Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cloud hosting. Show all posts
phishing
Business Security cloud hosting cookie theft Credential Theft Cybersecurity Data Breach fake alerts Meta OTP phishing

Meta Mirage” Phishing Campaign Poses Global Cybersecurity Threat to Businesses

 

A sophisticated phishing campaign named Meta Mirage is targeting companies using Meta’s Business Suite, according to a new report by cybersecurity experts at CTM360. This global threat is specifically engineered to compromise high-value accounts—including those running paid ads and managing brand profiles.

Researchers discovered that the attackers craft convincing fake communications impersonating official Meta messages, deceiving users into revealing sensitive login information such as passwords and one-time passcodes (OTP).

The scale of the campaign is substantial. Over 14,000 malicious URLs were detected, and alarmingly, nearly 78% of these were not flagged or blocked by browsers when the report was released.

What makes Meta Mirage particularly deceptive is the use of reputable cloud hosting services—like GitHub, Firebase, and Vercel—to host counterfeit login pages. “This mirrors Microsoft’s recent findings on how trusted platforms are being exploited to breach Kubernetes environments,” the researchers noted, highlighting a broader trend in cloud abuse.

Victims receive realistic alerts through email and direct messages. These notifications often mention policy violations, account restrictions, or verification requests, crafted to appear urgent and official. This strategy is similar to the recent Google Sites phishing wave, which used seemingly authentic web pages to mislead users.

CTM360 identified two primary techniques being used:
  • Credential Theft: Victims unknowingly submit passwords and OTPs to lookalike websites. Fake error prompts are displayed to make them re-enter their information, ensuring attackers get accurate credentials.
  • Cookie Theft: Attackers extract browser cookies, allowing persistent access to compromised accounts—even without login credentials.
Compromised business accounts are then weaponized for malicious ad campaigns. “It’s a playbook straight from campaigns like PlayPraetor, where hijacked social media profiles were used to spread fraudulent ads,” the report noted.

The phishing operation is systematic. Attackers begin with non-threatening messages, then escalate the tone over time—moving from mild policy reminders to aggressive warnings about permanent account deletion. This psychological pressure prompts users to respond quickly without verifying the source.

CTM360 advises businesses to:
  • Manage social media accounts only from official or secure devices
  • Use business-specific email addresses
  • Activate Two-Factor Authentication (2FA)
  • Periodically audit security settings and login history
  • Train team members to identify and report suspicious activity
This alarming phishing scheme highlights the need for constant vigilance, cybersecurity hygiene, and proactive measures to secure digital business assets.
Read more »
Cyber Security
Abcbot cloud hosting Cloud Server Cyber Security

Chinese Cloud Hosting Providers Targeted by Abcbot

 

Cybersecurity researchers have discovered a new malware botnet that has been exclusively targeting the architecture of Chinese cloud hosting companies in recent months. The botnet, dubbed Abcbot, has attacked servers hosted by Alibaba Cloud, Baidu, Tencent, and Huawei Cloud. Cado Security noted in a research today, confirming Trend Micro and Qihoo 360 Netlab results. 

“My theory is that the newer CSPs such as Huawei Cloud, Tencent, and Baidu are not as mature as something like AWS, which includes automatic alerting when a cloud instance is deployed in an insecure fashion,” Matt Muir of Cado Security told The Record in an email this week. 

“Alibaba Cloud certainly has been around longer so its security services are more mature, but it is noteworthy that after Trend Micro [initially] saw malware targeting Huawei Cloud, the new samples we analyzed are targeting additional Chinese cloud providers,” Muir added. 

The attacks of Abcbot attempt to control Linux servers managed by such organizations that have weak passwords or are operating unpatched programs. 

When an initial entry point is discovered, Abcbot installs a Linux bash script that deactivates SELinux security safeguards, establishes a backdoor for the attacker, and then checks affected hosts for evidence of many other malware botnets. 

If rival malware is discovered, Abcbot terminates activities found to be correlated with some other botnets as well as procedures associated with crypto-mining operations. It then goes a step not seen in other botnets by deleting SSH keys and only keeping its own in place to ensure that only its own may join. 

According to Muir, this conduct shows that some other parties are employing a similar strategy, wherein the Abcbot programmers have also detected and opted to prohibit. 

According to Muir, Cado researchers analyzed Abcbot variants that solely featured capability to corral compromised systems as part of Abcbot's botnet. 

Earlier Trend Micro versions, on the other hand, had crypto-currency mining modules, and Netlab samples contained DDoS attack elements. Considering the measures Abcbot took to terminate crypto-mining processes it did not create, it is possible that its ultimate goal is to produce bitcoin income for the attackers. Cado and other investigators are still unaware of the magnitude of the Abcbot botnet. 

“Given that the malware targets specific CSPs, this suggests that propagation is fairly limited,” Muir said. 

“The method of propagation (via enumeration of known_hosts) could mean that it has spread beyond the boundaries of the CSPs it was originally meant to target,” the Cado Security researcher added.
Read more »
Subscribe to: Posts (Atom)