2025-12-08 AI创业新闻

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, among others. Of these, 24 have been assigned CVE identifiers.

“I think the fact that multiple universal attack chains affected each and every AI IDE tested is the most surprising finding of this research,” Marzouk told The Hacker News. “All AI IDEs (and coding assistants that integrate with them) effectively ignore the base software (IDE) in their threat model. They treat their features as inherently safe because they’ve been there for years. However, once you add AI agents that can act autonomously, the same features can be weaponized into data exfiltration and RCE primitives.” At its core, these issues chain three different vectors that are common to AI-driven IDEs - Bypass a large language model’s (LLM) guardrails to hijack the context and perform the attacker’s bidding (aka prompt injection) Perform certain actions without requiring any user interaction via an AI agent’s auto-approved tool calls Trigger an IDE’s legitimate features that allow an attacker to break out of the security boundary to leak sensitive data or execute arbitrary commands The highlighted issues are different from prior attack chains that have leveraged prompt injections in conjunction with vulnerable tools (or abusing legitimate tools to perform read or write actions) to modify an AI agent’s configuration to achieve code execution or other unintended behavior.

What makes IDEsaster notable is that it takes prompt injection primitives and an agent’s tools, using them to activate legitimate features of the IDE to result in information leakage or command execution. Context hijacking can be pulled off in myriad ways, including through user-added context references that can take the form of pasted URLs or text with hidden characters that are not visible to the human eye, but can be parsed by the LLM. Alternatively, the context can be polluted by using a Model Context Protocol (MCP) server through tool poisoning or rug pulls , or when a legitimate MCP server parses attacker-controlled input from an external source. Some of the identified attacks made possible by the new exploit chain is as follows - CVE-2025-49150 (Cursor), CVE-2025-53097 (Roo Code), CVE-2025-58335 (JetBrains Junie), GitHub Copilot (no CVE), Kiro.dev (no CVE), and Claude Code (addressed with a security warning )

• Using a prompt injection to read a sensitive file using either a legitimate (“read_file”) or vulnerable tool (“search_files” or “search_project”) and writing a JSON file via a legitimate tool (“write_file” or “edit_file)) with a remote JSON schema hosted on an attacker-controlled domain, causing the data to be leaked when the IDE makes a GET request CVE-2025-53773 (GitHub Copilot), CVE-2025-54130 (Cursor), CVE-2025-53536 (Roo Code), CVE-2025-55012 (Zed.dev), and Claude Code (addressed with a security warning )
• Using a prompt injection to edit IDE settings files (“.vscode/settings.json” or “.idea/workspace.xml”) to achieve code execution by setting “php.validate.executablePath” or “PATH_TO_GIT” to the path of an executable file containing malicious code CVE-2025-64660 (GitHub Copilot), CVE-2025-61590 (Cursor), and CVE-2025-58372 (Roo Code)
• Using a prompt injection to edit workspace configuration files (*.code-workspace) and override multi-root workspace settings to achieve code execution It’s worth noting that the last two examples hinge on an AI agent being configured to auto-approve file writes, which subsequently allows an attacker with the ability to influence prompts to cause malicious workspace settings to be written.

But given that this behavior is auto-approved by default for in-workspace files, it leads to arbitrary code execution without any user interaction or the need to reopen the workspace. With prompt injections and jailbreaks acting as the first step for the attack chain, Marzouk offers the following recommendations - Only use AI IDEs (and AI agents) with trusted projects and files. Malicious rule files, instructions hidden inside source code or other files (README), and even file names can become prompt injection vectors. Only connect to trusted MCP servers and continuously monitor these servers for changes (even a trusted server can be breached).

Review and understand the data flow of MCP tools (e.g., a legitimate MCP tool might pull information from attacker controlled source, such as a GitHub PR) Manually review sources you add (such as via URLs) for hidden instructions (comments in HTML / css-hidden text / invisible unicode characters, etc.) Developers of AI agents and AI IDEs are advised to apply the principle of least privilege to LLM tools, minimize prompt injection vectors, harden the system prompt, use sandboxing to run commands, perform security testing for path traversal, information leakage, and command injection. The disclosure coincides with the discovery of several vulnerabilities in AI coding tools that could have a wide range of impacts - A command injection flaw in OpenAI Codex CLI ( CVE-2025-61260 ) that takes advantage of the fact that the program implicitly trusts commands configured via MCP server entries and executes them at startup without seeking a user’s permission. This could lead to arbitrary command execution when a malicious actor can tamper with the repository’s “.env” and “./.codex/config.toml” files. An indirect prompt injection in Google Antigravity using a poisoned web source that can be used to manipulate Gemini into harvesting credentials and sensitive code from a user’s IDE and exfiltrating the information using a browser subagent to browse to a malicious site.

Multiple vulnerabilities in Google Antigravity that could result in data exfiltration and remote command execution via indirect prompt injections, as well as leverage a malicious trusted workspace to embed a persistent backdoor to execute arbitrary code every time the application is launched in the future. A new class of vulnerability named PromptPwnd that targets AI agents connected to vulnerable GitHub Actions (or GitLab CI/CD pipelines) with prompt injections to trick them into executing built-in privileged tools that lead to information leak or code execution. As agentic AI tools are becoming increasingly popular in enterprise environments, these findings demonstrate how AI tools expand the attack surface of development machines, often by leveraging an LLM’s inability to distinguish between instructions provided by a user to complete a task and content that it may ingest from an external source, which, in turn, can contain an embedded malicious prompt. “Any repository using AI for issue triage, PR labeling, code suggestions, or automated replies is at risk of prompt injection, command injection, secret exfiltration, repository compromise and upstream supply chain compromise,” Aikido researcher Rein Daelman said.

Marzouk also said the discoveries emphasized the importance of “Secure for AI,” which is a new paradigm that has been coined by the researcher to tackle security challenges introduced by AI features, thereby ensuring that products are not only secure by default and secure by design, but are also conceived keeping in mind how AI components can be abused over time. “This is another example of why the ‘Secure for AI’ principle is needed,” Marzouk said. “Connecting AI agents to existing applications (in my case IDE, in their case GitHub Actions) creates new emerging risks.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an unauthenticated attacker without requiring any special setup. It’s also tracked as React2Shell.

“Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” CISA said in an advisory. The problem stems from insecure deserialization in the library’s Flight protocol, which React uses to communicate between a server and client. As a result, it leads to a scenario where an unauthenticated, remote attacker can execute arbitrary commands on the server by sending specially crafted HTTP requests. “The process of converting text into objects is widely considered one of the most dangerous classes of software vulnerabilities,” Martin Zugec, technical solutions director at Bitdefender, said .

“The React2Shell vulnerability resides in the react-server package, specifically in how it parses object references during deserialization.” The vulnerability has been addressed versions 19.0.1, 19.1.2, and 19.2.1 of the following libraries - react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack Some of the downstream frameworks that depend on React are also impacted. This includes: Next.js, React Router, Waku, Parcel, Vite, and RedwoodSDK. The development comes after Amazon reported that it observed attack attempts originating from infrastructure associated with Chinese hacking groups like Earth Lamia and Jackpot Panda within hours of public disclosure of the flaw. Coalition , Fastly , GreyNoise , VulnCheck , and Wiz have also reported seeing exploitation efforts targeting the flaw, indicating that multiple threat actors are engaging in opportunistic attacks.

Image Source: GreyNoise Some of the attacks have involved the deployment of cryptocurrency miners, as well as the execution of “cheap math” PowerShell commands to ascertain successful exploitation, followed by running commands to drop in-memory downloaders capable of retrieving an additional payload from a remote server. According to data shared by attack surface management platform Censys, there are about 2.15 million instances of internet-facing services that may be affected by this vulnerability. This comprises exposed web services using React Server Components and exposed instances of frameworks such as Next.js, Waku, React Router, and RedwoodSDK. In a statement shared with The Hacker News, Palo Alto Networks Unit 42 said it has confirmed over 30 affected organizations across numerous sectors, with one set of activity consistent with a Chinese hacking crew tracked as UNC5174 (aka CL-STA-1015).

The attacks are characterized by the deployment of SNOWLIGHT and VShell . “We have observed scanning for vulnerable RCE, reconnaissance activity, attempted theft of AWS configuration and credential files, as well as installation of downloaders to retrieve payloads from attacker command and control infrastructure,” Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said. Security researcher Lachlan Davidson, who is credited with discovering and reporting the flaw, has since released multiple proof-of-concept (PoC) exploits, making it imperative that users update their instances to the latest version as soon as possible. Another working PoC has been published by a Taiwanese researcher who goes by the GitHub handle maple3142.

Pursuant to Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies have until December 26, 2025, to apply the necessary updates to secure their networks. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them access to read emails, as well as browse files and folders, and perform actions like moving, renaming, or deleting content. For instance, a prompt issued by a benign user might look like this: “Please check my email and complete all my recent organization tasks.” This will cause the browser agent to search the inbox for relevant messages and perform the necessary actions. “This behavior reflects excessive agency in LLM-powered assistants where the LLM performs actions that go far beyond the user’s explicit request,” security researcher Amanda Rousseau said in a report shared with The Hacker News.

An attacker can weaponize this behavior of the browser agent to send a specially crafted email that embeds natural language instructions to organize the recipient’s Drive as part of a regular cleanup task, delete files matching certain extensions or files that are not inside any folder, and review the changes. Given that the agent interprets the email message as routine housekeeping, it treats the instructions as legitimate and deletes real user files from Google Drive without requiring any user confirmation. “The result: a browser-agent-driven wiper that moves critical content to trash at scale, triggered by one natural-language request from the user,” Rousseau said. “Once an agent has OAuth access to Gmail and Google Drive, abused instructions can propagate quickly across shared folders and team drives.” What’s notable about this attack is that it neither relies on a jailbreak nor a prompt injection.

Rather, it achieves its goal by simply being polite, providing sequential instructions, and using phrases like “take care of,” “handle this,” and “do this on my behalf,” that shift the ownership to the agent. In other words, the attack highlights how sequencing and tone can nudge the large language model (LLM) to comply with malicious instructions without even bothering to check if each of those steps is actually safe. To counter the risks posed by the threat, it’s advised to take steps to secure not just the model, but also the agent, its connectors, and the natural language instructions it follows through. “Agentic browser assistants turn everyday prompts into sequences of powerful actions across Gmail and Google Drive,” Rousseau said.

“When those actions are driven by untrusted content (especially polite, well-structured emails) organizations inherit a new class of zero-click data-wiper risk.” HashJack Exploits URL Fragments for Indirect Prompt Injection The disclosure comes as Cato Networks demonstrated another attack aimed at artificial intelligence (AI)-powered browsers that hides rogue prompts after the “#” symbol in legitimate URLs (e.g., “www.example[.]com/home#") to deceive the agents into executing them. The technique has been dubbed HashJack. In order to trigger the client-side attack, a threat actor can share such a specially crafted URL via email, social media, or by embedding it directly on a web page. Once the victim loads the page and asks the AI browser a relevant question, it executes the hidden prompt.

“HashJack is the first known indirect prompt injection that can weaponize any legitimate website to manipulate AI browser assistants,” security researcher Vitaly Simonovich said . “Because the malicious fragment is embedded in a real website’s URL, users assume the content is safe while hidden instructions secretly manipulate the AI browser assistant.” Following responsible disclosure, Google classified it as “won’t fix (intended behavior)” and low severity, while Perplexity and Microsoft have released patches for their respective AI browsers (Comet v142.0.7444.60 and Edge 142.0.3595.94). Claude for Chrome and OpenAI Atlas have been found to be immune to HashJack. It’s worth noting that Google does not treat policy-violating content generation and guardrail bypasses as security vulnerabilities under its AI Vulnerability Reward Program (AI VRP).

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity ( XXE ) injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. “Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF,” according to an advisory for the vulnerability. It affects the following Maven packages - org.apache.tika:tika-core >= 1.13, <= 3.2.1 (Patched in version 3.2.2) org.apache.tika:tika-parser-pdf-module >= 2.0.0, <= 3.2.1 (Patched in version 3.2.2) org.apache.tika:tika-parsers >= 1.13, < 2.0.0 (Patched in version 2.0.0) XXE injection refers to a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data.

This, in turn, makes it possible to access files on the application server file system and, in some cases, even, achieve remote code execution. CVE-2025-66516 is assessed to be the same as CVE-2025-54988 (CVSS score: 8.4), another XXE flaw in the content detection and analysis framework that was patched by the project maintainers in August 2025. The new CVE, the Apache Tika team said, expands the scope of affected packages in two ways. “First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core,” the team said.

“Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.” “Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the “org.apache.tika:tika-parsers” module.” In light of the criticality of the vulnerability, users are advised to apply the updates as soon as possible to mitigate potential threats. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell , which allows unauthenticated remote code execution . It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. According to a new report shared by Amazon Web Services (AWS), two China-linked threat actors known as Earth Lamia and Jackpot Panda have been observed attempting to exploit the maximum-severity security flaw.

“Our analysis of exploitation attempts in AWS MadPot honeypot infrastructure has identified exploitation activity from IP addresses and infrastructure historically linked to known China state-nexus threat actors,” CJ Moses, CISO of Amazon Integrated Security, said in a report shared with The Hacker News. Specifically, the tech giant said it identified infrastructure associated with Earth Lamia , a China-nexus group that was attributed to attacks exploiting a critical SAP NetWeaver flaw (CVE-2025-31324) earlier this year. The hacking crew has targeted sectors across financial services, logistics, retail, IT companies, universities, and government organizations across Latin America, the Middle East, and Southeast Asia. The attack efforts have also originated from infrastructure related to another China-nexus cyber threat actor known as Jackpot Panda , which has primarily singled out entities that are either engaged in or support online gambling operations in East and Southeast Asia.

Jackpot Panda, per CrowdStrike, is assessed to be active since at least 2020, and has targeted trusted third-party relationships in an attempt to deploy malicious implants and gain initial access. Notably, the threat actor was connected to the supply chain compromise of a chat app known as Comm100 in September 2022. The activity is tracked by ESET as Operation ChattyGoblin . It has since emerged that a Chinese hacking contractor, I-Soon, may have been involved in the supply chain attack , citing infrastructure overlaps .

Interestingly, attacks mounted by the group in 2023 have primarily focused on Chinese-speaking victims, indicating possible domestic surveillance. “Beginning in May 2023, the adversary used a trojanized installer for CloudChat, a China-based chat application popular with illegal, Chinese-speaking gambling communities in Mainland China,” CrowdStrike said in its Global Threat Report released last year. “The trojanized installer served from CloudChat’s website contained the first stage of a multi-step process that ultimately deployed XShade – a novel implant with code that overlaps with Jackpot Panda’s unique CplRAT implant.” Amazon said it also detected threat actors exploiting 2025-55182 along with other N-day flaws, including a vulnerability in NUUO Camera ( CVE-2025-1338 , CVSS score: 7.3), suggesting broader attempts to scan the internet for unpatched systems. The observed activity involves attempts to run discovery commands (e.g., whoami), write files (“/tmp/pwned.txt”), and read files containing sensitive information (e.g., “/etc/passwd”).

“This demonstrates a systematic approach: threat actors monitor for new vulnerability disclosures, rapidly integrate public exploits into their scanning infrastructure, and conduct broad campaigns across multiple Common Vulnerabilities and Exposures (CVEs) simultaneously to maximize their chances of finding vulnerable targets,” Moses said. Cloudflare Blames Outage on React2Shell Patch The development comes as Cloudflare experienced a brief but widespread outage that caused websites and online platforms to return a “500 Internal Server Error” message. “A change made to how Cloudflare’s Web Application Firewall parses requests caused Cloudflare’s network to be unavailable for several minutes this morning,” the web infrastructure provider said in a statement Friday. “This was not an attack; the change was deployed by our team to help mitigate the industry-wide vulnerability disclosed this week in React Server Components.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a “Predator attack attempt based on the technical behaviour of the infection server, and on specific characteristics of the one-time infection link which were consistent with previously observed Predator 1-click links.” Pakistan has dismissed the allegations, stating “there is not an iota of truth in it.” The findings come from a new joint investigation published in collaboration with Israeli newspaper Haaretz, Greek news site Inside Story, and Swiss tech site Inside IT. It’s based on documents and other materials leaked from the company, including internal documents, sales and marketing material, and training videos. Intellexa is the maker of a mercenary spyware tool called Predator that, similar to NSO Group’s Pegasus, can covertly harvest sensitive data from targets’ Android and iOS devices without their knowledge.

The leaks show that Predator has also been marketed as Helios, Nova, Green Arrow, and Red Arrow. Often, this involves using different initial access vectors like messaging platforms that weaponize previously undisclosed flaws to stealthily install the spyware either via a zero-click or 1-click approach. The attack, therefore, requires a malicious link to be opened in the target’s phone in order to trigger the infection. Should the victim end up clicking the booby-trapped link, a browser exploit for Google Chrome (on Android) or Apple Safari (on iOS) is loaded to gain initial access to the device and download the main spyware payload.

