New phishing attack features weaponized Excel file
A new phishing campaign is targeting employees in the financial services industry using links that download what experts are describing as a ‘weaponized’ Excel document.
Named as MirrorBlast, the phishing campaign was detected by the security firm ET Labs in early September this year. According to ZDNet, a fellow security firm Morphisec has now analysed the malware and notes the malicious Excel files could bypass malware-detection systems because it contains “extremely lightweight” embedded macros. This apparently makes the malware particularly dangerous for organisations that rely on detection-based security and sandboxing to detect such attacks as it can be bypassed.
FluBot Adroid malware spreading
A new Android malware called Flubot has been spreading rapidly in Europe this year and is also likely to spread elsewhere in the world.
FluBot steals passwords and login information to your online accounts, personal details, and banking information. The information is used to make payments (or in other words: steal your money), account takeover and online identity theft. FluBot also sends SMS messages to new victims and spreads itself further. All of this is done without the users’ knowledge. FluBot has so far been detected mostly in European countries. It’s likely to spread also to the rest of the world if the threat actors behind it aren’t stopped.
BitCoin subjected to scams after cyber attack
BitCoin.org cryptocurrency was taken down last month after a cyber attack that took control of the organisation’s domain in a scam that promised individuals to have their money doubled if they sent cash to BitCoin. According to CoinDesk, the scam messaging was sent to the first 10 000 participants and the false promises of doubling one’s funds were offered after users sent an initial amount to a wallet address via QR code. And that this resulted in the giveaway scam’s address receiving over $17,700 in small transactions at the time, according to the bitcoin explorer blockchain.com. BitCoin managed to recover from the attack and was operational again on the same day but a few days later was apparently hit by a massive DDoS attack according to CoinDesk.