Threat Insight<p>With access to one of the largest, most diverse data sets in all of cybersecurity, Proofpoint is dedicated to tracking and reporting threat actors and their evolving TTPs. This research blog (brnw.ch/21wQMTw) is packed full of new threat insights including...</p><p>🔍 <a href="https://infosec.exchange/tags/TA2726" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TA2726</span></a> and#TA2727, two new cybercriminal threat actors who operate components of web inject campaigns.</p><p>🔍 <a href="https://infosec.exchange/tags/FrigidStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrigidStealer</span></a>, a new info stealer for Mac computers delivered alongside malware for Windows and Android hosts.</p><p>See our blog for full details, Emerging Threats signatures, and IOCs.</p><p><a href="https://infosec.exchange/tags/FakeUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeUpdates</span></a> <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a> <a href="https://infosec.exchange/tags/MacOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MacOS</span></a> <a href="https://infosec.exchange/tags/TA569" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TA569</span></a> <a href="https://infosec.exchange/tags/SocGholish" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocGholish</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;)
No bots in general. Languages: DE, EN, FR, NL, ES, IT
Administered by:
Server stats:
1.1Kactive users
nerdculture.de: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#fakeupdates
0 posts · 0 participants · 0 posts today
Brad<p>2024-12-17 (Tuesday): <a href="https://infosec.exchange/tags/SmartApeSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmartApeSG</span></a> injected script leads to fake browser update page, and that page leads to a <a href="https://infosec.exchange/tags/NetSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetSupport</span></a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> infection. </p><p>Just like my last post here, there are 2 injected scripts in a page from the compromised site, one using using depostsolo[.]biz and one using tactlat[.]xyz.</p><p>A <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pcap</span></a> of the infection traffic, associated malware samples and more information is available at <a href="https://www.malware-traffic-analysis.net/2024/12/17/index.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">024/12/17/index.html</span></a></p><p>NetSupportRAT C2 for this campaign continues to be 194.180.191[.]64 since as early as 2024-11-22.</p><p><a href="https://infosec.exchange/tags/FakeUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeUpdates</span></a> <a href="https://infosec.exchange/tags/NetSupportRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetSupportRAT</span></a></p>
Jérôme Segura<p>There's a new player in the 'fake updates' arena. Thanks to <span class="h-card" translate="no"><a href="https://infosec.exchange/@rmceoin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rmceoin</span></a></span> for initially posting about it here.</p><p>Blog link: <a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/07/socgholish-copycat-delivers-netsupport-rat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malwarebytes.com/blog/threat-i</span><span class="invisible">ntelligence/2023/07/socgholish-copycat-delivers-netsupport-rat</span></a></p><p><a href="https://infosec.exchange/tags/FakeUpdates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeUpdates</span></a> <a href="https://infosec.exchange/tags/FakeSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeSG</span></a> <a href="https://infosec.exchange/tags/SocGholish" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocGholish</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload