Phishing Archives - CyberConvoy Blog

Fake WordPress security advisory pushes backdoor plugin

Upon installation, the plugin creates a hidden admin user named 'wpsecuritypatch' and sends information about the victim to the attackers' command and control server (C2)

5 December

Octo Tempest is one of the most dangerous financial hacking groups

After becoming an ALPHV/BlackCat affiliate, Octa Tempest deployed the ransomware both to steal and encrypt victim data

27 October

Bing Chat responses infiltrated by ads pushing malware

The malvertizing campaign was created by someone who hacked into the ad account of a legitimate Australian business to create two malicious ads targeting system admins

1 October

Ransomware access broker steals accounts via Microsoft Teams phishing

In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file

12 September

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

The harvested data, which could also contain credentials and valuable intellectual property, is ultimately transmitted to the server in the form of a ZIP archive file

4 August

Threat actors abuse Google AMP for evasive phishing attacks

The AMP URLs trigger a redirection to a malicious phishing site, and this additional step also adds an analysis-disrupting layer

2 August

GitHub warns of Lazarus hackers targeting devs with malicious projects

The hacking group has a long history of targeting cryptocurrency companies and cybersecurity researchers for cyberespionage and to steal cryptocurrency

21 July

New tool exploits Microsoft Teams bug to send malware to users

The feat is possible because the application has client-side protections that can be tricked into treating an external user as an internal one just by changing the ID in the POST request of a message

8 July