#infostealer-maas

#infostealer-maas

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

British identity packages, including an ID scan, a selfie, and a dossier of personal data, can be purchased by criminals on the dark web for as little as 30, new research suggests. As identity theft continues to rise, experts have discovered the sale of national identity documents, driving licences, credit card details and 2,000 UK frequent traveller passports. The information can be exploited in multiple ways and used to apply for credit cards, mortgages, car loans, or to open bank accounts.

Tycoon 2FA, a Phishing-as-a-Service (PhaaS) platform, enabled thousands of cybercriminals to steal login credentials and session tokens. Even accounts secured with MFA could be compromised via a single email. The service had been active since at least 2023 and quickly grew to become one of the most widely used phishing platforms in the world.

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details.

A core part of the resurgence is the use of CastleLoader, a separate piece of malware that's installed initially. It runs solely in memory, making it much harder to detect than malware that resides on a hard drive. Its code is heavily obfuscated, making it hard to spot its malice even when malware scanners can see it. CastleLoader also provides a flexible and full-featured command-and-control communication mechanism that users can customize to meet their specific needs.

In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team."