to “refine their weapons against the world's toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims' systems."

Operation Endgame

The undercover agents exposed the illegal nature of AVCheck and its links to ransomware attacks against the U.S. by purchasing these services as clients. According to the U.S. DoJ, in the “affidavit filed in support of these seizures, authorities made undercover purchases from seized websites and analyzed the services, confirming they were designed for cybercrime.”

The crackdown was part of Operation Endgame, a joint international law enforcement action that captured 300 servers and 650 domains used in assisting ransomware attacks. Earlier, the operation cracked down on the infamous Danabot and Smokeloader malware operations.

Read more »
Pakistan
Cyber Attacks Cyber Warfare Hacking India Internet Pakistan

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan's cyber warfare against India

Recently, Pakistan state-sponsored hacker groups launched multiple failed hacking attempts to hack Indian websites amid continuous cyber offensives against India after the Pahalgam terror attack. These breach attempts were promptly identified and blocked by the Indian cybersecurity agencies. 

In one incident, the hacking group “Cyber Group HOAX1337” and “National Cyber Crew” attacked the websites of the Army Public School in Jammu (a union territory in India), trying to loiter on the site with messages mocking the recent victims of the Pahalgam terror attack.

State-sponsored attacks against Indian websites

In another cyberattack, hackers defaced the website of healthcare services for ex-servicemen, the sites of Indian Air Force veterans and Army Institute of Hotel Management were also attacked. 

Besides Army-related websites, Pakistan-sponsored hackers have repeatedly tried to trespass websites associated with veterans, children, and civilians, officials said.

Additionally, the Maharashtra Cyber Department defected more than 10 lakh cyberattacks on Indian systems by hacking gangs from various countries after the April 22 terror attack on tourists in Pahalgam. 

Rise of targeted cyberattacks against India

A Maharashtra Cyber senior police official said that the state’s police cybercrime detection wing has noticed a sudden rise in digital attacks after the Kashmir terror strike.

Experts suspect these cyber attacks are part of a deliberate campaign to intensify tensions on digital platforms. These attempts are seen as part of Pakistan’s broader hybrid warfare plan, which has a history of using terrorism and information warfare against India. 

Besides Pakistan, cyberattacks have also surfaced from Indonesia, Morocco, and the Middle East. A lot of hacker groups have claimed links to Islamist ideologies, suggesting a coordinated cyber warfare operation, according to the police official. 

Read more »
Opera
Chrome Cloud Internet malware Opera

Malware Campaign Uses Fake CAPTCHAs, Tricks Online Users


Researchers at Netskope Threat Labs have found a new malicious campaign that uses tricky tactics to distribute the Legion Loader malware. The campaign uses fake CAPTCHAs and CloudFlare Turnstile to trap targets into downloading malware that leads to the installation of malicious browser extensions. 

Malware campaign attacks users via fake CAPTCHAs

The hackers have attacked over 140 Netskope customers situated in Asia, North America, and Southern Europe throughout different segments, driven by the financial and tech sectors. 

Netskope has been examining different phishing and malware campaigns targeting users who look for PDF documents online. Hackers use tricky ways within these PDFs to resend victims to malicious websites or lure them into downloading malware. In the newly found campaign, they used fake CAPTCHAs and Cloudflare Turnstile to distribute the LegionLoader payload. 

Important stages in the attack chain

The infection begins with a drive-by download when a target looks for a particular document and is baited to a malicious site.

The downloaded file contains a fake CAPTCHA. If clicked, it redirects the user via a Clloudfare Turnstile CAPTCHA to a notification page. 

In the last step, victims are urged to allow browser notifications.

Attack tactic in detail

When a user blocks the browser notification prompt or uses a browser that doesn’t support notifications, they are redirected to download harmless apps like Opera or 7-Zip. However, if the user agrees to receive browser notifications, they are redirected to another Cloudflare Turnstile CAPTCHA. Once this is done, they are sent to a page with instructions on how to download their file.

