Tag: group ib
21 articles

ClickLock Malware Forces macOS Users to Reveal Login Passwords
Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

macOS Malware Exploits User Trust to Steal Sensitive Data
Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic
Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

macOS Stealer Uses Coercion Loop to Force Password Entry
A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

Scattered Spider Morphs into Decentralized Cybercrime Network
Meet Scattered Spider, a notorious cybercrime collective that's evolved into a decentralized network of independent clusters, sharing tactics and tools to wreak havoc online. This fresh analysis by Group-IB shatters the traditional view of a single, unified gang, revealing a more complex and dynamic threat.

AI Compute Hijacking Exposes New Security Risks
A shocking 62,289 devices have fallen prey to the Millenium RAT, a malicious threat that's being spread through clever social engineering tactics and sold as a cheap, subscription-based service on the dark web. This alarming infection rate highlights the growing risk of small, seemingly harmless actions becoming gateways to devastating cyber attacks.

Millenium RAT Infects 60,000 Devices in Global Cyber Campaign
A new iteration of the Millenium RAT malware has infected 62,289 devices worldwide, with a staggering 39,730 compromises occurring in just the first quarter of 2026, thanks to its upgraded native C++ architecture that helps it evade detection. This powerful Telegram-controlled remote access trojan has become even more elusive in its latest version.

GitHub Phishing Kit Targets Mexican Banks via Cloud Services
A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

Sniper Dz Scams Target MENA Users with Fake Offers and Browser Exploits
Scammers are targeting people in the Middle East and North Africa with fake offers of free mobile internet, financial rewards, and government subsidies, using fraudulent Facebook accounts to trick victims into divulging sensitive info. These Sniper Dz scams impersonate trusted figures and organizations to lure users in with enticing deals.

INTERPOL Disrupts Sniper Dz Phishing Platform in Global Operation
In a major global crackdown, INTERPOL dismantled the notorious Sniper Dz phishing platform, a hub for cybercriminals to buy and use ready-made phishing kits, in a coordinated effort that resulted in 201 arrests across 13 countries. The operation, dubbed Operation Ramz, dealt a significant blow to the phishing-as-a-service industry.

SilabRAT Trojan Targets Crypto Wallets with Session Hijacking
Meet SilabRAT, a sneaky Trojan that's been sold as a malware-as-a-service on dark web forums since late 2025, allowing cybercrooks to hijack crypto wallet sessions and swipe funds. For just $5,000 a month, attackers can get their hands on this powerful tool and start targeting unsuspecting crypto wallet users.

FBI Warns of World Cup Phishing Sites Targeting Fans
Don't get scammed out of your World Cup tickets! A massive phishing operation, tracked as Ghost Stadium, has set up over 300 fake FIFA websites to trick fans into buying premium tickets to the 2026 tournament.

Fraudsters Target World Cup Fans with 4300 Fake FIFA Domains
Scammers are gearing up to target FIFA World Cup fans with a massive network of over 4,300 fake domains, a recent analysis revealed. These fraudulent sites, linked to six distinct scams and four threat actors, are currently dormant but ready to be activated as the 2026 tournament approaches.

Iran’s MuddyWater: Stunning, damaging 100+ network breach
A single hijacked government mailbox became MuddyWater’s battering ram, letting Tehran-linked operators quietly harvest credentials and pivot into 100+ networks across the Middle East and North Africa. It’s a stark reminder that low-cost social engineering and trusted infrastructure can give attackers exponential reach without a single zero-day.

Iran’s MuddyWater Exclusive: Damaging 100+ Gov Hacks
MuddyWater turned one trusted inbox and a rented VPN into a battering ram against more than 100 government networks—proving social engineering beats flashy malware every time. Group‑IB’s forensic breakdown shows how stealthy credential theft and patient lateral movement bought months of access to critical diplomatic and government secrets.

MuddyWater Exclusive: Devastating 100+ Government Breach
A single compromised mailbox and an attacker-controlled VPN quietly became the battering ram for a MuddyWater espionage campaign that infiltrated more than 100 government networks across the Middle East and North Africa. Group‑IB’s analysis shows the actors used trusted email, credential harvesting, and stealthy lateral movement to maintain months-long access and siphon sensitive diplomatic and personnel data.

MuddyWater Stunning Breach Hits 100+ Government Networks
The MuddyWater campaign turned a single compromised mailbox and an attacker-controlled VPN into a battering ram, phishing its way into 100+ government networks across the Middle East and North Africa and proving that access and trust beat flashy exploits every time.

MuddyWater Exclusive Severe Breach Hits 100+ Gov Networks
MuddyWater used nothing fancier than a hijacked mailbox and a VPN to slip into over 100 government networks across the MENA region — proof that trusted tools and patient tradecraft can outsmart modern defenses. Learn how everyday cloud mail, SSO trust, and forwarding rules became the quiet engines of a widescale espionage campaign and what signs to watch for.

Iran’s MuddyWater Exclusive: Alarming Breach Hits 100+ Govt
Using one compromised mailbox and a rented VPN, MuddyWater quietly slipped into over 100 government networks across the Middle East and North Africa; its a sobering reminder that cheap, old-school tradecraft—phishing, account takeovers, and credential theft—still outsmarts defenders chasing flashy exploits.

MuddyWater Exclusive: Dangerous Mailbox Phishing Surge
Think your inbox is safe? MuddyWater’s latest phishing wave shows how compromised mailboxes let attackers steal credentials and session tokens, impersonate colleagues, and turn a single click into long‑term espionage across organizations.

Singapore Officials Impersonated in Stunning, Damaging Scam
Think twice before trusting top search results: criminals are buying Google ads to surface near‑perfect clones of Singapore government sites and using AI-generated deepfakes of real officials to trick investors into wiring funds or handing over credentials.