Skip to main content

Tag: credential harvesting

76 articles

Phantom Stealer Emerges as Sophisticated Stealer-as-a-Service Tool

Phantom Stealer Emerges as Sophisticated Stealer-as-a-Service Tool

Imagine your entire online life being stolen and sold for just a few hundred dollars - that's the harsh reality with Phantom Stealer, a powerful and stealthy tool that's making it easy for cybercriminals to get their hands on your sensitive information. This sophisticated .NET-based stealer can harvest everything from login credentials to payment card details, putting your digital identity at risk.

Analyst 207
Cisco Hit by Alarming Code Heist After Trivy Breach

Cisco Hit by Alarming Code Heist After Trivy Breach

A shocking code heist has hit Cisco, with hackers making off with sensitive source code after infiltrating the company's internal development environment through a Trivy supply-chain attack. This brazen breach raises urgent questions about the hidden vulnerabilities lurking in today's interconnected development ecosystems.

Analyst 207
Multifaceted Phishing Scheme Stunningly Damages Bitpanda

Multifaceted Phishing Scheme Stunningly Damages Bitpanda

Thousands of Bitpanda users are reeling after a sophisticated phishing campaign spun up convincing lookalike sites—with disposable domains and SSL certificates—to harvest credentials and fuel criminal markets. The attack shows how industrialized phishing‑as‑a‑service turns takedown efforts into whack‑a‑mole, leaving customers, companies and regulators scrambling to restore digital trust.

Analyst 207
TGR-STA-1030 Exclusive: Severe Breach Hits 70 Sites

TGR-STA-1030 Exclusive: Severe Breach Hits 70 Sites

Meet TGR-STA-1030: a stealthy Asia-based espionage crew that’s quietly breached at least 70 government and critical‑infrastructure networks across 37 countries, using bespoke tools, credential harvesting and meticulous reconnaissance to keep long‑term, hard-to-detect access to telecom and communications systems.

Analyst 207
LastPass Warns: Critical Phishing Steals Master Passwords

LastPass Warns: Critical Phishing Steals Master Passwords

If you get a frantic LastPass email demanding a 24‑hour backup, pause — its a phishing campaign trying to steal your master password, the single key that unlocks everything in your vault. Never click the links or enter your master password — LastPass will never ask for that.

Analyst 207
Phishing Attacks Exclusive: Critical Risk to Microsoft 365

Phishing Attacks Exclusive: Critical Risk to Microsoft 365

Think an email from your CEO is safe? Microsoft 365 phishing campaigns now use cloud misconfigurations and device-code tricks to make external messages look internal and steal authentication tokens or MFA codes.

Analyst 207
Android TV: Must-Read Botnet Risk Alert

Android TV: Must-Read Botnet Risk Alert

Before you plug in that bargain Android TV box, know this: researchers say some models secretly route other peoples internet traffic through your home, effectively turning the device into a botnet node and putting you at risk of fraud and legal trouble.

Analyst 207
QR codes Exclusive Threat: Pyongyang’s Dangerous Phishing

QR codes Exclusive Threat: Pyongyang’s Dangerous Phishing

Think twice before you scan: the FBI warns North Korean hackers are using QR-based quishing to turn innocent-looking codes into multi-step traps that steal cloud credentials and bypass enterprise defenses.

Analyst 207
QR codes Stunning Pyongyang Phishing Threat

QR codes Stunning Pyongyang Phishing Threat

QR codes have gone from handy shortcuts to attack vectors—North Korean actors are using QR-based phishing to steal cloud credentials by hiding multi-step payloads inside seemingly legitimate scans. The real question now isnt whether to scan, but how to verify what the square tells you.

Analyst 207
FBI Reveals Stunning Rise in Costly AI Phishing Scams

FBI Reveals Stunning Rise in Costly AI Phishing Scams

Imagine a voicemail that sounds exactly like your daughter begging for help — only its a scam. The FBI warns cheap AI tools are fueling a surge of hyper‑personalized phishing scams that have already cost victims hundreds of millions and can fool individuals, businesses, and banks alike.

Analyst 207
Smishing Triad Impersonation Campaigns: Exclusive Threat

Smishing Triad Impersonation Campaigns: Exclusive Threat

Think that bank-looking text is really from your provider? Smishing Triad attackers now pair believable sender IDs with lookalike Egyptian domains, SIM farms and hijacked devices to harvest credentials and bypass 2FA—one click can mean compromise.

Analyst 207
FlexibleFerret Exclusive: Dangerous macOS Go Backdoor

FlexibleFerret Exclusive: Dangerous macOS Go Backdoor

Think a harmless Mac script cant hurt? FlexibleFerret proves otherwise — a modular, multistage campaign that uses staged shell/AppleScript and a Go-based backdoor to quietly harvest credentials and maintain stealthy, long-term access across macOS systems.