The download process requires the victim to open the Windows Run window (win + r) and put content copied to the clipboard (ctrl + v), and “ execute it by pressing enter (we described a similar approach in a post about Lumma Stealer),” Netscope said. In this incident, the command in the clipboard uses the “ command prompt to run cURL and download an MSI file.” After this, the “command opens File Explorer, where the MSI file has been downloaded. When the victim runs the MSI file, it will execute the initial payload.”

Hackers use different tactics to avoid getting caught

To avoid detection, the campaign uses a legitimate VMware-signed app that sideloads a malicious DLL to run and load the LegionLeader payload. Later, a new custom algorithm is used to remove the LegionLeader shellcode loader. 

In the final stage, the hackers install a malicious browser extension that can steal sensitive info across different browsers, such as Opera, Chrome, Brave, and Edge. Netscope warns of an alarming trend where hackers are targeting users searching for PDF docs online via sophisticated tactics to install malware.

Read more »
VPN
Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties. 

Ilusion of Privacy: VPNs collecting data 

In 2025 alone, three VPN apps have had over a million downloads on Google Play and  Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it. 

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond 

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy. 

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Read more »
WordPress
CMS Internet Malicious Codes malware WordPress

Hackers Exploit WordPress Logins, Secretly Run Codes

Hackers Exploit WordPress Logins, Secretly Run Codes

Threat actors are exploiting the Wordpress mu-plugins ("Must-Use Plugins") directory to secretly execute malicious code on each page while avoiding detection. 

The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code.

Talking about the increase in mu-plugins infections, Sucuri's security analyst Puja Srivastava said, “attackers are actively targeting this directory as a persistent foothold.”

About "Must-have" malware

Must-Use Plugins are a kind of WordPress plugin that automatically runs on every page load without the need to be activated in the admin dashboard.  Mu-plugins are files stored in the 'wp-content/mu-plugins/' and are not listed in the regular “Plugins” admin page, except when the “Must-Use” filter is checked. 

They have genuine use cases like implementing site-wide functionality for custom security rules, dynamically changing variables/codes, and performance tweaks. But as these plugins run every page load and aren’t shown in the standard plugin list, hackers can exploit them to secretly run a variety of malicious activities like injecting malicious code, changing HTML output, or stealing credentials. 

Sucuri found three payloads that hackers are deploying in the mu-plugins directory, suspected to be a part of a larger money aimed campaign.

According to Sucuri, these include:

Fake Update Redirect Malware: Detected in the file wp-content/mu-plugins/redirect.php, this malware redirected site visitors to an external malicious website.

Webshell: Found in ./wp-content/mu-plugins/index.php, it allows attackers to execute arbitrary code, granting them near-complete control over the site.

A spam injector: a spam injection script located in wp-content/mu-plugins/custom-js-loader.php. This script was being used to inject unwanted spam content onto the infected website, possibly to boost SEO rankings for malicious actors or promote scams.

How do you spot it?

A few obvious signs can help to spot this malware. One unusual behavior on the site is unauthorized user redirections to external malicious websites. Secondly, malicious files with weird names appear inside the mu-plugins directory, spoofing real plugins. Third, site admins may observe “elevated server resource usage with no clear explanation, along with unexpected file modifications or the inclusion of unauthorized code in critical directories,” according to Sucuri.

Read more »
VPN
AI Cyber Attacks cyber resilience Internet phishing VPN

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon

In a series of unfortunate events, experts suggest the advancement of cybercrime isn’t ending anytime soon.

Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a major one and not showing signs of ending anytime soon. Artificial Intelligence, large-scale data breaches, businesses, governments, and rising target refinement across media platforms have contributed to this problem. However, Nord VPN CTO Marijus Briedis believes, “Prevention alone is insufficient,” and we need resilience. 

VPN provider Nord VPN experienced first-hand the changing cyber threat landscape after the spike in cybercrime cases attacking Lithuania, where the company is based, in the backdrop of the Ukraine conflict. 

Why cyber resilience is needed

In the last few years, we have witnessed the expansion of cybercrime gangs and state-sponsored hackers and also the abuse of digital vulnerabilities. What is even worse is that “with little resources, you can have a lot of damage,” Briedis added. Data breaches reached an all-time high in 2024. The infamous “mother of all data breaches” incident resulted in a massive 26 billion record leak. Overall, more than 1 billion records were leaked throughout the year, according to NordLayer data

Google’s Cybersecurity Forecast 2025 included Generative AI as a main threat, along with state-sponsored cybercriminals and ransomware.