According to data from Google Threat Intelligence Group (GTIG), Intellexa has been linked to the exploitation of the following zero-days, either developed in-house or procured from external entities - CVE-2025-48543

• Use-after-free in Android Runtime (Google) CVE-2025-6554
• Type confusion in V8 (Google Chrome) CVE-2023-41993
• WebKit JIT RCE (Apple Safari) CVE-2023-41992
• Kernel IPC use-after-free (Apple) CVE-2023-41991
• Certificate validation bypass in Security framework (Apple) CVE-2024-4610
• Use-after-free in Bifrost GPU and Valhall GPU Kernel Driver (Arm) CVE-2023-4762
• Type confusion in V8 (Google Chrome) CVE-2023-3079
• Type confusion in V8 (Google Chrome) CVE-2023-2136
• Integer overflow in Skia (Google Chrome) CVE-2023-2033
• Use-after-free in V8 (Google Chrome) CVE-2021-38003
• Inappropriate implementation in V8 (Google Chrome) CVE-2021-38000
• Insufficient validation of untrusted input in Intents (Google Chrome) CVE-2021-37976
• Information leak in memory_instrumentation (Google Chrome) CVE-2021-37973
• Use-after-free in Portals (Google Chrome) CVE-2021-1048
• Use-after-free in Android Kernel (Google) One such iOS zero-day exploit chain used against targets in Egypt in 2023 involved leveraging CVE-2023-41993 and a framework named JSKit to perform native code execution. GTIG said it observed the same exploit and framework used in a watering hole attack orchestrated by Russian government-backed hackers against Mongolian government websites, raising the possibility that the exploits are being sourced from a third-party. Marketing brochure presenting the capabilities of Intellexa’s spyware product “The JSKit framework is well maintained, supports a wide range of iOS versions, and is modular enough to support different Pointer Authentication Code (PAC) bypasses and code execution techniques,” Google explained . “The framework can parse in-memory Mach-O binaries to resolve custom symbols and can ultimately manually map and execute Mach-O binaries directly from memory.” Screenshot of an example PDS (Predator Delivery Studio) dashboard interface used to manage targets and view collected surveillance data Following the exploitation of CVE-2023-41993, the attack moved to the second stage to break out of the Safari sandbox and execute an untrusted third-stage payload dubbed PREYHUNTER by taking advantage of CVE-2023-41991 and CVE-2023-41992.

PREYHUNTER consists of two modules - Watcher, which monitors crashes, makes sure that the infected device does not exhibit any suspicious behavior, and proceeds to terminate the exploitation process if such patterns are detected Helper, which communicates with the other parts of the exploit via a Unix socket and deploys hooks to record VoIP conversations, run a keylogger, and capture pictures from the camera Intellexa is also said to be using a custom framework that facilitates the exploitation of various V8 flaws in Chrome – i.e., CVE-2021-38003, CVE-2023-2033, CVE-2023-3079, CVE-2023-4762, and CVE-2025-6554 – with the abuse of CVE-2025-6554 observed in June 2025 in Saudi Arabia. Once the tool is installed, it collects data from messaging apps, calls, emails, device locations, screenshots, passwords, and other on-device information and exfiltrates them to an external server physically located in the customer’s country. Predator also comes fitted with the ability to activate the device’s microphone to silently capture ambient audio and leverage the camera to take photos. The company, along with some key executives, was subjected to U.S.

sanctions last year for developing and distributing the surveillance tool and undermining civil liberties. Despite continued public reporting, Recorded Future’s Insikt Group disclosed in June 2025 that it detected Predator-related activity in over a dozen countries, primarily in Africa, suggesting “growing demand for spyware tools.” Perhaps the most significant revelation is that people working at Intellexa allegedly had the capability to remotely access the surveillance systems of at least some of its customers, including those located on the premises of its governmental customers, using TeamViewer. “The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs – allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes,” Jurre van Bergen, technologist at Amnesty International Security Lab, said in a news release. “If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware.” The report has also highlighted the different delivery vectors adopted by Intellexa to trigger the opening of the malicious link without the need for the target to manually click on it.

This includes tactical vectors like Triton (disclosed in October 2023), Thor, and Oberon (both unknown at this stage), as well as strategic vectors that are delivered remotely via the internet or mobile network. The three strategic vectors are listed below - Mars and Jupiter , which are network injection systems that require cooperation between the Predator customer and the victim’s mobile operator or internet service provider (ISP) to stage an adversary-in-the-middle (AitM) attack by waiting for the target to open an unencrypted HTTP website to activate the infection or when the target visits a domestic HTTPS website that’s been already intercepted using valid TLS certificates. Aladdin , which exploits the mobile advertising ecosystem to carry out a zero-click attack that’s triggered simply upon viewing the specially-crafted ad. The system is believed to have been under development since at least 2022.

“The Aladdin system infects the target’s phone by forcing a malicious advertisement created by the attacker to be shown on the target’s phone,” Amnesty said. “This malicious ad could be served on any website which displays ads.” Mapping of Intellexa’s corporate web linked to Czech cluster Google said the use of malicious ads on third-party platforms is an attempt to abuse the advertising ecosystem for fingerprinting users and redirecting targeted users to Intellexa’s exploit delivery servers. It also said it worked with other partners to identify the companies Intellexa created to create the ads and shut those accounts. In a separate report, Recorded Future said it discovered two companies called Pulse Advertise and MorningStar TEC that appear to be operating in the advertising sector and are likely tied to the Aladdin infection vector.

Furthermore, there is evidence of Intellexa customers based in Saudi Arabia, Kazakhstan, Angola, and Mongolia still communicating with Predator’s multi-tiered infrastructure. “In contrast, customers in Botswana, Trinidad and Tobago, and Egypt ceased communication in June, May, and March 2025, respectively,” it added . “This may indicate that these entities discontinued their use of Predator spyware around those times; however, it is also possible that they merely modified or migrated their infrastructure setups.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

“Getting to Yes”: An Anti-Sales Guide for MSPs

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created “Getting to Yes”: An Anti-Sales Guide for MSPs .

This guide helps service providers transform resistance into trust and turn sales conversations into long-term partnerships. In the guide, you’ll learn how to shift from persuasion to partnership, uncover what really drives objections, and lead with credibility as a trusted cyber advisor. Why Traditional Cybersecurity Sales Strategies Don’t Work Today’s buyers aren’t saying “no” to your services because they don’t care about security. They’re saying “no” because they don’t understand what they’re hearing.

Most SMBs already know cybersecurity is important. In fact, 57% call it a top priority. However, they’re lost in complexity, jargon, and vendor noise. When MSPs respond by “selling harder,” it only fuels skepticism.

What prospects actually want is confidence. They want to know: Will this protect my business, my reputation, and my bottom line? Your role as an MSP is to bridge that gap and help clients connect cybersecurity to what truly matters: uptime, revenue, and resilience. To do that, you first need to understand why prospects hesitate.

Below are five of the most common objections MSPs hear from prospects, along with strategies to turn each one into an opportunity to educate and build trust. (For the complete list of the top 10 objections and strategies to overcome them, download the “Getting to Yes” guide.) Top 5 Cybersecurity Sales Objections Why prospects hesitate, and how to respond. “It’s too expensive.” Security feels like a cost center. √ Reframe it as business protection that safeguards revenue and uptime.

“We’re already protected.” Basic tools feel “good enough.” √ A quick assessment often reveals hidden gaps and outdated defenses. “We’re too small to be a target.” SMBs make up most ransomware victims. √ No business is “too small”, only underprepared. “It’s too complicated.” Jargon and acronyms create confusion.

√ Simplify the story. Clarity builds confidence and momentum. “We don’t have time for this.” Security feels like extra work. √ Show how managed services save time and reduce operational noise.

These objections are often based on perception rather than fact. Responding with empathy, clear education, and real evidence is how trust is built, and where the trust-first conversation begins. The Trust-First Framework The trust-first framework is a practical model for transforming every prospect conversation into a collaborative business discussion. It’s built on three core pillars: 1.

Empathy: Seek to understand before advising Listen first. Identify what your client truly values, whether it’s growth, uptime, reputation, etc., and tie security to those outcomes. 2. Education: Translate risk into business impact Replace technical jargon and FUD with clear, value-driven language.

Explain how cybersecurity supports continuity, compliance, and revenue. 3. Evidence: Show the proof, don’t just promise it Build credibility through proof points: client results, clear reports, and measurable progress. Turning Selling into Partnership The most effective MSPs lead sales conversations that feel like collaborative problem-solving by: Asking discovery questions that elevate the dialogue from IT issues to core business outcomes Reframing objections, like “It’s too expensive,” “We’re too small,” or “We’re already compliant,” into opportunities for collaboration Using structured frameworks such as the Cyber Advisor’s First-Call Checklist to create meaningful, trust-driven discussions (to download the Cyber Advisor’s First-Call Checklist, download the full “Getting to Yes” guide).

Making progress visible from day one with clear goals, measurable milestones, and regular business reviews When you approach every client as a partner rather than a prospect, the “yes” follows naturally. Proving the Partnership: Demonstrating Value and Differentiation Once you’ve reframed cybersecurity around business value, the next step is proving it. MSPs that win consistently are those that make their value clear, measurable, and aligned with client goals. Here are some key ways to show proof of value: Share real results: Use case studies and success metrics to show how similar businesses improved resilience and compliance.

Set clear expectations:

Outline deliverables and progress milestones from the start. Align with trusted frameworks:

Map services to established security and compliance standards. Visualize progress:

Show dashboards and reports to make improvement visible and tangible. Highlight AI-driven insights

Show how intelligent automation enhances protection, efficiency, and real-time risk visibility.

For more in-depth guidance and examples on how to prove value and build trust through measurable outcomes, download the full “Getting to Yes” guide . Building a “Yes” Environment Trust is created through structure, consistency, and clear communication. When clients can see steady progress and tangible value at every step, confidence grows naturally. Create regular, value-driven touchpoints: Start with an initial assessment, follow with a collaborative workshop, and maintain quarterly business reviews to keep the partnership strategic.

Make progress measurable: Establish a baseline, share dashboards, and connect every action to ROI. Putting Trust Into Action with Automation Automation makes the trust-first model repeatable, scalable, and consistent. The right tools help MSPs streamline their process and focus on what matters most: building stronger client relationships. Automated platforms, like Cynomi, enable providers to: Accelerate discovery with fast, accurate assessments and framework mapping Prove value instantly through posture dashboards and measurable progress reports Identify upsell opportunities by uncovering gaps and emerging client needs Standardize delivery across accounts with repeatable, data-driven workflows By combining automation with human expertise, MSPs gain the visibility, structure, and credibility to scale their cybersecurity business and build lasting trust with every client.

The Secret Was Never About Selling Successful MSPs win by guiding with clarity and confidence. They act as trusted advisors, helping clients see where risk meets business reality and how smart security decisions enable growth. They combine human expertise with automated platforms that simplify assessments, visualize progress, and prove value at every stage. By focusing on education, transparency, and measurable outcomes, they shift the conversation toward value, resilience, and long-term partnerships.

When trust leads the way, every discussion becomes a step toward collaboration and lasting success. The “Getting to Yes” Guide for MSPs provides a clear and practical roadmap for leveraging trust and automation as your most powerful growth driver. Download Getting to Yes: An Anti-Sales Guide for MSPs to learn more. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said . “BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, persistence, and secure command-and-control.” Written in Golang, the custom implant essentially gives bad actors interactive shell access on the system and allows them to browse, upload, download, create, delete, and manipulate files The malware, mainly used in attacks targeting governments and information technology (IT) sectors, also supports multiple protocols, such as HTTPS, WebSockets, and nested Transport Layer Security (TLS), for command-and-control (C2), DNS-over-HTTPS (DoH) to conceal communications and blend in with normal traffic, and can act as a SOCKS proxy to facilitate lateral movement.

The cybersecurity agency did not disclose how many government agencies have been impacted or what type of data was stolen. The activity represents an ongoing tactical evolution of Chinese hacking groups, which have continued to strike edge network devices to breach networks and cloud infrastructures. In a statement shared with Reuters, a spokesperson for the Chinese embassy in Washington rejected the accusations, stating the Chinese government does not “encourage, support, or connive at cyber attacks.” BRICKSTORM was first documented by Google Mandiant in 2024 in attacks linked to the zero-day exploitation of Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887). The use of the malware has been attributed to two clusters tracked as UNC5221 and a new China-nexus adversary tracked by CrowdStrike as Warp Panda.

Earlier this September, Mandiant and Google Threat Intelligence Group (GTIG) said they observed legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. being targeted by UNC5221 and other closely related threat activity clusters to deliver the malware. A key feature of the malware, per CISA, is its ability to automatically reinstall or restart itself by means of a self-monitoring function that allows its continued operation in the face of any potential disruption. In one case detected in April 2024, the threat actors are said to have accessed a web server inside an organization’s demilitarized zone (DMZ) using a web shell, before moving laterally to an internal VMware vCenter server and implanting BRICKSTORM.

However, many details remain unknown, including the initial access vector used in the attack and when the web shell was deployed. The attackers have also been found to leverage the access to obtain service account credentials and laterally move to a domain controller in the DMZ using Remote Desktop Protocol ( RDP ) so as to capture Active Directory information. Over the course of the intrusion, the threat actors managed to get the credentials for a managed service provider (MSP) account, which was then used to jump from the internal domain controller to the VMware vCenter server. CISA said the actors also moved laterally from the web server using Server Message Block ( SMB ) to two jump servers and an Active Directory Federation Services ( ADFS ) server, exfiltrating cryptographic keys from the latter.

The access to vCenter ultimately enabled the adversary to deploy BRICKSTORM after elevating their privileges. “BRICKSTORM uses custom handlers to set up a SOCKS proxy, create a web server on the compromised system, and execute commands on the compromised system,” it said, adding some artifacts are “designed to work in virtualized environments, using a virtual socket ( VSOCK ) interface to enable inter-VM [virtual machine] communication, facilitate data exfiltration, and maintain persistence.” Warp Panda Uses BRICKSTORM Against U.S. Entities CrowdStrike, in its analysis of Warp Panda, said it has detected multiple intrusions targeting VMware vCenter environments at U.S.-based legal, technology, and manufacturing entities this year that have led to the deployment of BRICKSTORM. The group is believed to have been active since at least 2022.

“Warp Panda exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments,” the company said . “Warp Panda demonstrates a high level of stealth and almost certainly focuses on maintaining persistent, long-term, covert access to compromised networks.” Evidence shows the hacking group gained initial access to one entity in late 2023. Also deployed in the attacks alongside BRICKSTORM are two previously undocumented Golang implants, namely Junction and GuestConduit, on ESXi hosts and guest VMs, respectively. Junction acts as an HTTP server to listen for incoming requests and supports a wide range of capabilities to execute commands, proxy network traffic, and interact with guest VMs through VM sockets (VSOCK).

GuestConduit, on the other hand, is a network traffic–tunneling implant that resides within a guest VM and establishes a VSOCK listener on port 5555. Its primary responsibility is to facilitate communication between guest VMs and hypervisors. Initial access methods involve the exploitation of internet-facing edge devices to pivot to vCenter environments, either using valid credentials or abusing vCenter vulnerabilities. Lateral movement is achieved by using SSH and the privileged vCenter management account “vpxuser.” The hacking crew has also used the Secure File Transfer Protocol ( SFTP ) to move data between hosts.

Some of the exploited vulnerabilities are listed below - CVE-2024-21887 (Ivanti Connect Secure) CVE-2023-46805 (Ivanti Connect Secure) CVE-2024-38812 (VMware vCenter) CVE-2023-34048 (VMware vCenter) CVE-2021-22005 (VMware vCenter) CVE-2023-46747 (F5 BIG-IP) The entire modus operandi revolves around maintaining stealth by clearing logs, timestomping files, and creating rogue VMs that are shut down after use. BRICKSTORM, masquerading as benign vCenter processes, is employed to tunnel traffic through vCenter servers, ESXi hosts, and guest VMs. Similar to details shared by CISA, CrowdStrike noted that the attackers used their access to vCenter servers to clone domain controller VMs, possibly in a bid to harvest the Active Directory Domain Services database. The threat actors have also been spotted accessing the email accounts of employees who work in areas that align with Chinese government interests.

“Warp Panda likely used their access to one of the compromised networks to engage in rudimentary reconnaissance against an Asia Pacific government entity,” the company said. “They also connected to various cybersecurity blogs and a Mandarin-language GitHub repository.” Another significant aspect of Warp Panda’s activities is their focus on establishing persistence in cloud environments and accessing sensitive data. Characterizing it as a “cloud-conscious adversary,” CrowdStrike said the attackers exploited their access to entities’ Microsoft Azure environments to access data stored in OneDrive, SharePoint, and Exchange. In at least one incident, the hackers managed to get hold of user session tokens, likely by exfiltrating user browser files and tunneled traffic through BRICKSTORM implants to access Microsoft 365 services via a session replay attack and download SharePoint files related to the organization’s network engineering and incident response teams.

The attackers have also engaged in additional ways to set up persistence, such as by registering a new multi-factor authentication (MFA) device through an Authenticator app code after initially logging into a user account. In another intrusion, the Microsoft Graph API was used to enumerate service principals, applications, users, directory roles, and emails. “The adversary primarily targets entities in North America and consistently maintains persistent, covert access to compromised networks, likely to support intelligence-collection efforts aligned with PRC strategic interests,” CrowdStrike said. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote desktop access solution that allows users to securely access their work computers from any location. “Exploitation of this vulnerability could allow attackers to execute arbitrary commands,” JPCERT/CC said .

“This vulnerability affects systems where the ‘DesktopDirect’ feature, which provides remote desktop access, is enabled.” The agency said it has confirmed incidents in Japan that have exploited the shortcoming after August 2025 to drop web shells on susceptible devices. The attacks have originated from the IP address “ 194.233.100[.]138 .” There are currently no details available on the scale of the attacks, weaponizing the flaw, and identity of the threat actors exploiting it. However, an authentication bypass flaw in the same product ( CVE-2023-28461 , CVSS score: 9.8) was exploited last year by a China-linked cyber espionage group dubbed MirrorFace , which has a history of targeting Japanese organizations since at least 2019. That said, there is no evidence to suggest that at this stage the threat actor could be linked to the latest attack spree.

The vulnerability impacts ArrayOS versions 9.4.5.8 and earlier, and has been addressed in version ArrayOS 9.4.5.9. Users are advised to apply the latest updates as soon as possible to mitigate potential threats. In case patching is not an immediate option, it’s recommended to disable DesktopDirect services and use URL filtering to deny access to URLs containing a semicolon, JPCERT/CC said. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malware associated with the Chinese cybercrime group. The activity has been underway since November 2025. “This campaign targets Chinese-speaking users, including those within Western organizations operating in China, using a modified ‘ValleyRAT’ loader containing Cyrillic elements – likely an intentional move to mislead attribution,” ReliaQuest researcher Hayden Evans said in a report shared with The Hacker News.

ValleyRAT, a variant of Gh0st RAT, allows threat actors to remotely control infected systems, exfiltrate sensitive data, execute arbitrary commands, and maintain long-term persistence within targeted networks. It’s worth noting that the use of Gh0st RAT is primarily attributed to Chinese hacking groups. The use of Teams for the SEO poisoning campaign marks a departure from prior efforts that have leveraged other popular programs like Google Chrome, Telegram, WPS Office, and DeepSeek to activate the infection chain. The SEO campaign is meant to redirect users to a bogus website that features an option to download the supposed Teams software.

In reality, a ZIP file named “MSTчamsSetup.zip” is retrieved from an Alibaba Cloud URL. The archive utilizes Russian linguistic elements to confuse attribution efforts. Present within the file is “Setup.exe,” a trojanized version of Teams that’s engineered to scan running processes for binaries related to 360 Total Security (“360tray.exe”), configure Microsoft Defender Antivirus exclusions, and write the trojanized version of the Microsoft installer (“Verifier.exe”) to the “AppData\Local" path and execute it. The malware proceeds to write additional files, including “AppData\Local\Profiler.json,” “AppData\Roaming\Embarcadero\GPUCache2.xml,” “AppData\Roaming\Embarcadero\GPUCache.xml,” and “AppData\Roaming\Embarcadero\AutoRecoverDat.dll.” In the next step, it loads data from “Profiler.json” and “GPUcache.xml,” and launches the malicious DLL into the memory of “rundll32.exe,” a legitimate Windows process, so as to fly under the radar.

The attack moves to the final stage with the malware establishing a connection to an external server to fetch the final payload to facilitate remote control. “Silver Fox’s objectives include financial gain through theft, scams, and fraud, alongside the collection of sensitive intelligence for geopolitical advantage,” ReliaQuest said. “Targets face immediate risks such as data breaches, financial losses, and compromised systems, while Silver Fox maintains plausible deniability, allowing it to operate discreetly without direct government funding.” The disclosure comes as Nextron Systems highlighted another ValleyRAT attack chain that uses a trojanized Telegram installer as the starting point to kick off a multi-stage process that ultimately delivers the trojan. This attack is also notable for leveraging the Bring Your Own Vulnerable Driver ( BYOVD ) technique to load “NSecKrnl64.sys” and terminate security solution processes.

“This installer sets a dangerous Microsoft Defender exclusion, stages a password-protected archive together with a renamed 7-Zip binary, and then extracts a second-stage executable,” security researcher Maurice Fielenbach said . “That second-stage orchestrator, men.exe, deploys additional components into a folder under the public user profile, manipulates file permissions to resist cleanup, and sets up persistence through a scheduled task that runs an encoded VBE script. This script in turn launches a vulnerable driver loader and a signed binary that sideloads the ValleyRAT DLL.” Men.exe is also responsible for enumerating running processes to identify endpoint security-related processes, as well as loading the vulnerable “NSecKrnl64.sys” driver using “NVIDIA.exe” and executing ValleyRAT. Furthermore, one of the key components dropped by the orchestrator binary is “bypass.exe,” which enables privilege escalation by means of a User Account Control ( UAC ) bypass.

“On the surface, victims see a normal installer,” Fielenbach said. “In the background, the malware stages files, deploys drivers, tampers with defenses, and finally launches a ValleyRat beacon that keeps long-term access to the system.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.

Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical yETH Exploit Used to Steal $9M A critical exploit targeting Yearn Finance’s yETH pool on Ethereum has been exploited by unknown threat actors, resulting in the theft of approximately $9 million from the protocol. The attack is said to have abused a flaw in how the protocol manages its internal accounting, stemming from the fact that a cache containing calculated values to save on gas fees was never cleared when the pool was completely emptied. “The attacker achieved this by minting an astronomical number of tokens – 235 septillion yETH (a 41-digit number) – while depositing only 16 wei, worth approximately $0.000000000000000045,” Check Point said .

“This represents one of the most capital-efficient exploits in DeFi history.” Linux malware evolves stealth New Symbiote and BPFDoor Variants Spotted Fortinet said it discovered 151 new samples of BPFDoor and three of Symbiote exploiting extended Berkeley Packet Filters (eBPFs) to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert command-and-control (C2) communication. In the case of Symbiote, the BPF instructions show the new variant only accepts IPv4 or IPv6 packets for protocols TCP, UDP, and SCTP on non-standard ports 54778, 58870, 59666, 54879, 57987, 64322, 45677, and 63227. Coming to BPFDoor, the newly identified artifacts have been found to support both IPv4 and IPv6, as well as switch to a completely different magic packet mechanism. “Malware authors are enhancing their BPF filters to increase their chances of evading detection.

Symbiote uses port hopping on UDP high ports, and BPFDoor implements IPv6 support,” security researcher Axelle Apvrille said . Phishing blitz blocked Microsoft Blocks Storm-0900 Phishing Campaign Microsoft said it detected and blocked on November 26, 2025, a high-volume phishing campaign from a threat actor named Storm-0900. “The campaign used parking ticket and medical test result themes and referenced Thanksgiving to lend credibility and lower recipients’ suspicion,” it said . “The campaign consisted of tens of thousands of emails and targeted primarily users in the United States.” The URLs redirected to an attacker-controlled landing page that first required users to solve a slider CAPTCHA by clicking and dragging a slider, followed by ClickFix , which tricked users into running a malicious PowerShell script under the guise of completing a verification step.

The end goal of the attacks was to deliver a modular malware known as XWorm that enables remote access, data theft, and deployment of additional payloads. “Storm-0900 is a prolific threat actor that, when active, launches phishing campaigns every week,” Microsoft said. Grant scam hides malware ClickFix Campaign Delivers Stealerium Infostealer A new phishing campaign has been observed distributing bogus emails claiming to be about a professional achievement grant that lures them with supposed monetary grants. “It includes a password-protected ZIP and personalized details to appear legitimate, urging the victim to open the attached ‘secure digital package’ to claim the award, setting up the credential phish and malware chain that follows,” Trustwave said .

The ZIP archive contains an HTML page that’s designed to phish their webmail credentials and exfiltrate it to a Telegram bot. Then a malicious SVG image is used to trigger a PowerShell ClickFix chain that installs the Stealerium infostealer to fix a purported issue with Google Chrome. Russian spies hit NGOs COLDRIVER Targets French NGO Reporters Without Borders A fresh wave of spear-phishing activity linked to the Russia-nexus intrusion set COLDRIVER has targeted non-profit organization Reporters Without Borders (RSF), which was designated as an “undesirable” entity by the Kremlin in August 2025. The attack, observed in March 2025, originated from a Proton Mail address, urging targets to review a malicious document by sharing a link that likely redirected to a Proton Drive URL hosting a PDF file.