Analyst 207
CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed

CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed

CTM360 exposes HackOnChat, a clever and dangerous campaign that clones WhatsApp Web to trick users into revealing authentication codes and handing over their accounts. With thousands of malicious URLs and coordinated fronts, this WhatsApp account hijacking operation is alarmingly scalable and hard to takedown.

Analyst 207
Dragon Breath Exclusive: Critical RONINGLOADER Gh0st RAT

Dragon Breath Exclusive: Critical RONINGLOADER Gh0st RAT

Think twice before clicking Next — researchers warn Dragon Breath is hiding a multi‑stage RONINGLOADER inside trojanized NSIS installers (masquerading as Chrome or Teams) to install a modified Gh0st RAT that gives attackers stealthy, persistent remote access for credential theft, lateral movement and data exfiltration.

Analyst 207
GootLoader WordPress: Exclusive Font Trick Is Dangerous

GootLoader WordPress: Exclusive Font Trick Is Dangerous

Think an exclusive font is harmless? Think again — GootLoader is hiding malicious JavaScript in fonts and other benign WordPress assets, letting tiny site tweaks become a fast route to full-network takeovers.

Analyst 207
Quantum Route Redirect Phishing Kit: Stunningly Dangerous

Quantum Route Redirect Phishing Kit: Stunningly Dangerous

The Quantum Route Redirect phishing kit quietly hijacks web traffic, rerouting victims to eerily convincing fake sites. Learn how this route redirect phishing attack works and what you can do to stay one step ahead.

Analyst 207
China-Aligned UTA0388 Exclusive: Dangerous AI Phishing

China-Aligned UTA0388 Exclusive: Dangerous AI Phishing

Imagine your inbox posing as a trusted colleague—researchers say UTA0388, a China‑aligned cluster, now uses AI to craft eerily personalized, time‑sensitive spear‑phishing that steals credentials and plants stealthy, long‑term access.

Analyst 207
Russian spies Exclusive: Dangerous VM malware on Windows

Russian spies Exclusive: Dangerous VM malware on Windows

Meet Curly COMrades — a spy group that runs a tiny Alpine Linux “shadow OS” inside a hidden Hyper‑V VM on compromised Windows hosts, letting them slip past endpoint tools and quietly harvest data, credentials and long‑term access.

Analyst 207
Invisible npm malware: Exclusive, Dangerous Token Theft

Invisible npm malware: Exclusive, Dangerous Token Theft

PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.

Analyst 207
New Atroposia RAT Exclusive: Dangerous Dark Web Threat

New Atroposia RAT Exclusive: Dangerous Dark Web Threat

Meet Atroposia RAT: a modular, encrypted remote-access trojan on the dark web that grants attackers a stealthy, persistent foothold to harvest credentials and siphon crypto wallets. Defenders need to move beyond static hashes and rely on behavioral analytics, EDR, and tuned network telemetry to spot its evasive moves.

Analyst 207
GhostCall Exclusive: Critical BlueNoroff Malware Reveal

GhostCall Exclusive: Critical BlueNoroff Malware Reveal

Meet GhostCall — a stealthy campaign tied to BlueNoroff that weaponizes low‑profile backdoors and traffic‑manipulation to quietly harvest credentials and hijack Web3 sessions. As blockchain projects scale, GhostCall and its sibling GhostHire show how openness can be turned into an espionage-and-theft platform that technologists, policy makers and users can’t afford to ignore.

Analyst 207
Iran’s MuddyWater: Stunning, damaging 100+ network breach

Iran’s MuddyWater: Stunning, damaging 100+ network breach

A single hijacked government mailbox became MuddyWater’s battering ram, letting Tehran-linked operators quietly harvest credentials and pivot into 100+ networks across the Middle East and North Africa. It’s a stark reminder that low-cost social engineering and trusted infrastructure can give attackers exponential reach without a single zero-day.

Analyst 207
Dark landscape with cracked dam, lone figure amidst shattered screens and wires.

Iran’s MuddyWater Exclusive: Damaging 100+ Gov Hacks

MuddyWater turned one trusted inbox and a rented VPN into a battering ram against more than 100 government networks—proving social engineering beats flashy malware every time. Group‑IB’s forensic breakdown shows how stealthy credential theft and patient lateral movement bought months of access to critical diplomatic and government secrets.

Analyst 207
MuddyWater Exclusive: Devastating 100+ Government Breach

MuddyWater Exclusive: Devastating 100+ Government Breach

A single compromised mailbox and an attacker-controlled VPN quietly became the battering ram for a MuddyWater espionage campaign that infiltrated more than 100 government networks across the Middle East and North Africa. Group‑IB’s analysis shows the actors used trusted email, credential harvesting, and stealthy lateral movement to maintain months-long access and siphon sensitive diplomatic and personnel data.

Analyst 207