Amid these increasing cyber threats, companies like NordVPN are widening the scope of their security services. A lot of countries have also implemented laws to safeguard against cyberattacks as much as possible throughout the years. 

Over the years, governments, individuals, and organizations have also learned to protect their important data via vpn software, antivirus, firewall, and other security software. Despite these efforts, it’s not enough. According to Briedis, this happens because cybersecurity is not a fixed goal. "We have to be adaptive and make sure that we are learning from these attacks. We need to be [cyber] resilience."

The plan forward

In a RightsCon panel that Briedis attended, the discourse was aimed at NGOs, activists, and other small businesses, people take advantage of Nord’s advice to be more cyber-resilient. He gives importance to education, stressing it’s the “first thing.”

Read more »
Steam
Cyber Attacks Gaming Internet Online Gaming Phishing Attack Steam

Hackers Target 'Counter Strike-2' Players Via Fake Steam Login Pop-ups

Hackers Target 'Counter Strike-2' Players Via Fake Steam Login Pop-ups

Browser-in-the-browser attacks are simple yet sophisticated phishing scams. Hackers emulate trusted services via fake pop-up windows that look like the actual (real) login pages. While there have been a lot of reports describing browser-in-the-browser tactics, it is very difficult to actually catch a hacker deploying this campaign.

Fake Steam pages used to target gamers

Cybercriminals are targeting Counter-Strike 2 (a free-to-play tactical first-person shooter game) players using a disguised Steam login page that looks quite convincing. The fake page tricks innocent gamers into giving away their account IDs and passwords.

The hackers distributed the attack on the websites that pretended to represent the sports team Navi. “Part of the campaign’s attack tactics also includes abusing the name of a professional esports team called Navi,” reports cybersecurity vendor Silent Push. The hackers offered visitors free weapons skins or a “free case” that could be used in the game. To get these freebies, the phishing page demanded users to log in to Steam. 

“All of the websites our team has found so far were in English save one Chinese site, simplegive[.]cn, which was created in Mandarin, with some English wording, and used the top-level domain (TLD) '.cn,” reports Silent Push.

Campaign explained

The campaign, an example of browser-in-the-browser tactic, is built around creating an almost real-looking fake browser pop-up windows that display the URL of the actual website. It aims to make a visitor feel safe; the users believe the pop-up window is part of the real site. When a victim tries to log into the fake Steam portal, the hackers steal their login credentials and also try to take over victim accounts for future resale. After this, the site shows a fake pop-up page that mimics the Steam login portal, including the official “steamcommunity.com” domain in the web address. But the pop-up is a dummy window inside the phishing webpage; Silent Push has shown this in its video.

More about fake pop-up and how to identify it

According to Silent Push, the fake pop-up to the Steam login “cannot be maximized, minimized, or moved outside the browser window even though victims can ‘interact’ with the URL bar of the fake pop-up.” Silent Push also said that the campaign can be more effective for desktop users because the pop-ups are designed to be viewed on a larger resolution, in this case, big screens. All the fake Navi websites discovered were in English, except one Chinese site, which was in Mandarin with few English words. 

The fake websites were hosted on domains like casenaps[.]com, caserevs[.]com, and caseneiv[.]com. However, it doesn’t seem likely that the hackers took the time to make fake pop-ups for mobile phone viewing. To stay safe, users should always check for fake URL bars in any login pop-ups. If you find any URL bar, always drag that window outside of your browser. If it doesn’t move, you can tell the pop-up is fake.

Read more »
Youtube
Blackmail Internet malware Russia SilentCryptominer Social Media Youtube

SilentCryptominer Threatens YouTubers to Post Malware in Videos

SilentCryptominer Threatens YouTubers to Post Malware in Videos

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks.

Malware targets YouTubers 

Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in Russia alone. The attack vector involves tricking YouTubers with a large follower base into spreading malicious links. 

