Cybercrime & Underground Economy
Coverage of dark web markets, ransomware ecosystems, fraud operations, financial crime services, monetization tactics, and the evolving underground economy driving global cybercriminal activity.
-
GlassWorm macOS malware targets crypto wallets again
GlassWorm macOS malware returns via rogue VSCode/OpenVSX extensions that plant AppleScript payloads, steal developer tokens, and try to swap Ledger and Trezor apps.
-
Covenant Health data breach widens to 478,188 patients
Covenant Health data breach totals jumped to 478,188 patients after a forensic re-scan of 1.35 million stolen files linked to the Qilin ransomware group.
-
Google Cloud phishing bypasses email filters
Attackers weaponized Google Cloud Application Integration to bypass email filters. The campaign targeted 3,200 organizations across five continents with a sophisticated multi-stage phishing attack.
-
Malicious Blender Files Used to Spread Malware
Cybersecurity experts are warning about malicious Blender files being used to spread malware that steals sensitive data. These files, found on platforms like CGTrader, leverage embedded Python scripts to initiate infections when opened. Security firm Morphisec first reported on this Russian-linked campaign, noting its use of malicious .blend files to deploy the StealC V2 data-stealing…
-
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
A new cybersecurity campaign, dubbed JackFix, is tricking users into installing malware via fake Windows update pop-ups on adult websites. Attackers use ClickFix lures to deceive victims into running malicious commands. This tactic leverages fake adult sites (like xHamster or PornHub clones), often distributed via malvertising. The “urgent security update” creates psychological pressure on victims,…
-
Ex-Officer Gets Suspended Sentence for Selling Police Files to Journalist Nephew
A former police officer in Yekaterinburg has received a four-year suspended sentence after admitting to selling confidential police files. The court press service confirmed the ruling on Tuesday. Andrei Karpov, the ex-officer, pleaded guilty to charges of bribery and abuse of power. He sold criminal reports, including personal data and pre-trial information, to his nephew,…
-
Fake FFmpeg Update Infects Mac Users with Backdoor
A new backdoor campaign is targeting Mac users, tricking them into installing malicious software disguised as an FFmpeg update. This attack begins with fake job offers on LinkedIn, luring victims to a specialized website for a “job assessment.” The site then prompts a fake FFmpeg “update,” instructing victims to run a `curl` command that installs…
-
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Cybersecurity experts reveal a new campaign leveraging Blender 3D assets to spread a dangerous info-stealing malware. This operation has been active for at least six months. Malicious .blend files are being planted on popular platforms like CGTrader. Users unknowingly download these files, which contain embedded Python scripts. Upon opening in Blender, these scripts automatically execute…
-
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are deploying Matrix Push C2, a new command-and-control platform for sophisticated phishing attacks. This framework uses web browser notifications to deliver malicious links across various operating systems, employing a fileless approach that bypasses traditional security. Offered as “Malware-as-a-Service” (MaaS), Matrix Push C2 enables threat actors to send deceptive alerts, tricking victims into visiting…
-
Sanctions Hit Russia’s Bulletproof Hosting Provider
U.S., UK, and Australia sanction Russia-based Media Land for providing bulletproof hosting to ransomware groups like LockBit, BlackSuit, and Play, freezing assets and prohibiting transactions.