Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label phishing. Show all posts
takedown
Cyber Fraud Cyberattack CyberCrime Cybersecurity digitalcrime Europol Fraud Hacking LabHost LabRat lawenforcement phishing phishingkits phishingtools takedown

Global Cybercrime Crackdown Dismantles Major Phishing-as-a-Service Platform ‘LabHost’

 

In a major international crackdown, a law enforcement operation spearheaded by the London Metropolitan Police and coordinated by Europol has successfully taken down LabHost, one of the most notorious phishing-as-a-service (PhaaS) platforms used by cybercriminals worldwide.

Between April 14 and April 17, 2024, authorities carried out synchronized raids across 70 different sites globally, resulting in the arrest of 37 individuals. Among those arrested were four suspects in the UK believed to be the platform’s original creators and administrators. Following the arrests, LabHost’s digital infrastructure was completely dismantled.

LabHost had gained infamy for its ease of use and wide accessibility, making it a go-to cybercrime tool. The service offered more than 170 fake website templates imitating trusted brands from the banking, telecom, and logistics sectors—allowing users to craft convincing phishing campaigns with minimal effort.

According to authorities, LabHost supported over 40,000 phishing domains and catered to approximately 10,000 users across the globe. The coordinated enforcement effort was supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), with 19 countries actively participating in the investigation.

LabHost showcased how cybercrime has become industrialized through subscription-based platforms. For a monthly fee of around $249, subscribers could access phishing kits, fraudulent websites, hosting services, and even tools to interact with victims in real-time.

One of its most dangerous features was LabRat, an integrated dashboard that enabled users to monitor ongoing phishing attacks. This tool also allowed cybercriminals to intercept two-factor authentication codes and login credentials, effectively bypassing modern security measures.

Its user-friendly interface eliminated the need for technical skills—opening the door for anyone with malicious intent and a credit card to launch sophisticated phishing schemes. The platform's popularity contributed to a spike in identity theft, financial fraud, and widespread data breaches.

Authorities hailed the takedown as a milestone in the fight against cybercrime. However, they also cautioned that the commoditization of cybercrime remains a serious concern.

"This is a critical blow to phishing infrastructure," cybersecurity experts said, "but the ease of recreating similar platforms continues to pose a major threat."

Following the seizure of LabHost’s backend systems, law enforcement agencies have begun analyzing the data to identify the perpetrators and their victims. This will mark the beginning of a new wave of investigations and preventative measures.

The operation involved agencies from 19 countries, including the FBI and Secret Service from the United States, as well as cybercrime units in Canada, Germany, the Netherlands, Poland, Spain, Australia, and the UK. This unprecedented level of international cooperation highlights the cross-border nature of cyber threats and the importance of unified global action.

As authorities prepare for a fresh wave of prosecutions, the LabHost takedown stands as a defining moment in cyber law enforcement—both in its impact and its symbolism.
Read more »
ZeroTrust
2FA AIsecurity credentialstuffing CyberCrime Darkweb Data Breach GenZ Infostealer passwordmanager Passwords phishing Ransomware ZeroTrust

Infostealer Malware Soars 500% as 1.7 Billion Passwords Leak on Dark Web

 

A new report has exposed a staggering 500% rise in infostealer malware attacks, with over 1.7 billion passwords leaked on the dark web in 2024 alone. Despite the growing threat, poor password hygiene continues to be a critical issue, especially among Gen Z users. Cybersecurity experts are now calling for a complete rethink of digital safety practices, urging organizations and individuals to adopt zero-trust frameworks, AI-driven defenses, and reform in user behavior.

Infostealer malware is gaining traction as a preferred tool among cybercriminals. These lightweight, silent programs are often embedded in pirated software or spread via phishing attacks. Once inside a system, they exfiltrate sensitive data including stored credentials, autofill data, cookies, and even crypto wallet details without raising alarms. This stolen information is then compiled into massive combo lists—datasets of usernames and passwords—that are sold or traded on dark web forums. These lists power credential-stuffing attacks that enable hackers to take control of accounts on a mass scale.

Underground marketplaces have reportedly listed over 100 billion compromised credentials, marking a 42% increase from the previous year. Cybercrime syndicates such as BestCombo, BloddyMery, and ValidMail have become notorious for brokering access to stolen identities, fueling everything from account takeovers to financial fraud, ransomware deployment, and corporate espionage.

