GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new phishing campaign targeting the insurance and finance sectors uses GitHub, Telegram bots, and ASCII QR codes to deliver malware and evade security measures. The attack leverages GitHub links and trusted repositories to distribute Remcos RAT, with the payload delivered via phishing emails. Additional techniques such as blob URLs and QR code-based phishing add complexity to detection, while Telegram bots facilitate scams on platforms like Booking.com and Airbnb.
- GitHub Abuse: Phishing emails include GitHub links to trusted repositories to deliver malware, bypassing security filters.
- Remcos RAT: The campaign distributes Remcos RAT malware via Lua-based loaders that establish persistence and deliver further payloads.
- Malicious GitHub Comments: Attackers use GitHub comments to upload malicious payloads, leaving only the link behind after deletion.
- New Techniques: ASCII QR codes and blob URLs are employed to evade detection and complicate phishing protection.
- Telekopye Telegram Toolkit: The toolkit, once focused on marketplace scams, now targets accommodation booking platforms with interactive phishing attacks.
- Law Enforcement Action: Cybercriminals behind the Telekopye toolkit were arrested in December 2023 by Czech and Ukrainian authorities.
These phishing strategies demonstrate the evolving tactics of cybercriminals in using trusted platforms to bypass security measures and reach unsuspecting victims.
Comment(s)
Categories
- Other (42)
- Ransomware (123)
- Events and News (26)
- Features (44)
- Security (422)
- Tips (79)
- Google (22)
- Achievements (8)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (187)
- Cyber Attack (219)
- Data Backup (11)
- Data Breach (75)
- Phishing (138)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (55)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (70)
- Hacking (57)
- Social Media (7)
- vulnerability (53)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (4)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)
Recent Posts
Thousands of Fake Shopping Sites Launched to Steal Credit Card Data During Black Friday
November 15, 2024
Amazon Employee Data Breached in MOVEit Attack Fallout: Over 2.8 Million Records Leaked by Hackers
November 13, 2024
Archive
Tags
cyber attack
phishing
data breach
ransomware
ransomeware
android malware
cyber security
malware
financial security
phishing attack
data stealing
ddos
cybercrime
critical vulnerability
trojan
twitter
cyber threat
phishing email
microsoft
data theft
cert-in
lockbit
india
december cyber attacks
pakistan-backed hacker
occasion
financial fraud
cryptojacking
clop gang
clop gang extorting
data security
user data leak
android apps
phishing scam
play store
advanced malware
android
whatsapp
clop
email phishing
fedex
cyber crime
malicious apps
pakistani hackers
net protector total security
cyber attack in india
google play store
independence day
winrar
pune