Surge in Infostealer Malware Activity Reports an 800% Rise in 2024
Infostealer malware incidents have skyrocketed by 800% between 2023 and 2024, according to new research by Flare.
This dramatic rise is attributed to the growing demand for stolen credentials on dark web marketplaces and the increasing sophistication of malware distribution tactics, particularly via cracked software and fake tools. Infostealers like RedLine, Raccoon, and Lumma are among the most commonly seen threats, targeting both individuals and businesses. These tools are being increasingly commoditized, making them accessible to low-skill threat actors.
This trend underscores the urgent need for stronger endpoint defenses, user awareness training, and identity protection strategies.
Original article: https://www.infosecurity-magazine.com/news/staggering-800-rise-infostealer/
Russian Hackers Exploit ISP-Level Access to Breach Embassies in Advanced Phishing Attacks
Microsoft has reported that the Russian hacking group APT29, also known as Cozy Bear, used compromised ISP infrastructure to perform advanced AiTM (Adversary-in-the-Middle) phishing attacks on government entities.
The threat actors hijacked internet traffic through compromised telecommunications providers to intercept authentication tokens and session cookies. This allowed them to bypass multi-factor authentication and gain access to email accounts and sensitive systems within embassies and diplomatic missions. The attacks are part of a broader espionage campaign targeting high-value political and governmental organizations.
This development highlights the escalating sophistication of nation-state cyber operations and the growing vulnerability of critical network infrastructure.
Original article: https://www.bleepingcomputer.com/news/security/microsoft-russian-hackers-use-isp-access-to-hack-embassies-in-aitm-attacks/
Experts Detect Multi-Layer Redirect Campaign Delivering Malware via Compromised Sites
Security researchers have uncovered a multi-layered redirection campaign that uses compromised WordPress websites to deliver malware through misleading browser updates and malicious advertising.
The attack chain involves redirecting users through several intermediary URLs, exploiting traffic distribution systems (TDS) to deliver context-aware payloads. Victims are often tricked into downloading malware disguised as browser or software updates. The campaign demonstrates a blend of social engineering and technical evasion techniques, making it harder for traditional defenses to detect.
This underscores the importance of maintaining secure web infrastructure and training users to recognize social engineering traps.
Original article: https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html
New Android Malware “Anatsa” Expands Banking Trojan Campaign Across Europe
Researchers warn that a sophisticated Android banking Trojan named “Anatsa” has resurfaced with new campaigns targeting financial apps in the UK, Germany, and several other European countries.
Disguised as legitimate apps on Google Play, the malware is capable of harvesting credentials, recording keystrokes, and performing fraudulent transactions via remote access. Anatsa uses accessibility services to bypass security protections and hide its presence, making it particularly dangerous. Despite Google’s vetting processes, malicious apps are still slipping through and reaching thousands of users.
This highlights the persistent risks associated with mobile malware and the need for enhanced app store security and mobile device management.
Original article: https://www.infosecurity-magazine.com/news/android-malware-targets-banks-via/
SafePay Ransomware Claims 35TB Data Breach of Ingram Micro
A new ransomware group called SafePay claims to have stolen 35 terabytes of sensitive data from IT distributor Ingram Micro, threatening to leak it unless ransom demands are met.
The group has allegedly exfiltrated data including financial documents, business agreements, and customer records. SafePay has posted samples of the stolen data on its dark web leak site, indicating a shift toward double extortion tactics. Ingram Micro has not confirmed the breach but says it is investigating the claims.
This incident signals the increasing scale and aggressiveness of ransomware operations targeting large enterprises and supply chains.
Original article: https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/
North Korean Hackers Use Fake Job Offers to Lure Cloud Security Pros in Espionage Campaign
North Korea-linked hackers are using fake job lures to target cloud security professionals as part of a broader espionage effort.
According to researchers, the campaign involves socially engineering victims via platforms like LinkedIn, enticing them with fake job interviews and assessments. Malware is delivered through malicious coding tests and files, aimed at compromising security firms or gaining insights into cutting-edge technologies. These attacks are part of broader efforts to bolster North Korea’s cyber and military capabilities.
This highlights the growing risks of targeted social engineering in the professional cybersecurity community and the need for vigilance in online recruitment interactions.
Original article: https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html