In another case targeting a different victim, the PDF came attached to the email message. “The retrieved file is a typical Calisto decoy: it displays an icon and a message claiming that the PDF is encrypted, instructing the user to click a link to open it in Proton Drive,” Sekoia said . “When the user clicks the link, they are first redirected to a Calisto redirector hosted on a compromised website, which then forwards them to the threat actor’s phishing kit.” The redirector is a PHP script deployed on compromised websites, which ultimately takes the victims to an adversary-in-the-middle (AiTM) phishing page that can capture their Proton credentials. Proton has since taken down the attacker-controlled accounts.

Android boosts scam defense Google Expands Android Scam Protection to Cash App, JPMorganChase in U.S. Google has expanded in-call scam protection on Android to Cash App and JPMorganChase in the U.S., after piloting the feature in the U.K., Brazil , and India . “When you launch a participating financial app while screen sharing and on a phone call with a number that is not saved in your contacts, your Android device will automatically warn you about the potential dangers and give you the option to end the call and to stop screen sharing with just one tap,” Google said . “The warning includes a 30-second pause period before you’re able to continue, which helps break the ‘spell’ of the scammer’s social engineering, disrupting the false sense of urgency and panic commonly used to manipulate you into a scam.” The feature is compatible with Android 11+ devices.

Ransomware hides behind packer New TangleCrypt Packer Spotted in the Wild A previously undocumented packer for Windows malware named TangleCrypt has been used in a September 2025 Qilin ransomware attack to conceal malicious payloads like the STONESTOP EDR killer by using the ABYSSWORKER driver as part of a bring your own vulnerable driver (BYOVD) attack to forcefully terminate installed security products on the device. “The payload is stored inside the PE Resources via multiple layers of base64 encoding, LZ78 compression, and XOR encryption,” WithSecure said . “The loader supports two methods of launching the payload: in the same process or in a child process. The chosen method is defined by a string appended to the embedded payload.

To hinder analysis and detection, it uses a few common techniques like string encryption and dynamic import resolving, but all of these were found to be relatively simple to bypass. Although the packer has an overall interesting design, we identified several flaws in the loader implementation that may cause the payload to crash or show other unexpected behaviour.” SSL certificates shorten lifespan Let’s Encrypt to Decrease Certificate Lifetimes to 45 Days Let’s Encrypt has officially announced plans to reduce the maximum validity period of its SSL/TLS certificates from 90 days to 45 days. The transition, which will be completed by 2028, aligns with broader industry shifts mandated by the CA/Browser Forum Baseline Requirements. “Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient,” Let’s Encrypt said .

“We are also reducing the authorization reuse period, which is the length of time after validating domain control that we allow certificates to be issued for that domain. It is currently 30 days, which will be reduced to 7 hours by 2028.” Fake extension drops RATs Malicious VS Code Extension Delivers Anivia Loader and OctoRAT A malicious Visual Studio Code (VS Code) extension named “prettier-vscode-plus” has been published to the official VS Code Marketplace, impersonating the legitimate Prettier formatter. The attack starts with a Visual Basic Script dropper that’s designed to run an embedded PowerShell script to fetch the next-stage payloads. “The extension served as the entry point for a multi-stage malware chain, starting with the Anivia loader, which decrypted and executed further payloads in memory,” Hunt.io said .

“OctoRAT, the third-stage payload dropped by the Anivia loader, provided full remote access, including over 70 commands for surveillance, file theft, remote desktop control, persistence, privilege escalation, and harassment.” Some aspects of the attack were disclosed last month by Checkmarx. Nations issue OT AI guidance Australia, U.S., and Others Release OT AI Security Guidance Cybersecurity and intelligence agencies from Australia, Canada, Germany, the Netherlands, New Zealand, the U.K., and the U.S. have released new guidelines for secure integration of Artificial Intelligence (AI) in Operational Technology (OT) environments. The key principles include educating personnel on AI risks and its impacts, evaluating business cases, implementing governance frameworks to ensure regulatory compliance, and maintaining oversight, keeping safety and security in mind.

“That kind of coordination is rare and signals the importance of this issue,” Floris Dankaart, lead product manager of managed extended detection and response at NCC Group, said. “Equally important, most AI-guidance addresses IT, not OT (the systems that keep power grids, water treatment, and industrial processes running). It’s refreshing and necessary to see regulators acknowledge OT-specific risks and provide actionable principles for integrating AI safely in these environments.” Airports hit by GPS spoofing India Reveals GPS Spoofing at Major Airports The Indian government has revealed that local authorities have detected GPS spoofing and jamming at eight major airports, including those in Delhi, Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai. Civil Aviation Minister Ram Mohan Naidu Kinjarapu, however, did not provide any details on the source of the spoofing and/or jamming, but noted the incidents did not cause any harm.

“To enhance cyber security against global threats, AAI [Airports Authority of India] is implementing advanced cyber security solutions for IT networks and infrastructure,” Naidu said . npm worm leaks secrets Shai-Hulud 2.0 Exposed 400K Secrets The second Shai-Hulud supply chain attack targeting the npm registry exposed around 400,000 unique raw secrets after compromising over 800 packages and publishing stolen data in 30,000 GitHub repositories. Of these, only about 2.5% those are verified. “The dominant infection vector is the @postman/tunnel-agent-0.6.7 package, with @asyncapi/specs-6.8.3 identified as the second-most frequent,” Wiz said .

“These two packages account for over 60% of total infections. PostHog, which provided a detailed postmortem of the incident, is believed to be the ‘patient zero’ of the campaign. The attack stemmed from a flaw in CI/CD workflow configuration that allowed malicious code from a pull request to run with enough privileges to grab high-value secrets. “At this point, it is confirmed that the initial access vector in this incident was abuse of pull_request_target via PWN request,” Wiz added.

The self-replicating worm has been found to steal cloud credentials and use them to “access cloud-native secret management services,” as well as unleash destructive code that wipes user data if the worm is unsuccessful in propagating further. Fake Wi-Fi hacker jailed Perth Hacker Jailed for Running “Evil Twin” Wi-Fi Michael Clapsis, a 44-year-old Australian man, has been sentenced to over seven years in prison for setting up fake Wi-Fi access points to steal personal data. The defendant, who was charged in June 2024, ran fake free Wi-Fi access points at the Perth, Melbourne, and Adelaide airports during multiple domestic flights and at work. He deployed evil twin networks to redirect users to phishing pages and capture credentials, subsequently using the information to access personal accounts and collect intimate photos and videos of women.

Clapsis also hacked his employer in April 2024 and accessed emails between his boss and the police after his arrest. The investigation was launched that month after an airline employee discovered a suspicious Wi-Fi network during a domestic flight. “The man used a portable wireless access device, sometimes known as a Wi-Fi Pineapple, to passively listen for device probe requests,” the Australian Federal Police (AFP) said . “When detecting a request, the Wi-Fi Pineapple instantly creates a matching network with the same name, tricking a device into thinking it is a trusted network.

The device would then connect automatically.” Massive camera hack exposed South Korea Arrests Suspects Behind Massive IP Camera Snooping Authorities in South Korea have arrested four individuals, believed to be working independently, for collectively hacking into more than 120,000 internet protocol cameras. Three of the suspects are said to have taken the footage recorded from private homes and commercial facilities, including a gynaecologist’s clinic , and created hundreds of sexually exploitative materials to sell them to a foreign adult site (referred to as “Site C”). In addition, three individuals who purchased such illegal content from the website have already been arrested and face up to three years in prison. Thousands of secrets exposed Public GitLab Repositories Leak 17K Secrets A scan of about 5.6 million public repositories on GitLab has revealed over 17,000 verified live secrets, according to TruffleHog.

Google Cloud Platform (GCP) credentials were the most leaked secret type on GitLab repositories, followed by MongoDB, Telegram bots, OpenAI, OpenWeather, SendGrid, and Amazon Web Services. The 17,430 leaked secrets belonged to 2804 unique domains, with the earliest valid secret dating back to December 16, 2009. Fake Zendesk sites lure victims Scattered LAPSUS$ Hunters Target Zendesk Users with Fake Domains The cybercriminal alliance known as Scattered LAPSUS$ Hunters has been observed going after Zendesk servers in an effort to steal corporate data they can use for ransom operations. ReliaQuest said it detected more than 40 typosquatted and impersonating domains mimicking Zendesk environments.

