"Passwort" Folge 30: i-Soon, das Leak aus der chinesischen Cybercrime-Industrie
Die Hosts diskutieren einen seltenen Einblick in die kommerzielle Hacking-Szene in China und was man daraus über die dortige Cybercrime-Industrie lernen kann.
Malware-Angriff auf Mobiltelefone: Daten von USIM-Karten gestohlen. Betroffen sind IMSI, MSISDN und Authentifizierungsschlüssel. Ermittlungen laufen, Schutzmechanismen wurden verstärkt. #Cybersecurity #Malware https://winfuture.de/news,150505.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
Infoblox Threat Intel had the opportunity to collaborate with the United Nations Office on Drugs and Crime (#UNODC) for their latest report on South East Asian Crime. The report is titled "Inflection Point". It is a great in-depth analysis of the triads and how they fuel the current scam epidemic.
Organized crime is booming - as you can see with the picture below which shows the growth in the physical footprint of the compounds they operate.
Our part of the collaboration (pages 37-42 of the 90+ page report) were around a single actor that we can track in #dns -- naturally!
We analysed a number of illegal Chinese-operated gambling websites and soon found out they were operated by the same 'gambling provider' we named Vault Viper. Vault viper develops its very own "secure gambling browser". Of course it's #malware.
Through DNS, we discovered the companies behind Vault Viper were in fact controlled by Suncity - a criminal junket whose founder has been convicted of laundering billions of dollars.
https://www.unodc.org/roseap/en/2025/04/cyberfraud-inflection-point-mekong/story.html
Illegal gambling is not harmless fun. It fuels some of the largest criminal networks in the world.
The entire report is worth reading to get the latest view from experts on the world of organized crime in Asia that is running #scam, #pigbutchering, #humantrafficking, #cybercrime, #malware, #illegalgambling, illegal porn and who knows what else. The image below shows just how much it has grown in a few years from physical footprints.
We'll be releasing a detailed report on Vault Viper in the coming months.
#infobloxthreatintel #infoblox
#organizedcrime #china
NEW
A fake version of the #AlpineQuest mapping app was used to spy on Russian military Android devices. The spyware steals contacts, location data & files.
Details: https://hackread.com/fake-alpine-quest-mapping-app-spying-russian-military/
Offical XRP NPM package has been compromised and key stealing malware introduced
Offical XRP NPM package has been compromised and key stealing malware introduced
The dangers of cheap IOT smart devices and malware. Takeaway: be highly suspicious of even something so innocent seeming as a photo frame.
https://gist.github.com/iansinclair/c32aeafdc84e641c537a0a6c549f30b9
Given that sophisticated #infostealer #malware increasingly includes checks to avoid detection by shutting down if it detects it is on a virtualised host...
What is the security vs convenience+performance tradeoff for running a primary work environment inside a virtualised guest?
Or... is there actually a (small) security benefit by running a kernel shim to make your real environment appear to be virtualised?
random #infosec thought for the day
SuperCard X: nuova minaccia contactless in rapida espansione
https://gomoot.com/supercard-x-nuova-minaccia-contactless-in-rapida-espansione
I always thought the NFC security in Android was overly weak.
https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html?m=1
Anti-spying phone pouches offered to EU lawmakers for trip to Hungary – POLITICO https://www.byteseu.com/943547/ #Communications #CyberEspionage #cybersecurity #DataProtection #Espionage #Hungary #Intelligence #malware #PernandoBarrenaArza #Privacy #RuleOfLaw #SophieWilmès #StateBackedHacking #surveillance #Technology #Telecoms #TinekeStrik
Hold your phone near your card... and they drain your bank account.
A new Android malware-as-a-service, SuperCard X, is targeting Italians with NFC relay attacks—letting cybercriminals remotely steal card data and pull off ATM & PoS fraud.
#CyberSecurity #Malware
https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html
A new malware-as-a-service platform called 'SuperCard X' is reportedly targeting Android devices, stealing credit card data for NFC relay attacks at POS and ATMs. #CyberSecurity #Malware https://www.bleepingcomputer.com/news/security/supercard-x-android-malware-use-stolen-cards-in-nfc-relay-attacks/
Scammers are targeting healthcare and pharma firms with phishing emails in their native languages, leading to infections by a new, evasive malware called #ResolverRAT.
Read: https://hackread.com/native-language-phishing-resolverrat-healthcare/
¡Protege tu Android de virus y spyware! Aprende a identificarlos y eliminarlos con estos sencillos pasos. ¡Tu privacidad es lo primero! 
#Ciberseguridad #Android #Malware
https://androidguias.com/como-saber-si-tienes-virus-o-spyware-en-android/
The "free money" trap: How scammers exploit financial anxiety
This analysis explores how scammers capitalize on financial stress by promising 'free money' through fake subsidy programs, government grants, or relief cards. Common tactics include using urgency, exclusivity, and fabricated social proof to manipulate victims. Scammers employ various techniques such as phishing, impersonation, fake customer support, QR code scams, and malware-laden attachments to collect personal data for identity theft or future scams. The article provides red flags to watch for, including vague claims, lack of contact information, and unrealistic promises. To protect against these scams, individuals should verify sources, avoid sharing personal information on unverified websites, report suspicious sites, and educate others about these fraudulent schemes.
Pulse ID: 6802cb9dcd152b0f855adc5b
Pulse Link: https://otx.alienvault.com/pulse/6802cb9dcd152b0f855adc5b
Pulse Author: AlienVault
Created: 2025-04-18 22:01:01
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Been reading about this malware China is using written for Linux:
https://sysdig.com/blog/unc5174-chinese-threat-actor-vshell/
and it struck me: Why mount /tmp and /var/tmp without noexec, nodev, nosuid? Seems crazy to allow a directory anyone can write to, to run executables.
While we're at it, get rid of wget and curl and anything else that would allow them to even get a "dropper" on the system?
Isn't this common sense stuff?!
G◍M◍◍T 
️
