Exploit This

Security News, Exploits, and Vulnerabilities.

Loki Bot: On a hunt for corporate passwords

Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages discovered so far contain an attachment with an .iso extension, which Kaspersky Lab solutions detect as Loki Bot.

Online generators… of dashed expectations

Quite recently, we started to designate an entire class of sites — gift card generators — as fraudulent, despite their not stealing any money or personal data from visitors. Why? Let’s try to unpick these sites and see how they work.

In cryptoland, trust can be costly

While the legal status of cryptocurrencies and laws to regulate them continue to be hammered out, scammers are busy exploiting the digital gold rush. Besides hacking cryptocurrency exchanges, exploiting smart-contract vulnerabilities, and deploying malicious miners, cybercriminals are also resorting to more traditional social-engineering methods that can reap millions of dollars.

2018 Fraud World Cup

There are only two weeks to go before the start of the massive soccer event — FIFA World Cup. This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals. Long before kick-off, email accounts began bulging with soccer-related spam, and scammers started exploiting the topic in mailings and creating World Cup-themed phishing pages.

Tens of thousands per Gram

In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens.

Tax refund, or How to lose your remaining cash

Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it’s no surprise to find cybercriminals hard on their heels.

Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail.

Cybercriminals target early IRS 2018 refunds now

On Monday, Jan 29th, IRS officially opened its 2018 season. Right after two days of the opening, we got phishing messages with a fake refund status websites.

%d bloggers like this: