Tag: Financial Firms

ONNX phishing service targets Microsoft 365 accounts at financial firms
News

ONNX phishing service targets Microsoft 365 accounts at financial firms

Using QR codes in PDF attachments, a new phishing-as-a-service (PhaaS) platform called ONNX Store targets Microsoft 365 accounts for staff members of financial institutions. The software uses Telegram bots to operate and has two-factor authentication (2FA) bypass techniques. It can target both Microsoft 365 and Office 365 email accounts. The activity was found by researchers at EclecticIQ, and they suspect that ONNX is a renamed Caffeine phishing kit run by the threat actor MRxC0DER, who speaks Arabic. When the platform began focusing on Russian and Chinese platforms rather than Western services in October 2022, Mandiant made the discovery of caffeine read more about ONNX phishing service targets Microsoft 365 accounts at financial firms. Get up to date on the latest cybersecu...
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
News

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

The Middle East and North Africa (MENA) and Asia-Pacific (APAC) financial institutions are the target of JSOutProx, a new "evolving threat" variant. In a technical paper released this week, Resecurity stated that "JSOutProx is an advanced attack framework that leverages both JavaScript and.NET." It interacts with a core JavaScript module that is operating on the victim's computer by using the.NET (de)serialization functionality. Once it's run, the malware allows the framework to load further plugins, which in turn carry out more harmful operations on the target. Early attacks dispersing JSOutProx were first discovered by Yoroi in December 2019 and have been linked to a threat actor known as Solar Spider. The history of bank strikes and other large company actions in Europe and As...
FakeCalls Android Malware Targets Financial Firms in South Korea
News

FakeCalls Android Malware Targets Financial Firms in South Korea

A new Android voice phishing (vishing) malware tool has been discovered that targets victims in South Korea by pretending to be 20 of the country's top financial institutions. The software, dubbed "FakeCalls" by the Check Point Research (CPR) team, lures victims with false loans and asks them to confirm their credit card information so that their information can be taken. "FakeCalls malware boasts the functionality of a Swiss army knife, able not only to conduct its primary purpose but also to take private data read more Fake Calls Android Malware Targets Financial Firms in South Korea. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.