At a glance.
- EvilProxy phishes for executives.
- Typosquatting to deliver a rootkit.
- Stream-jacking on YouTube.
- A global look at risk management.
- Guidelines for hacktivists engaged in hybrid war.
- Assistance from a diverse set of international partners.
EvilProxy phishes for executives.
Researchers at Menlo Security warn that a phishing campaign is exploiting an open-redirect vulnerability on the job listing site Indeed to distribute a link to a spoofed Microsoft login page. The campaign is targeting C-suite employees in various industries, particularly banking and financial services, insurance, property management and real estate, and manufacturing. The threat actors are using the EvilProxy phishing-as-a-service platform. For more on EvilProxy, see CyberWire Pro.
Typosquatting to deliver a rootkit.
The researchers explain, “Like DiscordRAT, r77 is an example of open source malware with extensive documentation that makes it easy to deploy, even by novice actors. r77 is a fileless ring 3 rootkit that is able to disguise files and processes and that can be bundled with other software or launched directly. r77 is a recent addition to DiscordRAT 2.0, with previous versions of that open source malware (Discord-RAT) lacking the ability to launch a rootkit. Also of interest: the DiscordRAT 2.0 executable we studied did not use the newest version of the r77 rootkit, but an older version of the rootkit.”