“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” reports Secure List. This helps threat actors by “allowing them to persist in an unprotected system without the risk of detection. 

Innocent YouTubers Turned into victims

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.” Few commonly found malware in the distribution scheme are: Phemedrone, DCRat NJRat, and XWorm.

In one incident, a YouTuber with 60k subscribers had put videos containing malicious links to infected archives, gaining over 400k views. The malicious links were hosted on gitrock[.]com, along with download counter crossing 40,000. 

The malicious files were hosted on gitrok[.]com, with the download counter exceeding 40,000.

Blackmail and distributing malware

Threat actors have started using a new distribution plan where they send copyright strikes to content creators and influencers and blackmail them to shut down channels if they do not post videos containing malicious links. The scare strategy misuses the fame of the popular YouTubers to distribute malware to a larger base. 

The infection chain starts with a manipulated start script that employs an additional executable file via PowerShell. 

As per the Secure List Report, the loader (written in Python) is deployed with PyInstaller and gets the next-stage payload from hardcoded domains.  The second-stage loader runs environment checks, adds “AppData directory to Microsoft Defender exclusions” and downloads the final payload “SilentCryptominer.”

The infamous SilentCryptoMiner

The SilentCryptoMiner is known for mining multiple cryptocurrencies via different algorithms. It uses process hollowing techniques to deploy miner code into PCs for stealth.

The malware can escape security checks, like stopping mining when processes are running and scanning for virtual environment indicators. 

Read more »
YouTube Content Consumption
Google Internet Technology YouTube Content Consumption

YouTube at 20: How the Viral Video Site Forever Changed User's Content Consumption Habit

 

A simple meal with friends 20 years ago sparked one of the twenty-first century's most significant technology breakthroughs. YouTube, a video-hosting platform founded by three former PayPal employees, was poised to transform the worldwide entertainment sector. Today, it even poses a danger to traditional television titans, establishing itself as a must-see in the entertainment industry. streaming. How has this platform amassed billions of users? A look back on its remarkable rise.

YouTube was founded in 2005 by Steve Chen, Chad Hurley, and Jawed Karim, who intended to make it easier to share videos online. On February 14, 2005, the website youtube.com was launched. A few weeks later, on April 23, 2005, Jawed Karim uploaded his first video, Me at the Zoo. This 19-second video, in which he stands in front of elephants at the San Diego Zoo, came to represent the era of user-generated content. 

Google bought YouTube for $1.65 billion in October 2006, less than a year after its start. This acquisition constituted a watershed moment: YouTube now had access to Google's superior search engines and advertising solutions, which helped it grow its audience and monetise its content. YouTube now has over 2.5 billion monthly active users and 100 million premium subscribers, making it the undisputed leader in video streaming. 

Massive impact on culture and media 

Over the years, YouTube has dramatically transformed how we consume content: 

  • Millions of YouTubers have emerged, with some becoming real celebrities, such as MrBeastSqueezie and PewDiePie. 
  • With platforms like TEDx, CrashCourse, and e-penser, YouTube has emerged as an indispensable learning tool. 
  • YouTube's diverse range of media, from gaming to vlogs to podcasts, has propelled it to the forefront of digital entertainment. 

Threat to traditional television 

These days, YouTube is directly competing with cable channels and streaming services like Netflix and Disney+. With over a billion hours of video seen daily, YouTube is starting to gain traction as a viable substitute for television. In contrast to traditional media, YouTube does not rely on production companies; instead, its material is created by its users. 

This strategy has made it possible for the platform to provide an endless quantity of films that span every potential topic of interest. By 2027, YouTube may overtake cable TV networks in terms of paying customers, the experts predict. Every day, millions of people watch it thanks to its advertising and premium membership business model. 

YouTube's challenges and controversies 

YouTube has not been immune to criticism despite its spectacular success: 

Copyright: In its early days, the platform was inundated with pirated content. Google has to reach agreements with the studios to restrict the infringements. 

Content moderation: Fake news, violent or inappropriate content: the site is frequently chastised for its lack of control over the videos it distributes.

Competition from TikTok and Instagram: Faced with the rise of short videos, YouTube had to respond by developing YouTube Shorts, an alternative to TikTok's fast-paced entertainment. 