Yet, despite repeated warnings, user behavior remains worryingly casual. The 2025 World Password Day Survey revealed that 72% of Gen Z users admit to reusing passwords across multiple services. Even more strikingly, 79% acknowledge the risks of reuse, while 59% continue to use the same credentials even after a breach. Shockingly, only 10% reported updating their passwords consistently after being informed of a compromise. Additionally, 38% of Gen Z respondents said they only alter one character when prompted to update a password, and 30% frequently forget their credentials—despite the availability of password recovery features and password managers.

Although 46% of Gen Z users claim to use password managers, their actual habits—like sharing credentials via body text, screenshots, or in conversation—undermine any security those tools provide. This gap between intention and action continues to weaken overall cyber defense.

On the enterprise front, the situation is no better. According to a cybersecurity expert, 27% of businesses still do not enforce basic password policies. Even among organizations that do, users often respond to frequent password change requirements with insecure workarounds, such as reusing slightly modified passwords.

A data privacy solicitor commented, “If your system allows users to bypass complexity rules or reuse old passwords, your policy is meaningless,” she warned.

Experts also note that even strong password practices can't address all threats. Vulnerabilities like device-level breaches, session hijacking, and social engineering tactics necessitate broader security strategies. Resta advises that organizations should go beyond password policies and invest in multi-layered defenses:
“Organizations must maintain robust incident response plans alongside 2FA, AI-driven anomaly detection, and Zero Trust Architecture (ZTA).”
Read more »
SuperCardX
Android Hacking malware NFC phishing Skimming SuperCardX

SuperCard X Malware Turns Android Phones into NFC Relay Hubs for Real-Time Payment Fraud

 

Hackers are exploiting a Chinese-language malware-as-a-service (MaaS) platform known as SuperCard X to conduct near-field communication (NFC) relay attacks, enabling the theft of payment card data and real-time fraudulent transactions at point-of-sale (PoS) systems and ATMs. According to mobile security firm Cleafy, SuperCard X diverges from traditional banking malware by weaponizing the contactless features of modern payment cards, transforming infected Android devices into relay tools for instant cash-outs.

“Effectively turning any infected Android handset into an NFC relay station,” said mobile security firm Cleafy.

Cybercriminals can access preconfigured Reader and Tapper apps—used to capture and relay NFC card data—via Telegram channels, offering low-barrier entry into NFC fraud without the need to build custom tools.

The attack typically begins with spoofed messages sent via SMS or WhatsApp, impersonating a bank and warning of suspicious activity. Victims are urged to call a provided number, where scammers—posing as bank representatives—manipulate them into disabling card security settings through social engineering. Eventually, victims are sent a link to download the SuperCard X Reader, disguised as a legitimate security utility.

Once installed, the Reader app requests minimal NFC and system permissions, allowing it to evade standard antivirus detection. Cleafy’s research identified that SuperCard X reuses code from NFCGate and NGate, open-source frameworks that facilitate NFC relay functionalities.

Victims are tricked into tapping their payment cards against the infected Android device. This initiates silent harvesting of sensitive NFC data—such as Answer To Reset (ATR) messages—which are then transmitted via a secure HTTP-based command-and-control (C2) infrastructure, protected through mutual TLS encryption.

On the attacker’s side, the Tapper app—running on a separate Android phone—emulates the victim’s card using Host-based Card Emulation (HCE) mode. This allows the attacker to make contactless transactions at PoS terminals and ATMs, treating the emulated card as legitimate, especially after the victim has removed spending limits.

“SuperCard X distinguishes itself from conventional Android banking Trojans by omitting complex features such as screen overlays, SMS interception or remote desktop controls. It instead focuses on an NFC relay and streamlined permission model, granting it a low fingerprinting profile and allowing it to remain undetected by the vast majority of antivirus engines and behavioral monitors.”

