Problem with the pulse-sms deb package #phone #sms

https://askubuntu.com/q/1567892/612

¿Cómo te roba 5.000 euros un SMS que aparece en el hilo de tu banco? #Estafa #Smishing #Ciberseguridad #GuardiaCivil #FraudeBancario #SMS #BancaOnline #SeguridadDigital #AlertaEstafa #Madrid #España #felizdomingo #21dejunio

https://donporque.com/estafa-sms-banco/

OXLOADER: new loader evading detection to drop infostealer

A previously undocumented Windows loader designated as OXLOADER delivers the CASTLESTEALER infostealer through malicious Google Ads campaigns, achieving remarkably low detection rates. The loader employs multiple obfuscation layers including control-flow flattening, opaque predicates, and mixed Boolean-Arithmetic techniques, along with self-modifying decryption stubs and abuse of the Windows .reloc section for shellcode staging. Distribution occurs via malvertising impersonating Node.js installations, redirecting victims through intermediary domains to Storj-hosted batch scripts. The loader implements five anti-VM and language checks, including CIS-region and Russian-language exclusions, suggesting a financially motivated Russian-speaking threat actor. OXLOADER uses DonutLoader to deliver the .NET-based CASTLESTEALER payload in memory, evading traditional detection mechanisms through deliberate engineering choices.

Pulse ID: 6a34874a45b9c09ee90c0aff
Pulse Link: https://otx.alienvault.com/pulse/6a34874a45b9c09ee90c0aff
Pulse Author: AlienVault
Created: 2026-06-19 00:03:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ELF #Google #GoogleAds #InfoSec #InfoStealer #Malvertising #NET #Nodejs #OTX #OpenThreatExchange #RAT #Russia #SMS #ShellCode #Windows #XLoader #bot #AlienVault

From package to postinstall payload: Inside the Mastra npm supply chain compromise

Microsoft Threat Intelligence discovered a large-scale npm supply chain attack compromising over 140 packages in the mastra and @mastra scopes. The attack originated from takeover of the ehindero npm maintainer account, which published poisoned package versions introducing easy-day-js, a malicious typosquat of the popular dayjs library. The malicious package executed a postinstall hook that deployed an obfuscated dropper script, disabled TLS certificate verification, contacted command-and-control infrastructure at 23.254.164.92 and 23.254.164.123, and downloaded a second-stage payload. This 41KB cross-platform Node.js implant installed persistence mechanisms, performed cryptocurrency wallet inventory, exfiltrated browser history and host reconnaissance data, and on Windows performed reflective .NET assembly injection for fileless in-memory code execution. Any developer workstation or CI/CD pipeline executing npm install after compromise was potentially exposed regardless of code usage.

Pulse ID: 6a338520dd8f528ed63d76f0
Pulse Link: https://otx.alienvault.com/pulse/6a338520dd8f528ed63d76f0
Pulse Author: AlienVault
Created: 2026-06-18 05:41:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #CyberSecurity #InfoSec #Microsoft #NET #NPM #Nodejs #OTX #OpenThreatExchange #RAT #SMS #SupplyChain #TLS #Windows #bot #cryptocurrency #AlienVault

Immer wieder schön, wenn die Mitarbeiter:innen eines Vodafones-Stores [hier: Flagship] sagen, sie schickten jetzt zur Authentifizierung eine SMS. Die kommt nicht an. Und sie erklären dir minutenlang, was du falsch machst.

Problem: Die SAGEN SMS, es ist aber keine. Es ist ein Nachrichtenformat, dass nur mit Google Messenger oder Apples iMessage funktioniert, nicht aber mit SMS-Programmen wie Textra.

#Vodafone #SMS #Texting

Hmmm. For SMS and MMS only. Would be nice if all incoming phone calls had this. But of course, the loopholes lobbied-for to get that change through would destroy any effectiveness.

#phone #sms #mms #senderid #australia

Oh, look, it's the US Postal Service texting me from...Morocco? Western Sahara?

Hey, @cloudflare , you're hosting a scammer. (Do you have a number to which we can forward these directly?)

#sms #spam #scam