From a Fake AnyDesk Installer to MetaStealer

A recent attack mimicking ClickFix tactics used a fake AnyDesk installer to deploy MetaStealer. The infection chain involved a fake Cloudflare Turnstile lure, Windows search protocol, and an MSI package disguised as a PDF. Unlike traditional ClickFix attacks, this variant redirected users to Windows File Explorer instead of the Run dialog box. The attack cleverly grabbed the victim's hostname and ultimately aimed to drop MetaStealer, a commodity infostealer known for harvesting credentials and stealing files. This incident highlights the evolving nature of social engineering attacks and the need for updated security measures and user education.

Pulse ID: 68b2bfe8d3d1e1257af3bb2f
Pulse Link: https://otx.alienvault.com/pulse/68b2bfe8d3d1e1257af3bb2f
Pulse Author: AlienVault
Created: 2025-08-30 09:10:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #Cloud #CyberSecurity #Education #ICS #InfoSec #InfoStealer #MetaStealer #Mimic #OTX #OpenThreatExchange #PDF #SocialEngineering #Windows #bot #AlienVault

SpyNote Malware Analysis

This analysis reveals the resurgence of SpyNote, a potent Android RAT, distributed through deceptive websites mimicking Google Play Store. The malware employs sophisticated techniques for surveillance, data exfiltration, and remote control. Recent changes include minor IP resolution adjustments and enhanced anti-analysis measures in the APK dropper. SpyNote's capabilities include keylogging, camera and microphone control, and abuse of Android's Accessibility Services. The threat actor demonstrates persistence and limited technical adaptability, targeting consumers broadly with lures mimicking popular applications. Key technique changes involve dynamic payload decryption, DEX element injection, and obfuscation of C2 logic. The campaign underscores the ongoing threat of mobile RATs and the need for vigilance against social engineering tactics.

Pulse ID: 68af30b824b7695dad2b9796
Pulse Link: https://otx.alienvault.com/pulse/68af30b824b7695dad2b9796
Pulse Author: AlienVault
Created: 2025-08-27 16:22:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #Android #CyberSecurity #Google #GooglePlay #ICS #InfoSec #Malware #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #SpyNote #bot #AlienVault

Auf der @connichi könnt ihr bei mir auch Cartridge Mimics adoptieren.

Bänder sind in der Mache.

#mbart #conartist #fun #mimic @connichi

Pressure on Ukraine and Poland Continues

Recent analysis reveals two clusters of malicious archives targeting Ukraine and Poland since April 2025, linked to UAC-0057 (also known as UNC1151, FrostyNeighbor or Ghostwriter). The infection chains aim to collect system information and deploy implants for further exploitation, using readily available tools for obfuscation and packing. The threat actor's toolset and practices have evolved, including the use of Slack for C2 communication and transitions to new top-level domains for infrastructure. The campaigns consistently target Ukraine and Poland, with potential expansion to other European countries. Notable tactics include weaponized XLS spreadsheets with obfuscated VBA macros, C# and C++ downloaders, and infrastructure mimicking legitimate websites.

Pulse ID: 68a608149b6007f9dbbed519
Pulse Link: https://otx.alienvault.com/pulse/68a608149b6007f9dbbed519
Pulse Author: AlienVault
Created: 2025-08-20 17:38:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Europe #ICS #InfoSec #Mac #Mimic #OTX #OpenThreatExchange #Poland #UK #Ukr #Ukraine #bot #AlienVault

AI can be trained to perform care. In practice, many of these systems still miss the safeguards that keep people safe.
In Safety Theatre, I look at how simulated empathy in AI tools can expose people to greater risk. From now on posts will go out weekly rather than every few days, so the pace is sustainable.

https://medium.com/@Diogo_Mendes/safety-theatre-534283e1407c

#AI #artificialintelligence #tech #care #emotionalintelligence #claude #mimic #future #machinelearning #data #blog #ethics

Fake Tesla Websites Scams

A recent scam involves fake Tesla websites advertised through Google paid ads, targeting potential customers interested in preordering the Optimus robot. These fraudulent sites mimic Tesla's official website design and offer non-existent preorders for various Tesla products, including the Optimus robot. The scam aims to collect $250 non-refundable deposits and potentially steal credit card information. Multiple fake domains have been identified, with some already taken offline. The fraudulent sites lack login functionality and may redirect users to fake authentication pages. Tesla is likely monitoring and requesting takedowns of these sites. The scam exploits the anticipation surrounding Tesla's future products and may go unnoticed until expected delivery dates.

Pulse ID: 6899074649af6129a0cfbb66
Pulse Link: https://otx.alienvault.com/pulse/6899074649af6129a0cfbb66
Pulse Author: AlienVault
Created: 2025-08-10 20:55:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CreditCard #CyberSecurity #Google #InfoSec #Mimic #OTX #OpenThreatExchange #Tesla #bot #AlienVault

GenAI Used to Impersonate Brazil's Government Websites

Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to create phishing templates that closely mimic official Brazilian government websites, such as the State Department of Traffic and Ministry of Education. These malicious replicas are boosted in search results using SEO poisoning techniques. The phishing pages collect sensitive personal data, including CPF numbers and addresses, validating the information through APIs to build credibility. The ultimate goal is to trick victims into making payments via Pix, Brazil's instant payment system. Technical analysis reveals AI-generated source code signatures, including TailwindCSS styling, explanatory comments, and non-functional elements. The campaign demonstrates the evolving sophistication of phishing attacks empowered by generative AI tools.

Pulse ID: 6896279970e62c2bef3c1a32
Pulse Link: https://otx.alienvault.com/pulse/6896279970e62c2bef3c1a32
Pulse Author: AlienVault
Created: 2025-08-08 16:36:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Education #Government #InfoSec #Mimic #NATO #OTX #OpenThreatExchange #Phishing #RAT #RCE #SEOPoisoning #bot #AlienVault

AI-Powered Phishing Scams and Efimer Trojan has Affected Over 5000 Victims

Cybercriminals are using generative AI tools like DeepSite AI and BlackBox
AI to create highly convincing phishing websites mimicking government
agencies.

Pulse ID: 6896539bec8df85f039c93df
Pulse Link: https://otx.alienvault.com/pulse/6896539bec8df85f039c93df
Pulse Author: cryptocti
Created: 2025-08-08 19:44:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Government #InfoSec #Mimic #OTX #OpenThreatExchange #Phishing #RAT #Trojan #bot #cryptocti