In certain campaigns targeting users in Italy, Cleafy observed customized app versions distributed by affiliates. These variants had stripped-down interfaces—removing sign-up screens and Telegram links—and replaced them with benign app icons and names. During calls, fraudsters provide victims with pre-set credentials, eliminating the need for registration and further reducing the chance of user suspicion.
Read more »
Ransomware
Credentialstealing Cyber Security Cybersecurity IdentityTheft infostealers phishing Ransomware

Cybercriminals Shift Tactics Towards Stealth and Identity Theft: IBM X-Force 2025 Report

 

iThe IBM X-Force 2025 Threat Intelligence Index highlights a growing trend of cybercriminals adopting more covert attack strategies. Drawing from analysis of over 150 billion security events daily across 130+ countries, the report notes an 84% spike in email-delivered infostealers in 2024 compared to the previous year. This surge signals a marked pivot towards credential theft, even as enterprise-targeted ransomware attacks show a notable decline.

“Cybercriminals are most often breaking in without breaking anything – capitalising on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said IBM cybersecurity services global managing partner Mark Hughes. “Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernising authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”

The report found that critical infrastructure organisations bore the brunt of attacks, accounting for 70% of incidents handled by IBM X-Force last year. More than a quarter of these breaches exploited system vulnerabilities. Data theft (18%) overtook encryption-based attacks (11%) as the preferred method, reflecting improvements in detection tools and increased law enforcement pressure, which have forced threat actors to rethink their strategies.

Asia and North America emerged as the primary targets, together representing almost 60% of all global attacks. Asia faced 34% of the incidents, while North America encountered 24%. For the fourth consecutive year, the manufacturing industry remained the most impacted sector, attributed to its sensitivity to operational disruptions and susceptibility to ransomware.

Emerging AI-related threats also garnered attention. Although no major AI-focused attacks surfaced in 2024, security teams are racing to find and patch vulnerabilities before they are exploited. A critical remote code execution flaw within an AI development framework is expected to gain traction in 2025 as adoption grows. Experts warn that attackers may soon develop dedicated toolkits aimed specifically at AI systems, underlining the urgent need to secure AI infrastructure.Persistent challenges in critical infrastructure security largely stem from outdated technologies and delayed patch management. IBM X-Force revealed that vulnerabilities accounted for over 25% of exploited incidents. Analyzing discussions on dark web forums showed that four of the ten most talked-about CVEs were associated with advanced threat groups, including state-sponsored actors, escalating the risks of disruption and extortion.

Research in collaboration with Red Hat Insights found that over 50% of Red Hat Enterprise Linux users had not patched at least one critical vulnerability, with 18% leaving five or more critical CVEs unaddressed. Moreover, ransomware variants like Akira, Lockbit, Clop, and RansomHub have expanded their capabilities to affect both Windows and Linux systems.

A sharp rise in phishing campaigns distributing infostealers was another key finding, with a 180% jump compared to 2023. The use of credential phishing and infostealers enables hackers to swiftly exfiltrate sensitive information while maintaining a low profile.

While ransomware still accounted for 28% of malware attacks in 2024, its overall prevalence declined compared to previous years. Cybercriminals are increasingly shifting towards identity-based attacks, adapting to countermeasures that have made traditional ransomware operations more difficult.
Read more »
Ransomware
AI Akira Credentials Cyber Crime IBM phishing Ransomware

Cybercriminals Are Now Focusing More on Stealing Credentials Than Using Ransomware, IBM Warns

 



A new report from IBM’s X-Force 2025 Threat Intelligence Index shows that cybercriminals are changing their tactics. Instead of mainly using ransomware to lock systems, more hackers are now trying to quietly steal login information. IBM studied over 150 billion security events each day from 130+ countries and found that infostealers, a type of malware sent through emails to steal data, rose by 84% in 2024 compared to 2023.

This change means that instead of damaging systems right away, attackers are sneaking into networks to steal passwords and other sensitive information. Mark Hughes, a cybersecurity leader at IBM, said attackers are finding ways into complex cloud systems without making a mess. He also advised businesses to stop relying on basic protection methods. Instead, companies should improve how they manage passwords, fix weaknesses in multi-factor authentication, and actively search for hidden threats before any damage happens.

Critical industries such as energy, healthcare, and transportation were the main targets in the past year. About 70% of the incidents IBM helped handle involved critical infrastructure. In around 25% of these cases, attackers got in by taking advantage of known flaws in systems that had not been fixed. Many hackers now prefer stealing important data instead of locking it with ransomware. Data theft was the method in 18% of cases, while encryption-based attacks made up only 11%.

