Introduction
Part of modern cybersecurity is knowing the threats that are out there. With this, you can protect yourself, or, at least, pass what you learn to another person. That has always been the goal of this series and it has not changed in almost 5 years.
As usual, I welcome you all. In today's edition of our security review, 83.3 percent of the articles are about malware and one is about phishing. By the looks of it, these two common threats, malware, and phishing, are not going anywhere anytime soon.
Let's dive in.
Time to check if you ran any of these 33 malicious Chrome extensions
You should check immediately, and if it turns out that you have one of the mentioned extensions, change your account passwords immediately. Here is the backstory: attackers use spear-phishing email to trick the developer into granting them permissions to the account that's used to publish the extensions to the Chrome Web Store.
Ultimately, the attackers used this permission to push malicious versions of the extensions that siphoned users' personal information, including authentication credentials for sites like Facebook.
There is no excerpt for this. Enjoy reading the full article. Let me know when you learn in the comment section.
FireScam Android Malware Packs Infostealer, Spyware Capabilities
The story of the FireScam malware is another story of malware leveraging a legitimate service for malicious purposes. In this case, it's Firebase. It gets scary when you read that a malware is both an infostealer and spyware. That's double trouble for any that it infects.
The following excerpt is a tip of what this malware can do:
The malware can harvest sensitive device information and messages, silently intercept and log USSD responses, track and manipulate USSD interactions, monitor clipboard and content sharing, monitor user engagement and ecommerce transactions, and monitor screen state changes and notifications for a broad range of applications.
The gathered information is exfiltrated to a Firebase Realtime Database URL, and the malware can also download and process image data from a specified URL, which could potentially allow it to fetch and execute other malicious payloads.
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
A summary of this article: You might think that you no longer need it. Someone else finds it and decides that it's what they have been looking for. The article is an interesting read, so, yes, I am not giving you an excerpt.
Have fun reading!
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
Why would anyone spend so much time developing a tool that can wreak havoc on a computer system? Please, help me understand. Despite being a RAT, the article explains that it also functions as ransomware.
From the article:
The NonEuclid RAT exemplifies the increasing sophistication of modern malware, combining advanced stealth mechanisms, anti-detection features, and ransomware capabilities.
Its widespread promotion across underground forums, Discord servers, and tutorial platforms demonstrates its appeal to cyber-criminals and highlights the challenges in combating such threats.
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks
Are you surprised after reading the article's title? I am not. I mean, when cyber criminals find a bug in widely used software, they can wreak unimaginable havoc that can leave anyone speechless.
From the article:
The company said it became aware of the latest vulnerability after its Ivanti Integrity Checker Tool (ICT) flagged malicious activity on some customer appliances.
In an advisory post published on Wednesday, Ivanti confirmed threat actors were actively exploiting CVE-2025-0282 “as a zero-day,” which means the company had no time to fix the vulnerability before it was discovered and exploited.
New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption
When malware takes security inspiration from secure software, we can discover two things: how easy it is to compromise the software or how it will be a painful and time-consuming effort for anyone who thinks about breaking it.
From the article (emphasis mine)
The new variant is notable for removing a Russian language check used to prevent infections of Macs that had set Russian as the default system language. Dropping the feature alludes to the possibility that the threat actors are looking to cast a wider net of potential targets.
Another crucial update is the use of a string encryption algorithm from Apple's XProtect antivirus engine to obfuscate the plaintext strings used in the original version of Banshee Stealer.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)