Cobalt Strike Beacon, Sophos, Phishing

Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website

Key Takeaways Overview Cyble Research & Intelligence Labs (CRIL) came across a typosquatted domain of  Sophos, “sopbos[.]com”, using a VirusTotal search. The phishing site impersonates the installation of the Sophos Home. The initial infection vector is unclear at this time as we could not trace how users would be directed to this phishing site. Based …

Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website Read More »

Python Stealer, Tartar, Russia

Tatar-Language Users in the Crosshairs of Python Screenshotter

Key Takeaways • Cyble Research and Intelligence Labs (CRIL) came across Python malware capturing screenshots and sending them over FTP to remote attackers.• Proofpoint has observed similar campaigns in the recent past targeting the United States and Germany, with the perpetrator tracked as “TA866”.• This particular campaign targets Tatar language-speaking users who primarily reside in …

Tatar-Language Users in the Crosshairs of Python Screenshotter Read More »

Android, Spyware, South Korea, CCP

Android Users in South Korea targeted by spyware linked to Chinese Threat Actor

Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) identified a new Android Spyware campaign using VirusTotal intelligence. The campaign has been conducted by a China-linked Threat Actor specifically targeting Android users in South Korea since the beginning of July 2023. This Android Spyware can steal sensitive information, including contacts, SMS messages, call logs, images, …

Android Users in South Korea targeted by spyware linked to Chinese Threat Actor Read More »

Scroll to Top