Identity-based attacks
Key Questions
What is Rokarolla Android trojan and what does it target?
Rokarolla is a new Android banking trojan targeting 217 banking and cryptocurrency apps with 137 commands for device takeover. It poses a significant mobile threat according to Zimperium research.
How are ClickFix campaigns evolving?
ClickFix lures now use fake audio files, CAPTCHA prompts, and three new loaders (BabaDeda, Lorem Ipsum, Potemkin) delivered via compromised WordPress sites. Threat actors also abuse claude.ai shared chats, affecting over 2,000 victims.
What phishing service did the FBI disrupt?
The FBI, with Google and partners, dismantled 'Outsider Enterprise,' an AI-powered phishing-as-a-service operation. The takedown targeted large-scale credential theft campaigns.
Which messaging system was breached via social engineering?
France's government Tchap secure messaging platform was compromised, exposing 73K users and 643K messages. The breach relied on social engineering tactics.
What malware is delivered through Microsoft Account Security Alert lures?
Python-based NarwhalRAT malware attributed to ScarCruft is being delivered via fake Microsoft Account Security Alert emails. It joins other fileless stealers like Phantom targeting browser credentials.
MFA bypass, social engineering, token theft. Rokarolla Android banking trojan targets 217 banking/crypto apps with 137 commands – significant mobile threat. Hackers use Microsoft Account Security Alert lures to deliver Python-based NarwhalRAT malware (ScarCruft). Hola VPN abuse – legitimate P2P proxy service hijacked for malware delivery (Darktrace). ClickFix campaigns evolving with fake audio files and CAPTCHA prompts; expands with three new loaders (BabaDeda, Lorem Ipsum, Potemkin) and modular delivery chains; pivot from signed installers to compromised WordPress sites. Social media video scams (TikTok/Instagram tutorials) emerging as malware delivery vector. French government Tchap secure messaging system breached via social engineering – 73K users, 643K messages exposed. Fileless Phantom Stealer targets browser credentials via multi-channel exfiltration – MaaS, heavily obfuscated, targeting banks. Threat actors abuse claude.ai shared chat for ClickFix lures – 2,000+ victims. FBI disrupts AI-powered phishing service 'Outsider Enterprise' – takedown with Google and partners.