What you need to remember

YouTube has evolved from a simple sharing site to a global streaming behemoth in less than two decades. Its capacity to develop and adapt to trends positions it as a major player in the audiovisual landscape.

Today, YouTube has 2.5 billion monthly active users, over 100 million premium members, and 1 billion hours of video views per day. YouTube, with its hybrid model that combines television, social networking, and streaming services, is clearly the media of future.
Read more »
X
Data Breach EU Internet IT POLSA Space X

Polish Space Agency "POLSA" Suffers Breach; System Offline

Polish Space Agency "POLSA" Suffers Breach; System Offline

Systems offline to control breach

The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were hacked. The social media post indicates the step was taken to protect data. 

US News said “Warsaw has repeatedly accused Moscow of attempting to destabilise Poland because of its role in supplying military aid to its neighbour Ukraine, allegations Russia has dismissed.” POLSA has been offline since to control the breach of its IT infrastructure. 

Incident reported to authorities

After discovering the attack, POLSA reported the breach to concerned authorities and started an investigation to measure the impact. Regarding the cybersecurity incident, POLSA said “relevant services and institutions have been informed.”  

POLSA didn’t reveal the nature of the security attack and has not attributed the breach to any attacker. "In order to secure data after the hack, the POLSA network was immediately disconnected from the Internet. We will keep you updated."

How did the attack happen?

While no further info has been out since Sunday, internal sources told The Register that the “attack appears to be related to an internal email compromise” and that the staff “are being told to use phones for communication instead.”

POLSA is currently working with the Polish Military Computer Security Incident Response Team (CSIRT MON) and the Polish Computer Security Incident Response Team (CSIRT NASK) to patch affected services. 

Who is responsible?

Commenting on the incident, Poland's Minister of Digital Affairs, Krzysztof Gawkowski, said the “systems under attack were secured. CSIRT NASK, together with CSIRT MON, supports POLSA in activities aimed at restoring the operational functioning of the Agency.” On finding the source, he said, “Intensive operational activities are also underway to identify who is behind the cyberattack. We will publish further information on this matter on an ongoing basis.”

About POLSA

A European Space Agency (ESA) member, POLSA was established in September 2014. It aims to support the Polish space industry and strengthen Polish defense capabilities via satellite systems. The agency also helps Polish entrepreneurs get funds from ESA and also works with the EU, other ESA members and countries on different space exploration projects.  

Read more »
Telecom
Beeline Cyber Attacks DDOS Attacks Internet Russia Telecom

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Internet outage in, telecom provider attacked

Users in Russia faced an internet outage in a targeted DDoS attack on Russian telecom company Beeline. This is the second major attack on the Moscow-based company in recent weeks; the provider has over 44 million subscribers.

After several user complaints and reports from outage-tracking services, Beeline confirmed the attack to local media.

According to Record Media, internet monitoring service Downdetector’s data suggests “most Beeline users in Russia faced difficulties accessing the company’s mobile app, while some also reported website outages, notification failures and internet disruptions.” 

Impact on Beeline

Beeline informed about the attack on its Telegram channel, stressing that the hacker did not gain unauthorized access to consumer data. Currently, the internet provider is restoring all impacted systems and improving its cybersecurity policies to avoid future attacks. Mobile services are active, but users have cited issues using a few online services and account management features.

Rise of threat in Russia

The targeted attack on Beeline is part of a wider trend of cyberattacks in Russia; in September 2024, VTB, Russia’s second-largest bank, faced similar issues due to an attack on its infrastructure. 

These attacks highlight the rising threats posed by cyberattacks cherry-picking critical infrastructures in Russia and worldwide.

Experts have been warning about the rise in intensity and advanced techniques of such cyberattacks, damaging not only critical businesses but also essential industries that support millions of Russian citizens. 

Telecom companies in Russia targeted

How Beeline responds to the attack and recovers will be closely observed by both the telecom industry and regulators. The Beeline incident is similar to the attack on Russian telecom giant Megafon, another large-scale DDoS attack happened earlier this year. 