“Some of the domains are hosting phishing pages with fake single sign-on (SSO) portals designed to steal credentials and deceive users,” it said . “We also have evidence to suggest that fraudulent tickets are being submitted directly to legitimate Zendesk portals operated by organizations using the platform for customer service. These fake submissions are crafted to target support and help-desk personnel, infecting them with remote access trojans (RATs) and other types of malware.” While the infrastructure patterns point to the notorious cybercrime group, ReliaQuest said that copycats inspired by the group’s success couldn’t be ruled out. AI skills abused for ransomware Weaponizing Claude Skills for MedusaLocker Attack Cato Networks has demonstrated that it’s possible to leverage Anthropic’s Claude Skills , which allows users to create and share custom code modules that expand on the AI chatbot’s capabilities, to execute a MedusaLocker ransomware attack.

The test shows “how a trusted Skill could trigger real ransomware behavior end-to-end under the same approval context,” the company said . “Because Skills can be freely shared through public repositories and social channels, a convincing ‘productivity’ Skill could easily be propagated through social engineering, turning a feature designed to extend your AI’s capabilities into a malware delivery vector.” However, Anthropic has responded to the proof-of-concept (PoC) by stating the feature is by design, adding “Skills are intentionally designed to execute code” and that users are explicitly asked and warned prior to running a skill. Cato Networks has argued that the chief concern revolves around trusting the skill. “Once a Skill is approved, it gains persistent permissions to read/write files, download or execute additional code, and open outbound connections, all without further prompts or visibility,” it noted.

“This creates a consent gap: users approve what they see, but hidden helpers can still perform sensitive actions behind the scenes.” Stego loader hides LokiBot .NET Steganography Loader Drops LokiBot A .NET loader has been observed using steganographic techniques to deliver various remote access trojans like Quasar RAT and LokiBot . The loader, per Splunk, disguises itself as a legitimate business document to trick users into decompressing and opening the file. Once launched, it decrypts and loads an additional module directly into the process’s allocated memory space. LokiBot “primarily targets Windows (and later Android variants), harvesting browser and app credentials, cryptocurrency wallets, and keystrokes, and can provision backdoors for further payloads,” Splunk said.

Iranian malware spreads fast New Nimbus Manticore Malware Detailed Deep Instinct has analyzed a 64-bit binary that’s linked to a hacking group known as Nimbus Manticore . It’s compiled using Microsoft Visual C/C++ and the Microsoft Linker. The malware, besides featuring advanced capabilities to dynamically load additional components at runtime and hide itself from static analysis tools, attempts to move laterally across the network and gain elevated access. “This malware isn’t content to sit on a single compromised machine,” the company said .

“It wants to spread, gain administrative access, and position itself for maximum impact across your infrastructure.” Teams guest access exploited Threat Actors Abuse Teams Guest Access to Drop Quick Assist Threat actors have been found to impersonate IT personnel in social engineering attacks via Microsoft Teams to approach victims and deceive them into installing Quick Assist after providing their credentials on a phishing link shared on the messaging platform. Also executed were commands to conduct reconnaissance, command and control (C2), and data exfiltration, as well as drop what appears to be a Python-compiled infostealer. However, the most notable aspect of the attack is that it leverages Teams’ guest access feature to send invites. “On November 4, 2025, suspicious activity was observed in a customer environment through the Microsoft Teams ‘Chat with Anyone’ feature, which allows direct messaging with external users via email addresses,” CyberProof said .

“An external user (mostafa.s@dhic.edu[.]eg) contacted the user in Teams, claiming to be from IT support.” Stealer updates add Protobufs What’s New in Matanbuchus 3.0? A C++ downloader named Matanbuchus has been used in campaigns distributing the Rhadamanthys information stealer and the NetSupport RAT. First observed in 2020, the malware is mainly designed to download and execute second-stage payloads. Version 3.0 of Matanbuchus was identified in the wild in July 2025.

“In version 3.0, the malware developer added Protocol Buffers (Protobufs) for serializing network communication data,” Zscaler said . “Matanbuchus implements a number of obfuscation techniques to evade detection, such as adding junk code, encrypted strings, and resolving Windows API functions by hash. Additional anti-analysis features include a hardcoded expiration date that prevents Matanbuchus from running indefinitely and establishes persistence via downloaded shellcode that creates a scheduled task.” If there’s one thing these stories show, it’s that cybersecurity never sleeps. The threats might sound technical, but the impact always lands close to home — our money, our data, our trust.

Staying alert and informed isn’t paranoia anymore; it’s just good sense. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

5 Threats That Reshaped Web Security This Year [2025]

As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, and why the lessons learned will define digital protection for years to come. 1.

Vibe Coding Natural language coding, “ vibe coding “ , transformed from novelty to production reality in 2025, with nearly 25% of Y Combinator startups using AI to build core codebases. One developer launched a multiplayer flight simulator in under three hours, eventually scaling it to 89,000 players and generating thousands in monthly revenue. The Result Code that functions perfectly yet contains exploitable flaws, bypassing traditional security tools. AI generates what you ask for, not what you forget to ask.

The Damage Production Database Deleted – Replit’s AI assistant wiped Jason Lemkin’s database (1,200 executives, 1,190 companies) despite code freeze orders AI Dev Tools Compromised – Three CVEs exposed critical flaws in popular AI coding assistants: CurXecute (CVE-2025-54135) enabled arbitrary command execution in Cursor, EscapeRoute (CVE-2025-53109) allowed file system access in Anthropic’s MCP server, and (CVE-2025-55284) permitted data exfiltration from Claude Code via DNS-based prompt injection Authentication Bypassed – AI-generated login code skipped input validation, enabling payload injection at a U.S. fintech startup Unsecure code statistics in Vibe coding – 45% of all AI-generated code contains exploitable flaws; 70% Vulnerability Rate in the Java language. Base44 Platform Compromised (July 2025) In July 2025, security researchers discovered a critical authentication bypass vulnerability in Base44, a popular vibe coding platform owned by Wix. The flaw allowed unauthenticated attackers to access any private application on the shared infrastructure, affecting enterprise applications handling PII, HR operations, and internal chatbots.

Wix patched the flaw within 24 hours, but the incident exposed a critical risk: when platform security fails, every application built on top becomes vulnerable simultaneously. The Defense Response Organizations now implement security-first prompting, multi-step validation, and behavioral monitoring that detects unexpected API calls, deviant serialization patterns, or timing vulnerabilities. With the EU AI Act classifying some vibe coding as “high-risk AI systems,” functional correctness no longer guarantees security integrity. 2.

JavaScript Injection In March 2025, 150,000 websites were compromised by a coordinated JavaScript injection campaign promoting Chinese gambling platforms. Attackers injected scripts and iframe elements impersonating legitimate betting sites like Bet365, using full-screen CSS overlays to replace actual web content with malicious landing pages. The campaign’s scale and sophistication demonstrated how lessons from 2024’s Polyfill.io compromise , where a Chinese company weaponized a trusted library affecting 100,000+ sites, including Hulu, Mercedes-Benz, and Warner Bros., had been weaponized into repeatable attack patterns. With 98% of websites using client-side JavaScript, the attack surface has never been larger.

The Impact Even React’s XSS protection failed as attackers exploited prototype pollution, DOM-based XSS, and AI-driven prompt injections. The Damage 150,000+ Sites Compromised – Gambling campaign demonstrated industrial-scale JavaScript injection in 2025 22,254 CVEs Reported – A 30% jump from 2023, exposing massive vulnerability growth 50,000+ Banking Sessions Hijacked – Malware targeted 40+ banks across three continents using real-time page structure detection The Solution Organizations now store raw data and encode by output context: HTML encoding for divs, JavaScript escaping for script tags, URL encoding for links. Behavioral monitoring flags when static libraries suddenly make unauthorized POST requests. Download the 47-page JavaScript injection playbook with framework-specific defenses 3.

Magecart/E-skimming 2.0 Magecart attacks surged 103% in just six months as attackers weaponized supply chain dependencies, according to Recorded Future’s Insikt Group. Unlike traditional breaches that trigger alarms, web skimmers masquerade as legitimate scripts while harvesting payment data in real-time. The Reality Attacks demonstrated alarming sophistication: DOM shadow manipulation, WebSocket connections, and geofencing. One variant went dormant when Chrome DevTools opened.

The Damage Major Brands Compromised – British Airways, Ticketmaster, and Newegg lost millions in fines and reputation damage Modernizr Library Weaponized – Code activated only on payment pages across thousands of websites, invisible to WAFs AI-Powered Selectivity – Attackers profiled browsers for luxury purchases, exfiltrating only high-value transactions cc-analytics Domain Campaign (Sep 2025) Security researchers uncovered a sophisticated Magecart campaign leveraging heavily obfuscated JavaScript to steal payment card data from compromised e-commerce websites, with the malicious infrastructure centered around the domain cc-analytics[.]com has actively been harvesting sensitive customer information for at least one year The Defense Response Organizations discovered CSP provided false confidence; attackers simply compromised whitelisted domains. The solution: validate code by behavior, not source. PCI DSS 4.0.1 Section 6.4.3 now requires continuous monitoring of all scripts accessing payment data, with compliance mandatory from March 2025. 4.

