DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer systems.
Category: cybercrime/malcode – Page 39
Cybercriminals exploit AI hype to spread ransomware, malware
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads.
This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware.
These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to breach corporate networks.
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials.
This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.”
“The attack uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google’s suite of products,” Cofense explains.
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.
The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.
“Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools,” security researchers Anna Širokova and Ivan Feigl said. “Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware.”
Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
The problem? The file was unencrypted. No password protection. No security. Just a plain text file with millions of sensitive pieces of data.
Based on his analysis, Fowler determined the data was captured by some kind of infostealer malware. A popular tool used by cybercriminals, an infostealer is designed to grab usernames, passwords, and other sensitive data from breached sites and servers. Once the criminals get their hands on the data, they can use it to launch their own attacks or peddle the information on the dark web.
After finding the database, Fowler contacted the hosting provider, which removed it from public access. Since the provider would not disclose the name of the file’s owner, Fowler said he didn’t know if the database was created legitimately and then accidentally exposed or intentionally used for malicious reasons.