According to a cybersecurity source reported by Forbes Russia, the Beeline attack in February and the Megafon incident in January are the top hacktivist cyberattacks aiming at telecom sectors in 2025. 

According to the conversation with Forbes, the source said, “Both attacks were multi-vector and large-scale. The volume of malicious traffic was identical, but MegaFon faced an attack from 3,300 IP addresses, while Beeline was targeted via 1,600, resulting in a higher load per IP address.”

Read more »
Technology
AI Antivirus Internet Password Technology

These Four Basic PC Essentials Will Protect You From Hacking Attacks


There was a time when the internet could be considered safe, if the users were careful. Gone are the days, safe internet seems like a distant dream. It is not a user's fault when the data is leaked, passwords are compromised, and malware makes easy prey. 

Online attacks are a common thing in 2025. The rising AI use has contributed to cyberattacks with faster speed and advanced features, the change is unlikely to slow down. To help readers, this blog outlines the basics of digital safety. 

Antivirus

A good antivirus in your system helps you from malware, ransomware, phishing sites, and other major threats. 

For starters, having Microsoft’s built-in Windows Security antivirus is a must (it is usually active in the default settings, unless you have changed it). Microsoft antivirus is reliable and runs without being nosy in the background.

You can also purchase paid antivirus software, which provides an extra security and additional features, in an all-in-one single interface.

Password manager

A password manager is the spine of login security, whether an independent service, or a part of antivirus software, to protect login credentials across the web. In addition they also lower the chances of your data getting saved on the web.

A simple example: to maintain privacy, keep all the credit card info in your password manager, instead of allowing shopping websites to store sensitive details. 

You'll be comparatively safer in case a threat actor gets unauthorized access to your account and tries to scam you.

Two-factor authentication 

In today's digital world, just a standalone password isn't a safe bet to protect you from attackers. Two-factor authentication (2FA) or multi-factor authentication provides an extra security layer before users can access their account. For instance, if a hacker has your login credentials, trying to access your account, they won't have all the details for signing in. 

A safer option for users (if possible) is to use 2FA via app-generated one-time codes; these are safer than codes sent through SMS, which can be intercepted. 

Passkeys

If passwords and 2FA feel like a headache, you can use your phone or PC as a security option, through a passkey.

Passkeys are easy, fast, and simple; you don't have to remember them; you just store them on your device. Unlike passwords, passkeys are linked to the device you've saved them on, this prevents them from getting stolen or misused by hackers. You're done by just using PIN or biometric authentication to allow a passkey use.

Read more »
Saim Raza
Cyber Crime Dark Web Internet Operation Talent Saim Raza

DoJ Cracks Down Pakistan Linked Dark Web Forums Impacting 17 Million

DoJ Cracks Down Pakistan Linked Dark Web Forums Impacting 17 Million

The US Department of Justice (DoJ) joined forces with international law enforcement to shut down a few Dark Web cybercrime forums, two operations that impacted underground markets associated with the attacks on millions of victims worldwide. 

Pakistani dark web forum shut down

Result? “Cracked” and “nulled” websites are down, along with the Pakistani “Saim Raza” network of dark web forums, also called “HeartSender.” The long-term implications of this operation are not known.

DoJ partnered with international agencies to crack down on cybercrime

First, DoJ with the Dutch National Police captured 39 domains operated by a Pakistani group known as Saim Raza (aka HeartSender). DoJ says Saim Raza has been working since 2020, selling fraud tools and phishing kits to the highest bidder throughout a network of dark websites. 

Criminals purchasing the tools are accountable for global business email compromise (BEC) attacks and other dangerous scams- against victims in the US who were robbed of $3 million. 

The DoJ believes Saim Raza made these “tools widely available on the open Internet” and “also trained end users on how to use the tools against victims by linking to instructional YouTube videos.” 

The group explained, “how to execute schemes using these malicious programs, making them accessible to criminal actors that lacked this technical criminal expertise.” Saim Raza also “advertised its tools as 'fully undetectable' by antispam software,” the agency said in its announcement.

More About "Cracked" & "Nulled" Dark Web Markets 

Called “Operation Talent,” the DoJ and Europol worked together to crack down the two dark web marketplaces, linked to cybercrimes against more than 17 million victims.

