ALERTS SPAM
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
6.9.24 | Spammers abusing uncommon TLDs | SPAM | Symantec has recently observed a new phishing campaign being delivered from recently created domains designed to steal credentials and/or banking information. In this campaign we have observed over 200 newly registered domains, most of these domains are registered with uncommon TLDs such as '.best', '.rest' or '.shop'. The subjects and message content attempt to lure recipients in with promises of dubious health products. | |
16.8.24 | .shop gTLD becomes a new favorite to spread waves of cryptocurrency spam emails | SPAM | Lately, .shop gTLD has been heavily abused by threat actors to spread cryptocurrency spam emails. Shop gTLD (generic top-level domain) was launched in 2016 and is specially designed for online shopping or e-commerce platforms and can be used by retailers and e-commerce stores, among others. Symantec has observed persistent spam waves that entice email users to click on shortened URLs which in turn redirect to fake .shop gTLD domains hosting cryptocurrency related content. | |
16.8.24 | Spoofed Australian Taxation Office (ATO) email notifications appear in phish runs | SPAM | The Australian Taxation Office (ATO) is Government of Australia's revenue collection authority. Recently, Symantec has observed phishing attempts mimicking ATO, enticing users to open fake notification emails. The email mentions that a notice of assessment requires user's immediate attention due to an ongoing scheduled maintenance. These fraudulent emails aim to trick users into clicking on phishing URLs. Upon clicking on the phish URLs presented in the email content, the victims are served with credential harvesting webpages. | |
9.8.24 | New malspam campaigns delivering multiple Trojans | SPAM | A number of malspam campaigns were seen which delivered various Trojans by attempting to exploit an old Microsoft Office vulnerability. CVE-2017-0199 is still targeted to allow for execution of remote code from within an XLS file. The campaigns delivered a malicious XLS file with a link from which a remote HTA or RTF file would be executed to download the final payload. We observed GuLoader, Remcos RAT, and Sankeloader infostealer as payloads. | |
7.8.24 | Persistent IRATA attacks in Italy | SPAM | Their modus operandi hasn't changed much over that period; they mainly leverage malicious SMS (smishing) messages containing URL redirections to their malicious apps as the vector of infection. They constantly rotate their social engineering tactics, with Symantec having observed multiple Italian financial services being abused for masquerading purposes. | |
29.7.24 | Scammers exploit Hamster Kombat’s popularity with malicious farm bot tools | ALERTS | SPAM | With the rise in popularity of the Telegram clicker game Hamster Kombat, scamsters are increasingly targeting players. Enthusiasts are attracted by the promise of significant rewards linked to the introduction of a new cryptocoin by the game's creators. |
26.7.24 | Smishing in Japan – Utilities, financial services and shipping top lures | ALERTS | SPAM | Smishing, or SMS phishing, is increasingly becoming a favored tactic for cybercriminals due to the widespread use of mobile devices and generally high open rates of SMS messages compared to emails. Campaigns continue to proliferate around the world, and in some countries such as Japan, they are increasing exponentially with actors using utilities, financial services, and shipping as top lures. |
18.7.24 | Specially crafted HTML files allow for abuse of Windows search | ALERTS | SPAM | Attackers have been recently observed abusing Windows search in order to redirect users to malware. The attack begins by sending the targets malspam with specially crafted HTML files that are designed to abuse the built-in Windows search functionality, once these files are opened they redirect to an externally hosted site to download malware of the attackers choice. |
15.5.24 | GCash Users Targeted in Latest Smishing Scam | ALERTS | SPAM | Mobile wallets have transformed the financial landscape by providing convenience and accessibility, but they also present lucrative targets for cybercriminals as Symantec continues to observe a flurry of smishing around the world. |
| 5.4.24 | Indonesia – Wedding invites used as lure by an SMS thief | ALERTS | SPAM | In mid-2023, an actor have been observed sending SMS messages to mobile users in Indonesia, enticing them to install an application posing as a wedding invitation. Over the past few months, more of these malicious applications have been detected. The malware's primary goal is to collect SMS messages and send them to the author's Telegram channel via a Telegram bot API. |