AI Supply Chain Attacks Malicious package uploads to open-source repositories jumped 156% in 2025 as attackers weaponized AI. Traditional attacks meant stolen credentials. New threats introduced polymorphic malware that rewrites itself with each instance and context-aware code that detects sandboxes. The Consequence AI-generated variants mutate daily, rendering signature-based detection useless.

IBM’s 2025 report showed breaches take 276 days to identify and 73 days to contain. The Damage Solana Web3.js Backdoor – Hackers drained $160,000–$190,000 in cryptocurrency during a five-hour window 156% Surge in Malicious Packages – Semantically camouflaged with documentation and unit tests to appear legitimate 276-Day Detection Window – AI-generated polymorphic malware evades traditional security scanning The Shai-Hulud Worm (Sep-Dec 2025) Self-replicating malware used AI-generated bash scripts (identified by comments and emojis) to compromise 500+ npm packages and 25,000+ GitHub repositories in 72 hours. The attack weaponized AI command-line tools for reconnaissance and was designed to evade AI-based security analysis – both ChatGPT and Gemini incorrectly classified the malicious payloads as safe. The worm harvested credentials from developer environments and automatically published trojanized versions using stolen tokens, turning CI/CD pipelines into distribution mechanisms.

The Counter-Measures Organizations deployed AI-specific detection, behavioral provenance analysis, zero-trust runtime defense, and “proof of humanity” verification for contributors. The EU AI Act added penalties up to €35 million or 7% of global revenue. 5. Web Privacy Validation Research revealed that 70% of top US websites drop advertising cookies even when users opt out, exposing organizations to compliance failures and reputational damage.

Periodic audits and static cookie banners couldn’t keep pace with “privacy drift.” The Problem Marketing pixels collect unauthorized IDs, third-party code tracks outside stated policies, and consent mechanisms break after updates, all silently. The Damage €4.5 Million Fine for Retailer – Loyalty program script sent customer emails to external domains for four months undetected HIPAA Violations at Hospital Network – Third-party analytics scripts silently collected patient data without consent 70% Cookie Non-Compliance – Top US websites ignore user opt-out preferences, contradicting privacy claims Capital One Tracking Pixels (March 2025) The federal court ruled that Meta Pixel, Google Analytics, and Tealium’s sharing of credit card application status, employment details, and bank account information constituted “data exfiltration” under CCPA. The March 2025 decision expanded liability beyond traditional breaches, exposing companies to $100-$750 per incident (CCPA) plus $5,000 per incident (CIPA wiretap violations), turning routine tracking into litigation risk equivalent to security breaches. The Defense Response: Continuous web privacy validation became the solution: agentless monitoring ensuring real-world activity aligns with declared policies through data mapping, instant alerts, and fix verification.

Only 20% of companies felt confident in compliance at the year’s start; those implementing continuous monitoring simplified audits and integrated privacy into security workflows. Download the CISO’s Expert Guide to Web Privacy Validation with vendor-specific recommendations here . The Path Forward: Proactive Security in an AI-Driven World These five threats share a common thread: reactive security has become a liability. The lesson of 2025 is clear: by the time you detect a problem with traditional methods, you’ve already been compromised.

Organizations thriving in this landscape share three characteristics: They assume breach as the default state. Rather than preventing all intrusions, they focus on rapid detection and containment, understanding that perfect prevention is impossible. They embrace continuous validation. Successful security programs operate in constant vigilance mode rather than periodic audit cycles.

They treat AI as both a tool and threat. The same technology that generates vulnerabilities can power defensive systems. Deploying AI-aware security to detect AI-generated threats has moved from experimental to essential. Your 2026 Security Readiness Checklist Security teams should prioritize these five validations: Inventory third-party dependencies – Map every external script, library, and API endpoint in production.

Unknown code is an unmonitored risk. Implement behavioral monitoring – Deploy runtime detection that flags anomalous data flows, unauthorized API calls, and unexpected code execution. Audit AI-generated code – Treat all LLM-generated code as untrusted input. Require security review, secrets scanning, and penetration testing before deployment.

Validate privacy controls in production – Test cookie consent, data collection boundaries, and third-party tracking in live environments, not just staging. Establish continuous validation – Move from quarterly audits to real-time monitoring with automated alerting. The question isn’t whether to adopt these security paradigms but how quickly organizations can implement them. The threats that reshaped web security in 2025 aren’t temporary disruptions – they’re the foundation for years to come.

The organizations that act now will define the security standards; those that hesitate will scramble to catch up. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity , observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical report published Wednesday. Assessed to be active as far back as June 2023, GoldFactory first gained attention early last year, when the Singapore-headquartered cybersecurity company detailed the threat actor’s use of custom malware families like GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting both Android and iOS devices. Evidence points to GoldFactory being a well-organized Chinese-speaking cybercrime group with close connections to Gigabud , another Android malware that was spotted in mid-2023.

Despite major disparities in their codebases, both GoldDigger and Gigabud have been found to share similarities in their impersonation targets and landing pages. The first cases in the latest attack wave were detected in Thailand, with the threat subsequently appearing in Vietnam by late 2024 and early 2025 and in Indonesia from mid-2025 onwards. Group-IB said it has identified more than 300 unique samples of modified banking applications that have led to almost 2,200 infections in Indonesia. Further investigation has uncovered over 3,000 artifacts that it said led to no less than 11,000 infections.

About 63% of the altered banking apps cater to the Indonesian market. The infection chains, in a nutshell, involve the impersonation of government entities and trusted local brands and approaching prospective targets over the phone to trick them into installing malware by instructing them to click on a link sent on messaging apps like Zalo. In at least one case documented by Group-IB, fraudsters posed as Vietnam’s public power company EVN and urged victims to pay overdue electricity bills or risk facing immediate suspension of the service. During the call, the threat actors are said to have asked the victims to add them on Zalo so as to receive a link to download an app and link their accounts.

The links redirect the victims to fake landing pages that masquerade as Google Play Store app listings, resulting in the deployment of a remote access trojan like Gigabud, MMRat, or Remo, which surfaced earlier this year using the same tactics as GoldFactory. These droppers then pave the way for the main payload that abuses Android’s accessibility services to facilitate remote control. “The malware […] is based on the original mobile banking applications,” researchers Andrey Polovinkin, Sharmine Low, Ha Thi Thu Nguyen, and Pavel Naumov said. “It operates by injecting malicious code into only a portion of the application, allowing the original application to retain its normal functionality.

The functionality of injected malicious modules can differ from one target to another, but mainly it bypasses the original application’s security features.” Specifically, it works by hooking into the application’s logic to execute the malware. Three different malware families have been discovered based on the frameworks used in the modified applications to perform runtime hooking: FriHook, SkyHook, and PineHook. Regardless of these differences, the functionality of the modules overlaps, making it possible to - Hide the list of applications that have accessibility services enabled Prevent screencast detection Spoof the signature of an Android application Hide the installation source Implement custom integrity token providers, and Obtain the victims’ balance account While SkyHook makes use of the publicly available Dobby framework to execute the hooks, FriHook employs a Frida gadget that’s injected into the legitimate banking application. PineHook, as the name implies, utilizes a Java-based hooking framework called Pine .

Group-IB said its analysis of the malicious infrastructure erected by GoldFactory also uncovered a pre-release testing build of a new Android malware variant dubbed Gigaflower that’s likely a successor to the Gigabud malware. It supports around 48 commands to enable real-time screen and device activity streaming using WebRTC; weaponize accessibility services for keylogging, reading user interface content, and performing gestures; serve fake screens to mimic system updates, PIN prompts, and account registration to harvest personal information, and extract data from images associated with identification cards using a built-in text recognition algorithm. Also currently in the works is a QR code scanner feature that attempts to read the QR code on Vietnamese identity cards, likely with the goal of simplifying the process of capturing the details. Interestingly, GoldFactory appears to have ditched its bespoke iOS trojan in favor of an unusual approach that now instructs victims to borrow an Android device from a family member or relative to continue the process.

It’s currently not clear what prompted the shift, but it’s believed that it’s due to stricter security measures and app store moderation on iOS. “While earlier campaigns focused on exploiting KYC processes, recent activity shows direct patching of legitimate banking applications to commit fraud,” the researchers said. “The use of legitimate frameworks such as Frida, Dobby, and Pine to modify trusted banking applications demonstrates a sophisticated yet low-cost approach that allows cybercriminals to bypass traditional detection and rapidly scale their operation.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.