In a separate action, the DoJ participated in "Operation Talent," a Europol-backed international operation that disrupted the Cracked and Nulled Dark Web marketplaces. Together, the forums have been linked to cybercrimes against at least 17 million US victims.

The cracked marketplace surfaced in 2018, DoJ believes, having 4 million users, making $4 million in revenue, and hosting over 28 million cybercrime ads in its career.

“The Nulled website domain seizure meanwhile came in tandem with the unsealing of charges against one of its administrators, Lucas Sohn, an Argentinian national living in Spain,” says cybersecurity news portal Dark Reading. Nulled has been in the game since 2016, hosted 5 million users, and made $1 million per year, also listing over 43 million ads.

Read more »
Technology
AI Fake Sites Internet Microsoft Scareware Tech Support Scam Technology

New Microsoft "Scareware Blocker" Prevents Users from Tech Support Scams

New Microsoft "Scareware Blocker" Prevents Users from Tech Support Scams

Scareware is a malware type that uses fear tactics to trap users and trick them into installing malware unknowingly or disclosing private information before they realize they are being scammed. Generally, the scareware attacks are disguised as full-screen alerts that spoof antivirus warnings. 

Scareware aka Tech Support Scam

One infamous example is the “tech support scam,” where a fake warning tells the user their device is infected with malware and they need to reach out to contact support number (fake) or install fake anti-malware software to restore the system and clean up things. Over the years, users have noticed a few Microsoft IT support fraud pop-ups.

Realizing the threat, Microsoft is combating the issue with its new Scareware Blockers feature in Edge, which was first rolled out in November last year at the Ignite conference.

Defender SmartScreen, a feature that saves Edge users from scams, starts after a malicious site is caught and added to its index of abusive web pages to protect users globally.

AI-powered Edge scareware blocker

The new AI-powered Edge scareware blocker by Microsoft “offers extra protection by detecting signs of scareware scams in real-time using a local machine learning model,” says Bleeping Computer.

Talking about Scareware, Microsoft says, “The blocker adds a new, first line of defense to help protect the users exposed to a new scam if it attempts to open a full-screen page.” “Scareware blocker uses a machine learning model that runs on the local computer,” it further adds.

Once the blocker catches a scam page, it informs users and allows them to continue using the webpage if they trust the website. 

Activating Scareware Blocker

Before activating the blocker, the user needs to install the Microsoft Edge beta version. The version installs along with the main release variant of Edge, easing the user’s headache of co-mingling the versions. If the user is on a managed system, they should make sure previews are enabled admin. 

"After making sure you have the latest updates, you should see the scareware blocker preview listed under "Privacy Search and Services,'" Microsoft says. Talking about reporting the scam site from users’ end for the blocker to work, Microsoft says it helps them “make the feature more reliable to catch the real scams. 

Beyond just blocking individual scam outbreaks” their Digital Crimes Unit “goes even further to target the cybercrime supply chain directly.”

Read more »
WordPress
Hacking Internet Plugins Technology Website WordPress

Hackers Exploit WordPress Sites to Attack Mac and Windows Users


According to security experts, threat actors are abusing out-of-date versions of WordPress and plug-ins to modify thousands of sites to trap visitors into downloading and installing malware.

In a conversation with cybersecurity news portal TechCrunch, Simon Wijckmans, founder and CEO of the web security company c/side, said the hacking campaign is still “very much live”.

Spray and pray campaign

The hackers aim to distribute malware to loot passwords and sensitive data from Mac and Windows users. According to c/side, a few hacked websites rank among the most popular ones on the internet. Reporting on the company’s findings, Himanshu Anand believes it is a “widespread and very commercialized attack” and told TechCrunch the campaign is a “spray and pray” cyber attack targeting website visitors instead of a specific group or a person.

After the hacked WordPress sites load in a user’s browser, the content immediately turns to show a false Chrome browser update page, asking the website visitor (user) to download and install an update to access the website, researchers believe. 

