phishing emails Archives

TrendTechie

August 8, 2025

Троян Efimer крадет криптовалюту через торренты и сайты на WordPress

A new Trojan named Efimer has been identified, which can alter cryptocurrency wallet addresses in the clipboard, redirecting funds to cybercriminals. Efimer spreads primarily through compromised WordPress sites and phishing emails. Once installed, it can disable Windows Defender, install a Tor client, and capture seed phrases and wallet addresses. It targets Windows users globally, particularly those in Brazil, Russia, India, Spain, Germany, and Italy. The Trojan primarily targets wallets holding Bitcoin, Ethereum, Monero, Tron, and Solana, but may expand to other cryptocurrencies. To protect against Efimer, users are advised to use reliable security solutions, create strong passwords, enable two-factor authentication, avoid downloading files from unverified sources, and not store seed phrases in plain text.

Tech Optimizer

July 15, 2025

VPN vs Antivirus 2025: Which Protects Your Finances Better?

In 2025, finance professionals face significant cybersecurity challenges due to evolving cyber threats. A VPN (Virtual Private Network) secures internet connections and encrypts data, while antivirus software detects and neutralizes malware and phishing attempts. For optimal protection, it is recommended to use both tools. A VPN masks IP addresses, encrypts sensitive transactions, prevents data harvesting on public Wi-Fi, and shields browsing from tracking. Antivirus software detects malware, blocks phishing emails, prevents keyloggers, quarantines infected files, and offers real-time threat detection, but does not encrypt internet connections. The comparison shows that a VPN encrypts internet traffic and hides IP addresses, while antivirus software prevents phishing and malware, detects keyloggers, and provides real-time threat monitoring. For financial safety, using both a VPN and antivirus is crucial, especially when accessing sensitive data on public networks or dealing with potentially harmful downloads. Common scenarios include using a VPN for banking on hotel Wi-Fi, requiring antivirus for suspicious downloads, and needing both tools for trading crypto on public Wi-Fi. Relying on one tool alone is insufficient, as a VPN does not protect against malware, and antivirus does not secure internet traffic.

Tech Optimizer

June 27, 2025

ClickFix fake error message malware spikes over 500%, takes second place as the most abused attack vector

The ClickFix attack vector has increased by 517% since the latter half of 2024, becoming the second most exploited method for cyberattacks, following phishing. Hackers are using ClickFix to deploy various infostealing malware, including Lumma Stealer, VidarStealer, StealC, and Danabot. The ClickFix mechanism involves a counterfeit reCAPTCHA that misleads users into executing harmful Powershell commands. This method is primarily spread through phishing emails directing users to fraudulent websites. ESET’s Threat Report indicates that SnakeStealer has surpassed Agent Tesla as the most frequently detected infostealer, targeting businesses in the US and EU for credential theft. The ransomware landscape has been disrupted by internal conflicts among groups, with DragonForce launching defacement campaigns against other ransomware entities. On mobile devices, Kaleidoscope infections have caused a 160% increase in Android adware detections, and the SparkKitty malware has been found in both the Apple App Store and Google Play Store. Kaleidoscope generates revenue through intrusive ads while infecting devices with a malicious app from third-party stores.

Tech Optimizer

June 24, 2025

Why Every File Demands Sanitization

Zero Trust addresses the issue of misplaced trust in cybersecurity, particularly the assumption that files from known senders are safe. This assumption can lead to security breaches, as malware can be hidden in documents from internal employees, vendors, or customers. Familiar interactions often bypass essential security checks, creating vulnerabilities. Security tools may fail to detect modern threats, which can evade traditional defenses. Compromised accounts and infected devices can introduce risks regardless of the sender's identity. To mitigate these risks, Votiro's solution cleanses every file using Content Disarm and Reconstruction (CDR) technology, removing harmful elements while maintaining functionality. Votiro's approach ensures that file security does not disrupt business operations, providing a seamless and efficient solution for organizations.

Tech Optimizer

June 9, 2025

Cryptostealing Malware Found in Printer Software Highlights Growing Supply Chain Threat

A cybersecurity incident involving Procolored printers revealed vulnerabilities in everyday hardware, as users may have downloaded malware capable of stealing cryptocurrencies like Bitcoin. Tech content creator Cameron Coward reported an antivirus alert linked to Procolored printer software, prompting an investigation by G Data researchers who found malicious code in installation files on the manufacturer's website. The identified threats included a remote access tool (Win32.Backdoor.XRedRAT.A) and a cryptocurrency wallet stealer (MSIL.Trojan-Stealer.CoinStealer.H). Compromised files were last updated in October 2024 and distributed through official channels. The company initially denied the issue but later removed the downloads from their website in May 2025 and acknowledged the malware might have been introduced via USB transfers. An analysis of an attacker’s wallet showed a total of 9.3 BTC accumulated across 330 transactions before it was emptied. Cybersecurity experts recommend that users conduct antivirus scans and consider reformatting drives and reinstalling operating systems if infections are suspected.

Tech Optimizer

May 29, 2025

Xanthorox, the AI that promotes itself as an easy resource for committing cybercrimes

Xanthorox is an AI developed in 2023 by an anonymous creator, claiming to surpass WormGPT and EvilGPT. It promotes itself as a tool for illicit online activities, offering features like ransomware creation, deepfake generation, phishing email production, and malware development. The AI operates on open-source models without typical security measures, allowing for unregulated content generation. Its pricing includes a free tier for limited features and negotiable rates for full access. Security experts note that while Xanthorox is effective, its actual impact on large-scale cybercrime is uncertain. The legality of Xanthorox stems from its open-source nature, which allows for its use as long as it does not violate laws, although using it for illegal activities remains unlawful.

Tech Optimizer

May 29, 2025

Antivirus alone won’t protect you: The real danger is social engineering

Social engineering is a manipulation tactic that exploits human trust to obtain sensitive information or access, posing a significant cybersecurity threat. Unlike traditional cyber threats that rely on malware, social engineering targets individuals through deception, often invoking emotions like fear or urgency. Common examples include fraudulent phone calls, phishing emails, and deceptive text messages. Antivirus software primarily protects against malware but is ineffective against social engineering attacks, which do not involve malicious code. The consequences of falling victim to such attacks can include financial losses, identity theft, and compromised networks. Effective defenses against social engineering include skepticism towards unsolicited contact, verifying requests independently, never disclosing sensitive information, using strong passwords, and enabling two-factor authentication. Awareness and education are crucial in combating these threats.

Winsage

May 28, 2025

All Windows users must ‘watch out’ and delete ‘Microsoft’ updates now

Windows 10 and Windows 11 users are experiencing a rise in phishing emails that appear to be from Microsoft, according to Action Fraud, the UK's national fraud and cybercrime reporting center. Over 250 users have reported receiving fraudulent messages claiming their devices are infected with malware, often encouraging them to click on malicious links. These emails may look credible, sometimes using legitimate Microsoft addresses. Action Fraud advises users to verify messages directly with organizations using official contact details and warns that legitimate institutions will never request personal information via email. Microsoft also states it does not send unsolicited emails or calls for personal information and recommends downloading software only from official sources.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.