Npav Lab

A new fraud campaign led by the Chinese threat actor SilkSpecter is leveraging 4,700 fake e-commerce websites to steal payment card details and personal information. These sites mimic popular brands and utilize legitimate payment processors like Stripe to deceive victims.

A new ransomware strain, Ymir, is causing alarm with its unique memory exploitation tactics to evade detection. This advanced ransomware, following an initial breach via RustyStealer malware, recently hit a corporate network in Colombia, signaling the growing complexity and sophistication of ransomware strategies that target high-value corporate credentials.

Amazon has confirmed an employee data breach following the massive MOVEit cyberattacks, after threat actor "Nam3L3ss" leaked over 2.8 million lines of employee data, including contact details and office locations, stolen through a third-party vendor. This attack is part of a larger breach that has impacted dozens of global companies through a vendor exploit.

A new method in cyberattacks uses ZIP file concatenation to deliver malicious payloads undetected. By leveraging differences in ZIP parser handling, attackers can hide trojans in ZIP files, targeting unsuspecting users via phishing emails disguised as legitimate notices.

The newly discovered SteelFox malware leverages a vulnerable driver to escalate privileges, enabling it to steal sensitive data and mine cryptocurrency on Windows machines. Distributed through cracked software on forums and torrent sites, SteelFox presents significant risks to users of popular programs like AutoCAD, JetBrains, and Foxit PDF Editor.

Microsoft has officially launched Windows Server 2025, bringing a host of exciting new features and improvements for businesses looking to leverage cutting-edge technology for their infrastructure. Available from November 1st, 2024, Windows Server 2025 delivers significant advancements in virtualization, security, and storage. 

A dangerous new Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices by bypassing security measures and exploiting Android’s accessibility features to facilitate fraudulent money transfers. With roots in the TgToxic malware, ToxicPanda is suspected to be the work of a Chinese-speaking threat actor targeting bank customers in Europe and Latin America.

The newly emerged Interlock ransomware is designed to specifically target FreeBSD servers, exploiting the OS's prevalence in critical infrastructure environments. This ransomware operation, active since late September 2024, has already compromised several organizations, using a unique FreeBSD-based encryptor to execute double-extortion attacks, leaving critical services vulnerable.

The latest variant of the FakeCall malware has taken vishing attacks to a new level, hijacking Android devices to intercept banking calls and manipulate call interfaces. This highly sophisticated malware leverages accessibility permissions to gain control over calls, messages, and other sensitive data, tricking users into sharing critical financial information.

A large-scale ransomware campaign targeting over 22,000 CyberPanel instances has leveraged a critical remote code execution vulnerability to infiltrate servers and encrypt files. Known as the PSAUX ransomware, this attack exploits authentication flaws, command injection vulnerabilities, and security filter bypasses in CyberPanel version 2.3.6, leading to mass outages and compromised data security.