Users tricked via fake sites

When a visitor agrees to the update, the compromised website will ask the user to download a harmful malware file disguised as the update, depending on whether the visitor is a Mac or Windows user. Researchers have informed Automattic (the company) that makes and distributes Wordpress.com about the attack campaign and sent a list of harmful domains. 

According to TechCrunch, Megan Fox, spokesperson for Automattic, did not comment at the time of press. Later, Automattic clarified that the security of third-party plugins is the responsibility of WordPress developers.

“There are specific guidelines that plugin authors must consult and adhere to ensure the overall quality of their plugins and the safety of their users,” Ms Fox told TechCrunch. “Authors have access to a Plugin Handbook which covers numerous security topics, including best practices and managing plugin security,” she added. 

C/side has traced over 10,000 sites that may have been a target of this hacking campaign. The company found malicious scripts on various domains by crawling the internet, using a reverse DNS lookup to find domains and sites linked with few IP addresses which exposed a wider number of domains hosting malicious scripts. TechCrunch has not confirmed claims of C/side’s data, but it did find a WordPress site showing malicious content earlier this week.

Read more »
Payload
Cyber Security Firewalls Internet internet access Internet Service Providers Network Security Online Traffic Payload

Deep Packet Inspection (DPI): Balancing Security and Privacy in the Digital Age

 

Deep Packet Inspection (DPI) is an advanced technology for analyzing internet traffic that goes beyond traditional techniques. Unlike standard firewalls that examine only the headers of data packets, DPI scrutinizes both headers and payloads, providing a comprehensive view of the transmitted information. While widely used for legitimate purposes such as enhancing network security and efficiency, DPI raises significant concerns about privacy and surveillance, particularly for VPN users.

Understanding Data Packets and DPI

At the heart of internet communication are data packets, which consist of two primary components: the header and the payload. The header includes metadata such as the source and destination IP addresses, protocol type, and packet size. The payload contains the actual content being transmitted, such as video streams, emails, or files.

Traditional firewalls rely on stateless packet filtering, which inspects only the header to determine whether to allow or block traffic. DPI, however, examines the payload, enabling administrators to identify the type of data being sent and enforce more sophisticated filtering rules. This capability allows for traffic prioritization, harmful content blocking, and monitoring of sensitive information.

Applications of DPI

DPI is a versatile tool with diverse applications in the modern digital landscape:

  • Cybersecurity: DPI detects and blocks malicious traffic by analyzing packet contents for threats like ransomware or phishing attempts. It prevents these attacks from reaching their targets.
  • Data Leak Prevention: Businesses use DPI to scan outgoing traffic for unauthorized sharing of sensitive information, ensuring compliance with regulations such as GDPR and HIPAA.
  • Content Filtering: DPI dynamically blocks harmful or inappropriate material, making it an essential feature for parental controls and educational environments.

DPI and Network Management

Internet Service Providers (ISPs) leverage DPI for network optimization:

  • Traffic Management: DPI helps manage congestion by prioritizing real-time applications like video calls and streaming over less critical activities such as large file downloads.
  • Bandwidth Allocation: It identifies and throttles illegal file-sharing activities, ensuring fair bandwidth distribution across users.

Privacy Challenges for VPN Users

DPI’s capabilities present challenges for privacy, particularly in regions with strict internet censorship. Advanced DPI systems can detect VPN traffic by identifying unique patterns in packet headers and payloads, enabling ISPs and governments to block or throttle VPN connections. This undermines online privacy and access to unrestricted content.

Countermeasures and Obfuscation Techniques

To combat DPI, many VPNs employ obfuscation techniques, including:

  • Traffic Disguising: VPN traffic is masked to resemble regular encrypted web traffic.
  • Random Data Insertion: Adding random data packets disrupts identifiable patterns, making detection harder.

While these methods may reduce connection speeds, they are crucial for maintaining access to a free and open internet in restrictive environments.

Striking a Balance

DPI is undeniably a powerful tool with significant benefits for network security and management. However, its potential for misuse raises concerns about privacy and freedom. For those concerned about online surveillance, understanding how DPI works and using VPNs with advanced obfuscation features are critical steps in safeguarding digital privacy.

Read more »
Subscribe to: Posts (Atom)