Cybersecurity researchers are sounding the alarm on a dual-pronged threat targeting Brazil. In one campaign, threat actors are leveraging legitimate generative AI tools to create highly convincing phishing pages of Brazilian government agencies to trick users into making payments. These fraudulent sites are boosted with SEO poisoning to appear in top search results. Simultaneously, a separate malspam campaign is distributing the Efimer trojan, a potent malware designed to steal cryptocurrency, which has already impacted over 5,000 users.
A sophisticated blend of propagation methods, clever narratives, and advanced evasion techniques has fueled the rise of the social engineering tactic known as ClickFix over the past year, according to new research from Guardio Labs. Security researcher Shaked Chen notes that this new strain has rapidly outpaced the infamous fake browser update scam. 'Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year,' Chen stated. 'It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure.' The result is a widespread wave of infections, ranging from mass drive-by attacks to highly targeted spear-phishing campaigns. First detected in early 2024, ClickFix deceives targets into compromising their own systems under the guise of fixing a fake problem or completing a CAPTCHA verification, leading to cross-platform infections on both Windows and macOS.
A massive, AI-driven scam campaign codenamed 'ClickTok' is targeting TikTok Shop users worldwide. Cybersecurity firm CTM360 reports that threat actors have created over 15,000 fake TikTok Shop domains to execute a dual-pronged attack involving phishing and malware distribution. The campaign leverages AI-generated videos and fake influencer promotions on Meta platforms to lure victims to these lookalike sites. Once there, users are tricked into entering credentials on phishing pages or downloading a trojanized TikTok app. This malicious app contains the SparkKitty malware, a cross-platform threat designed to steal sensitive data, including cryptocurrency wallet seed phrases from screenshots on both Android and iOS devices. The scam's primary goals are financial, using fake product listings, fraudulent crypto payments, and credential theft to exploit both buyers and affiliate sellers on the popular e-commerce platform.
A state-sponsored threat actor, CL-STA-0969, has been targeting telecommunications organizations in Southeast Asia in a sophisticated espionage campaign lasting 10 months. According to Palo Alto Networks Unit 42, the attackers focused on critical telecom infrastructure between February and November 2024. The campaign is notable for its high operational security (OPSEC) and the deployment of specialized tools like Cordscan to collect mobile device location data. While the group gained remote control over compromised networks, researchers found no evidence of data exfiltration. The actor shares significant overlaps with the China-nexus group Liminal Panda, indicating a calculated and persistent effort to maintain stealthy access to sensitive networks.
Over 2.3 million Chrome and Edge users were compromised by 18 malicious browser extensions in the RedDirection campaign. Learn about the Trojan threat, affected extensions, and how to protect yourself.
