hackers Archives

Tech Optimizer

June 17, 2025

Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT

Threat actors are using a fileless variant of AsyncRAT, targeting German-speaking individuals with a deceptive verification prompt. This prompt misleads users into executing harmful commands. The malware employs obfuscated PowerShell scripts to operate in memory without creating files on disk, complicating detection by antivirus solutions. The attack begins with a fake verification page prompting users to click "I’m not a robot," which copies a malicious command to the clipboard. This command uses conhost.exe to run a hidden PowerShell instance that retrieves a payload from a remote server. The malware establishes a connection to a command-and-control server and maintains persistence through registry keys, enabling remote control and data exfiltration. Key tactics include stealth execution, in-memory C# compilation, and TCP-based communication over non-standard ports. The campaign has been active since at least April 2025. Indicators of Compromise (IOCs) include: - IP: 109.250.111[.]155 (Clickfix Delivery) - FQDN: namoet[.]de (Clickfix / C2 Server) - Port: 4444 (TCP Reverse Shell Listener) - URL: hxxp[:]//namoet[.]de:80/x (PowerShell Payload) - Registry (HKCU): SOFTWAREMicrosoftWindowsCurrentVersionRunOncewindows (Persistence on Boot) - Registry (HKCU): SOFTWAREMicrosoftWindows NTCurrentVersionWindowswin (Holds Obfuscated Command)

Tech Optimizer

June 14, 2025

Hackers are sneaking malware into your browser using Google’s link, and antivirus software can’t stop it

A new browser-based malware campaign exploits trusted domains like Google.com to bypass traditional antivirus defenses. The malware operates through an e-commerce site using a manipulated Google OAuth logout URL, which executes an obfuscated JavaScript payload. This script activates silently during checkout or when the browser appears automated, opening a WebSocket connection to a malicious server. Payloads are dynamically executed using JavaScript, enhancing the threat's effectiveness. The attack evades detection by many antivirus programs due to its obfuscation and conditional activation. DNS filters and firewall rules offer limited protection since the initial request goes to a legitimate domain. Advanced users may use content inspection proxies or behavioral analysis tools to detect anomalies, but average users remain vulnerable. Recommendations to mitigate risks include limiting third-party scripts and maintaining separate browser sessions for financial transactions.

Tech Optimizer

June 13, 2025

‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI

A new strain of Windows malware called "BrowserVenom" is exploiting interest in DeepSeek's AI models by targeting users through deceptive Google ads. These ads lead to a counterfeit website, "https[:]//deepseek-platform[.]com," where users are tricked into downloading a harmful file named “AILauncher1.21.exe.” This malware monitors and manipulates internet traffic, allowing attackers to intercept sensitive data. The operation is believed to involve Russian-speaking threat actors, and the malware has infected users in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The fraudulent domain has been suspended, but the malware can evade many antivirus solutions. Users are advised to verify official domains when downloading software.

Winsage

June 11, 2025

A worrying Windows SecureBoot issue could let hackers install malware – here’s what we know, and whether you need to update

Researchers at Binarly have identified a critical vulnerability in a widely trusted BIOS update utility that operates on most modern systems using UEFI firmware. This utility, signed with Microsoft’s UEFI CA 2011 certificate, contains a flaw that could be exploited by malicious actors to disable essential security measures and install bootkit malware on personal computers. Microsoft addressed the issue by including a fix in its June 2025 Patch Tuesday cumulative update. The UEFI Secure Boot process is crucial for maintaining system integrity by verifying the authenticity of bootloaders and operating systems.

AppWizard

June 11, 2025

Experts warn GTA and Minecraft being used to lure in cyberattack victims – here’s how to stay safe

Cybersecurity experts have reported a significant increase in game-themed malware targeting the gaming community, especially younger players. From April 1, 2024, to March 31, 2025, there were over 19 million attempts to download malicious files disguised as popular games, affecting around 400,000 individuals globally. Grand Theft Auto V (GTA V) was the most targeted game, with nearly 4.5 million attack attempts, followed by Minecraft with 4.1 million, Call of Duty (CoD) with 2.6 million, and The Sims with 2.4 million. Cybercriminals exploit established games and lure victims with fake offers, often leading to infostealers, cryptocurrency hijackers, backdoors, and Trojans. Kaspersky advises gamers to avoid pirated content and be cautious of suspicious offers.