The study also found that Asia and North America were attacked the most, together making up nearly 60% of global incidents. Asia alone saw 34% of the attacks, and North America had 24%. Manufacturing businesses remained the top industry targeted for the fourth year in a row because even short outages can seriously hurt their operations.

Emerging threats related to artificial intelligence (AI) were also discussed. No major attacks on AI systems happened in 2024, but experts found some early signs of possible risks. For example, a serious security gap was found in a software framework used to create AI agents. As AI technology spreads, hackers are likely to build new tools to attack these systems, making it very important to secure AI pipelines early.

Another major concern is the slow pace of fixing vulnerabilities in many companies. IBM found that many Red Hat Enterprise Linux users had not updated their systems properly, leaving them open to attacks. Also, ransomware groups like Akira, Lockbit, Clop, and RansomHub have evolved to target both Windows and Linux systems.

Lastly, phishing attacks that deliver infostealers increased by 180% in 2024 compared to the year before. Even though ransomware still accounted for 28% of malware cases, the overall number of ransomware incidents fell. Cybercriminals are clearly moving towards quieter methods that focus on stealing identities rather than locking down systems.


Read more »
Spyware
API Keys Cybersecurity Data Breach Developers malware npm packages open-source phishing Software Supply Chain Spyware

Rise in Data-Stealing Malware Targeting Developers, Sonatype Warns

 

A recent report released on April 2 has uncovered a worrying rise in open-source malware aimed at developers. These attacks, described as “smash and grab” operations, are designed to swiftly exfiltrate sensitive data from development environments.

Brian Fox, co-founder and CTO of Sonatype, explained that developers are increasingly falling victim to deceptive software packages. Once installed, these packages execute malicious code to harvest confidential data such as API keys, session cookies, and database credentials—then transmit it externally.

“It’s over in a flash,” Fox said. “Many of the times, people don’t recognize that this was even an attack.”

Sonatype, a leader in software supply-chain security, revealed that 56% of malware identified in Q1 2025 focused on data exfiltration. These programs are tailored to extract sensitive information from compromised systems. This marks a sharp increase from Q4 2024, when only 26% of open-source threats had such capabilities. The company defines open-source malware as “malicious code intentionally crafted to target developers in order to infiltrate and exploit software supply chains.”

Fox emphasized that these attacks often begin with spear phishing tactics—posing as legitimate software packages on public repositories. Minor changes, such as replacing hyphens with underscores in filenames, can mislead even seasoned developers.

“The attackers fake the number of downloads. They fake the stars so it can look as legit as the original one, because there’s not enough awareness. [Developers] are not yet trained to be skeptical,” Fox told us.

These stolen data fragments—while small—can have massive consequences. API keys, hashed passwords, and cookie caches serve as backdoors for broader attacks.

“They’re breaking into the janitor’s closet, not to put in a bomb, but to grab his keychain, and then they’re going to come back at night with the keychain,” Fox said.

The 2025 report highlights early examples:

Compromised JavaScript packages on npm were found to steal environment variables, which typically contain API tokens, SSH credentials, and other sensitive information.

A fake npm extension embedded spyware that enabled complete remote access.

Malicious packages targeted cryptocurrency developers, deploying Windows trojans capable of keylogging and data exfiltration. These packages had over 1,900 downloads collectively.

A separate report published by Sonatype in November 2024 reported a 156% year-over-year surge in open-source malware. Since October 2023, over 512,847 malicious packages have been identified—including but not limited to data-exfiltrating malware.
Read more »
TaxSeason
2FA Cybersecurity Data Breach GoogleAds OTP phishing QuickBooks Scam TaxSeason

Cybercriminals Target QuickBooks Users with Phishing Attacks via Google Ads Ahead of Tax Deadline

 

With the April 15 U.S. tax deadline looming, millions of users are logging in to manage their finances online—unfortunately, cybercriminals are watching too. Leveraging this surge in digital activity, attackers are exploiting trusted platforms like Google to deceive users of Intuit’s QuickBooks.

By purchasing top Google Ads placements, hackers are directing users to authentic-looking but fraudulent login pages. These fake portals are designed to steal crucial information including usernames, passwords, and even one-time passcodes (OTPs)—granting criminals access to victims’ financial data needed for filing taxes.

