Xlabs_v1 botnet exploits ADB port 5555 to recruit IoT devices, enabling 21 DDoS methods and bandwidth-tiered attacks on gaming servers
Category: cybercrime/malcode
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites.
The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a real-time proxy between the victim and the legitimate ManageWP service.
ManageWP is a centralized remote administration platform for WordPress websites, enabling users to manage multiple sites from a single panel instead of logging into separate dashboards. Common users include web developers, web agencies managing client sites, and enterprises.
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version.
“Within less than 12 hours of identifying the issue, we were able to implement a solution. Based on our current findings, the issue was limited to the free DAEMON Tools Lite version and did not affect any of our other products,” Disc Soft told BleepingComputer.
“We have not identified evidence supporting claims that all DAEMON Tools users were impacted, and at this stage, we are not in a position to confirm any impact on paid versions customers. Our current analysis indicates that DAEMON Tools Pro and DAEMON Tools Ultra were not affected and absolutely safe.”
New stealthy Quasar Linux malware targets software developers
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers’ systems with a mix of rootkit, backdoor, and credential-stealing capabilities.
The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and Kubernetes. This could enable supply-chain attacks where the threat actor publishes malicious packages on code distribution platforms.
Researchers at cybersecurity company Trend Micro analyzed the QLNX implant and found that “it dynamically compiles rootkit shared objects and PAM backdoor modules on the target host using gcc [GNU Compiler Collection].”
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices.
The malware was discovered in an intrusion that was active since at least January and researchers believe the threat actor’s purpose was to steal credentials and temporary passcodes.
Microsoft Phone Link comes installed on Windows 10 and 11, and allows using the computer to make and take calls, respond to texts, or view notifications received on the mobile device (Android and iOS).
Vimeo data breach exposes personal information of 119,000 people
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned.
Vimeo is a video hosting and streaming platform publicly traded on the Nasdaq stock market, with over 300 million registered users and over 1,100 employees, and reported revenues of $417 million for FY2024.
The company disclosed on April 27 that customer and user data had been accessed without authorization following a recent breach at Anodot, a data anomaly detection company.
AI fails to make inroads with cybercriminals, study finds
Cybercriminals have been struggling to adopt AI in their work, reports the first-of-its-kind study that analyzed a dataset of 100 million posts from underground cybercrime communities. The study is published on the arXiv preprint server.
In reality, most cybercriminals—often referred to as hackers—lack the skills or resources to support real innovation within their criminal activities, experts say.
No digital content is safe from generative AI, researchers say
A research team led by Virginia Tech cybersecurity expert Bimal Viswanath has found a critical blind spot in today’s image protection techniques designed to prevent bad actors from stealing online content for unauthorized artificial intelligence training, style mimicry, and deepfake manipulations. The study is published on the arXiv preprint server.
The research team found that attackers can defeat existing security using off-the-shelf artificial intelligence (AI) models and simple commands. Furthermore, “There is currently no foolproof, mathematically guaranteed way for users to protect publicly posted images against an adversary using off-the-shelf GenAI models,” Viswanath said.
The work was presented at the fourth IEEE Conference on Secure and Trustworthy Machine Learning, in Munich, Germany. The authors include Viswanath, doctoral students Xavier Pleimling and Sifat Muhammad Abdullah, Assistant Professor Peng Gao, Murtuza Jadliwala of the University of Texas at San Antonio, and Gunjan Balde and Mainack Mondal of the Indian Institute of Technology, Kharagpur.