Winsage

June 10, 2025

APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A cyberattack campaign by the advanced persistent threat group Stealth Falcon targeted a prominent Turkish defense company using a zero-day vulnerability identified as CVE-2025-33053. This vulnerability allowed attackers to manipulate the working directory of legitimate Windows tools to execute malware from their WebDAV servers. The attack was initiated through a spear-phishing email containing a malicious .url file that directed the system to a legitimate Internet Explorer utility, which was then exploited to execute malicious files. The attackers employed process hollowing to bypass traditional defenses. Stealth Falcon, also known as FruityArmor, has been conducting cyber espionage since at least 2012, targeting government and defense sectors in Turkey, Qatar, Egypt, and Yemen. The attack involved a multi-stage infection chain leading to the deployment of "Horus Agent," a custom implant designed for advanced reconnaissance and equipped with anti-analysis techniques. Researchers identified additional custom tools used by Stealth Falcon, including a DC Credential Dumper and a custom keylogger. The group utilizes repurposed legitimate domains to blend their infrastructure with legitimate traffic, complicating detection efforts.

Winsage

June 6, 2025

Microsoft tells Windows 10 users: Upgrade to Windows 11 or risk your security

Windows 10 support will end in October 2025, leaving users without free security updates, new features, or technical assistance. Microsoft is encouraging users to upgrade to Windows 11, which offers enhanced security features, through advertising campaigns. Windows 11 requires a Trusted Platform Module (TPM) 2.0, which has frustrated some users with older PCs. Microsoft has introduced an extended support program for Windows 10, with costs starting at over ₹5,000 for the first year and increasing to over ₹20,000 by the third year per device.

Tech Optimizer

June 4, 2025

Do I need an antivirus and a VPN?

Reliance on antivirus software for device protection is common, but certain threats, especially ransomware, can bypass even the best solutions. Cybercriminals have shifted tactics from encrypting data for ransom to exfiltrating sensitive information and threatening to leak it. The availability of ransomware kits and the use of AI by attackers have made cybercrime more accessible and targeted. Remote work environments increase vulnerabilities, as hackers exploit unsecured networks and personal devices. Antivirus software can help protect against malware and viruses, but built-in solutions often lack comprehensive security. A high-quality antivirus program can enhance protection through advanced features and AI. A Virtual Private Network (VPN) encrypts data and secures internet traffic, making it a valuable tool for cybersecurity. Implementing a VPN is cost-effective compared to potential data breach costs. Using both a VPN and antivirus software is essential for comprehensive coverage, as they address different security aspects. Businesses may need advanced endpoint protection solutions for heightened security, which continuously scans for suspicious behavior and integrates multiple security features. Despite these tools, proper personal practices and cybersecurity awareness are crucial to minimize vulnerabilities and human error, which is a leading cause of cyberattacks.

Tech Optimizer

June 3, 2025

Misspell one word and you’re infected: New malware campaign fools developers on both Windows and Linux

Cybersecurity experts have highlighted the risks of typosquatting, where developers accidentally download malicious packages due to typographical errors. A report from Checkmarx reveals that attackers exploit this trust by creating counterfeit packages that can grant unauthorized access to systems. Malicious packages have been found in the Python Package Index (PyPI) and can enable remote control, posing serious threats to system integrity. Attackers employ a cross-platform strategy, mixing names from different programming environments to target unsuspecting users. On Windows, malware can create scheduled tasks and disable antivirus protections, while on Linux, certain packages facilitate encrypted reverse shells for data exfiltration. Although the malicious packages have been removed, the threat remains, prompting developers to verify package sources and spellings. Checkmarx recommends organizations conduct audits of deployed packages and scrutinize application code to enhance security.

Tech Optimizer

June 2, 2025

Hackers Allegedly Selling Windows Crypter Claims Bypass of All Antiviruses

Underground cybercriminal forums are seeing an increase in advanced malware tools, including a Windows crypter that claims to bypass major antivirus solutions. This crypter is marketed as fully activated and capable of achieving Full Undetectable (FUD) status against contemporary antivirus engines. It employs advanced obfuscation techniques to evade detection, including code injection methods, entropy manipulation, and anti-debugging features. The tool allows for granular control over obfuscation parameters, enabling customization for specific target environments. The rise of such sophisticated evasion tools poses challenges for traditional endpoint security, making organizations vulnerable if they rely solely on signature-based antivirus solutions. To defend against these threats, organizations should adopt multi-layered security architectures, including behavioral analysis and endpoint detection and response (EDR) solutions.