Understanding how this scam works is the first step toward staying safe. Phishing scams targeting accounting software are nothing new. Fraudulent support calls and infected software downloads—often traced to large-scale operations in India and nearby regions—have long been tactics in the scammer playbook.

Late last year, security experts uncovered a malicious QuickBooks installer that prompted users to call a fake support number through a deceptive pop-up.

This new scam is even more concerning. Instead of malware, attackers are now going straight for login credentials. The scam begins with a simple Google search. An ad mimicking Intuit’s branding for “QuickBooks Online” leads users to a convincing fake website.
  • Domain Name: QUICCKBOORKS-ACCCOUNTING.COM
  • Registrar URL: https://www.hostinger.com
  • Creation Date: 2025-04-07T01:44:46Z
The phishing site mirrors the actual QuickBooks login portal. Once users enter their credentials, the information is harvested in real-time and sent to cybercriminals.

"Passwords alone offer a limited level of security because they can be easily guessed, stolen through phishing, or compromised in data breaches. It is highly recommended to enhance account protection by enabling a second form of authentication like one-time passcodes sent to your device or utilizing a 2FA app for an extra layer of verification."

However, even two-factor authentication (2FA) and OTPs are being targeted. Modern phishing kits use advanced tactics like “man-in-the-middle” or “adversary-in-the-middle” (AiTM) attacks to intercept this second layer of protection.

As users unknowingly submit both their password and OTP to a fake login page, the information is relayed instantly to the attacker—who uses it before the code expires.

Cybercriminals ramp up efforts during tax season, banking on urgency and the volume of financial activity to catch users off guard. Their tools? Deceptive Google ads that closely resemble legitimate QuickBooks links. These reroute users to cloned websites that can collect sensitive data—or even install malware.

While 2FA and OTPs still offer critical protection against many threats, they must be used on verified platforms to be effective. If you land on a malicious site, even the best security tools can be bypassed.
Read more »
Tax
Cyber Fraud IRS Cybersecurity phishing Scam Tax

Microsoft Warns of Tax-Themed Phishing Scams Targeting Americans This April

 

As the tax deadline looms, cybercriminals are seizing the opportunity to exploit anxious taxpayers. Microsoft has sounded the alarm on a new surge of sophisticated phishing scams that are preying on individuals during the 2025 tax season.

From fake IRS communications to malicious PDFs and QR codes, scammers are using increasingly deceptive methods to trick users into handing over sensitive information or installing malware.

These phishing campaigns are engineered to deliver a variety of dangerous payloads including Latrodectus, BruteRatel C4, and AHKBot. They also often deploy remote access trojans (RATs), enabling hackers to take over infected systems, steal financial data, or commit identity theft.

The fraudulent emails appear convincing, often featuring urgent subject lines such as "Unusual Activity Detected in Your IRS Filing" or "Important Action Required: IRS Audit." With one click, users are redirected to fake websites—like spoofed DocuSign pages—that automatically trigger malware downloads.

In some cases, scammers are playing the long game. One tactic involves emails from fake "clients" claiming tax-related emergencies due to past CPA errors. A response to these emails could lead to receiving a malicious attachment disguised as a tax document.

Microsoft has flagged a particularly stealthy campaign aimed at accountants. The bait? A malware-laced PDF that deploys GuLoader, a tool that leverages encrypted shellcode and cloud-based services to bypass standard security protocols. Once installed, Remcos, a remote access trojan, takes over the device, allowing hackers to manipulate files or exfiltrate data unnoticed.

“Scammers thrive on panic, so don't let them rush you. Always double-check sender addresses, avoid clicking links in unexpected emails, and never download attachments unless you're absolutely certain they're safe,” the advisory warns.

The IRS, it’s important to note, does not contact individuals via email, text, or social media for sensitive information.

Microsoft reassures users that their security solutions are actively combating these threats.

“Defender for Office 365 automatically flags and blocks phishing emails and malicious attachments, while Defender for Endpoint provides comprehensive protection across devices.”

With awareness and caution, individuals can better protect themselves from falling victim during this high-risk season.
Read more »
Subscribe to: Posts (Atom)