Executive Summary Cyble Research and Intelligence Labs (CRIL) has identified a novel Android banking trojan, dubbed OverlayPhantom, actively distributed in the wild via malicious URLs. The malware employs a two-stage infection chain, using a dropper application that impersonates trusted platforms, including the official Austrian government identity application, ID Austria, and the widely used con…
Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign leveraging social engineering and trusted infrastructure to establish persistent, covert access to victim systems. The attack is delivered via phishing emails containing a malicious LNK file disguised within a RAR archive, using a Russian humanitarian aid request form to exploit contextu…
Key Takeaways Cyble honeypot sensors detected several new cyberattacks in recent days, targeting vulnerabilities in the Ruby SAML library, D-Link NAS devices, the aiohttp client-server framework, a WordPress plugin, and more. Cyble’s Vulnerability Intelligence unit also discovered new phishing campaigns and brute-force attacks. Clients are urged to address the vulnerabilities identified in the re…
Key Takeaways Cyble Research and Intelligence Labs (CRIL) has uncovered a novel phishing campaign tailored to cryptocurrency users. This campaign was deploying a well-known FatalRAT along with additional malware such as Clipper and Keylogger. The Threat Actors (TAs) orchestrating this campaign employ the DLL side-loading technique to load and execute FatalRAT, Clipper, and Keylogger modules. Fata…
