social engineering tactics Archives

AppWizard

April 8, 2026

The FBI Warns That Foreign Cybercriminals Have Targeted Messaging App Users

Cybercriminals connected to Russian intelligence are conducting a large phishing campaign targeting messaging applications, impacting thousands of accounts worldwide. A joint advisory from the FBI and CISA reveals that these attacks focus on individuals with access to sensitive information, including government officials, military personnel, political figures, and journalists. The campaign relies on deception, with attackers impersonating official support channels on platforms like Signal, sending messages that prompt victims to click malicious links or provide confidential information. Victims who comply risk losing control of their accounts, allowing attackers to read private messages and access contact lists. This trend has been observed not only in the U.S. but also in the Netherlands, where similar tactics are used against government employees. The FBI notes that the security of the messaging apps is not the issue; rather, the vulnerability lies in human error. The rise of social engineering tactics poses a risk to both high-profile individuals and potentially everyday users, and users are advised to be cautious with unsolicited messages and not to share sensitive information.

Winsage

April 6, 2026

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.

Winsage

April 4, 2026

WhatsApp Malware Campaign Uses VBS to Hijack Windows

Microsoft has identified a cyberattack campaign that uses WhatsApp messages to distribute malicious Visual Basic Script (VBS) files targeting Windows systems. First detected in late February 2026, the campaign employs social engineering to trick users into executing the VBS files, which then create hidden directories and disguise themselves as legitimate Windows utilities. The malware downloads additional payloads from cloud platforms like AWS, Tencent Cloud, and Backblaze B2 to establish persistence and escalate privileges. It can bypass User Account Control (UAC), alter registry settings, and install malicious MSI packages, including remote access tools like AnyDesk, to maintain continuous access for attackers.

Winsage

April 2, 2026

Malwarebytes highlights Microsoft findings on WhatsApp attachments used in Windows attacks

A campaign targeting Windows users exploits WhatsApp attachments to execute a malicious .vbs script. Victims receive what appears to be a harmless attachment, which, when opened, duplicates legitimate Windows tools into a hidden folder and renames them to avoid detection. These tools are then used to download additional malware from reputable cloud services, disguising the malicious activity. The malware seeks administrator privileges by altering User Account Control settings and registry entries for persistence. It ultimately installs remote-access software and other payloads to maintain control over the compromised device. Malwarebytes recommends safety measures such as avoiding unsolicited attachments, enabling file extensions, using updated anti-malware tools, downloading software from official sites, being cautious of unexpected UAC prompts, and keeping systems updated.

Winsage

April 1, 2026

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers have identified a campaign that exploits WhatsApp attachments to infiltrate Windows machines, allowing attackers remote control. The attack uses social engineering tactics, where users receive a seemingly benign .vbs (Visual Basic Script) file that can be executed on Windows. This method does not rely on software vulnerabilities but on persuading victims to execute the malicious file. Attackers manipulate built-in Windows tools to download further malware, employing a technique known as living off the land (LOTL) to avoid detection. The malware seeks to elevate its privileges to administrator status, modifying User Account Control (UAC) prompts and registry settings for persistence. An unsigned MSI (Microsoft Installer) is deployed to establish remote-access software, granting continuous access to the compromised machine.

AppWizard

March 26, 2026

Phishing Campaign Targeting Messaging Apps’ Users

A phishing campaign targeting users of messaging applications has been reported by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). This campaign exploits human behavior rather than software vulnerabilities, leading to the compromise of thousands of accounts worldwide, despite encryption. Attackers impersonate official support accounts and use social engineering tactics to prompt users to click on malicious links, request verification codes, or suggest account recovery actions. If users comply, attackers can take control of their accounts and may deploy malware. Platforms like Signal have been specifically targeted, but the tactics can apply to various messaging applications. Recommendations for users include being cautious with suspicious messages, avoiding unknown requests, carefully checking links, monitoring group chats for fake accounts, using built-in security features, and reporting incidents promptly.

AppWizard

March 23, 2026

FBI Warns of Russian Hackers Targeting Messaging Apps – The Advocate-Messenger

The FBI has issued a warning about phishing campaigns conducted by cyber actors linked to the Russian Intelligence Services (RIS), which target commercial messaging applications (CMAs). These actors have compromised numerous individual accounts, focusing on individuals with significant intelligence value, such as U.S. government officials and journalists, without breaching the encryption of the applications. The campaigns have allowed unauthorized access to private messages, contact lists, and the ability to send deceptive messages. Users of CMAs, especially Signal, are particularly targeted. The phishing tactics involve disguising messages as communications from automated CMA support, leading victims to click malicious links or provide sensitive information. To mitigate risks, users are advised to enhance their cybersecurity measures, remain vigilant, and follow best practices such as scrutinizing links, verifying group chats, and reporting suspicious activity to the Internet Crime Complaint Center or local authorities.

AppWizard

March 23, 2026

Russian hackers hijack thousands of ‘high intelligence’ messaging app accounts, FBI warns

Hackers linked to Russian intelligence are targeting high-profile users of popular messaging applications, according to a warning from the FBI and CISA. The primary targets include U.S. government officials, military personnel, political figures, and journalists. The attackers compromise accounts to access messages and contact lists, allowing for further phishing attempts. Signal users are particularly at risk, though techniques can extend to WhatsApp and Telegram. The hackers use social engineering tactics, impersonating official support accounts to trick users into revealing sensitive information. The FBI and CISA advise users to be cautious of unexpected messages and suspicious links. Victims are encouraged to report incidents to the Internet Crime Complaint Center (IC3).

AppWizard

March 21, 2026

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

The FBI and CISA issued a joint public service announcement about Russian hackers targeting commercial messaging applications like Signal and WhatsApp. The hackers use social engineering tactics to deceive users into giving up account access, including impersonating support personnel and prompting users to click on malicious links or provide sensitive information. Although the hackers have not yet bypassed the apps' end-to-end encryption, compromised accounts can lead to serious consequences, such as reading messages and launching further phishing attacks. The agencies recommend that users enhance their cybersecurity measures to protect against these threats. This campaign is part of a broader trend to undermine the security of messaging apps, with previous warnings about spyware and attempts to infiltrate Signal users, especially in conflict zones.

AppWizard

March 20, 2026

Android’s new sideloading rules are here, and they come with a 24-hour lock!

Google has introduced a new sideloading process for Android that includes a 24-hour waiting period and multiple steps for installing apps from unverified developers. The steps are as follows: 1. Enable Developer Mode. 2. Confirm you’re not being coerced into disabling device protections. 3. Restart your phone. 4. Wait 24 hours. 5. Re-authenticate using biometric authentication or a PIN. 6. Install the app, with a warning about its unverified status. This change aims to enhance user safety and protect less experienced users from scams. The new rules will take effect in August, primarily affecting users who sideload apps from third-party sources, while those using the Play Store will not see changes. Google is also requiring app developers to verify their identities to reduce the risk of malicious applications. Exceptions exist for limited distribution apps that can be shared without full verification.