SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures
In this blog entry, TrendAI™ Research examines a wave of phishing emails observed in May 2026 that targeted Japanese accommodation facilities using Booking.com, detailing the victims, attack techniques used, and characteristics of the malware involved.
The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
Video of Industry Figures Harvested During Meetings and Used to Lure Future VictimsNorth Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people for future lures.
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023
Bitcoin Joining Fee for Affiliates and No Proven Victims Cited by ResearchersNewcomer ransomware group 0APT is being branded a "likely scam operation," not least after a list of over 200 supposed victims turned out to be bogus, if not entirely AI-generated - never mind a 1 bitcoin joining fee for would-be affiliates and outdated crypto-locking malware.
Americans Extorted at Least 5 Firms, Earning $1 Million From a Medical Device MakerTwo American cybersecurity professionals who moonlighted as BlackCat ransomware gang affiliates pleaded guilty to using the crypto-locking malware to extort at least five victims in the United States, including a medical device maker that paid a cryptocurrency ransom worth over $1 million.
A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz researchers. But crypto-craving crims did little more than annoy defenders.…
The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]
The ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America
Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT
Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. [...]
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk
Also: Hackers Use npm Packages, MassJacker Malware and Fake $TrumpThis week, Garantex admin arrested, hackers used npm packages to steal crypto data and deployed MassJacker malware to steal coins, infected victims with $Trump lures. Also, U.S. authorities seized hacked Ripple funds and a California warning about scams.
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer