Cybercriminals (Possibly Russian-speaking threat actors from the Commonwealth of Independent States) impersonating 1Password, Bartender 5 and Pixelmator software and fake Github profiles and repositories begin a campaign aimed at delivering an array of stealer malware and banking trojans such as Atomic (AMOS), Lumma (LummaC2), Octo and Vidar to foster data exfiltration. The cybersecurity firm Recorded Future’s Inskit Group, tracking the cybercrime activity under the Moniker GitCaught, reported that “The presence of multiple malware variants suggests a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralized command setup — possibly increasing the efficiency of the attacks.” Further details about the attack revealed that it doesn’t only involve the abuse of internet services to foster cyber attacks but also leverages malware variants targeting Android, macOS, and Windows to increase success rate.
8base ransomware group launched an attack impacting multiple businesses. Below are the affected businesses
Crooker: Crooker prides itself on being one of Maine’s most experienced earthwork, utility, and paving contractors. The company, with over 200 employees and a revenue of $40.9 million, specializes in construction, paving, earthwork, aggregates, asphalt, and quality control.
LEMKEN: The company specializes in Agricultural Technology, Farm Machinery, Plough, Plant Protection, Soil Cultivation, Ploughing, Reconsolidation, Seedbed Preparation, Stubble Cultivation, Sowing, Seed Drills, Combination Drills, Precision Seeding, Seeding Technology, Sowing, Mechanical Engineering, Electronics, Agricultural Technology, Farm Machinery, Ploughs, Soil Cultivation, Reconsolidation, Seedbed Preparation, Stubble Cultivation, Drilling, Seeding Combinations, Precision Drill, Precision Farming, Seeding, Sowing, Machinery, Electronics, Hoeing Technology, Hoeing, Seed Drills, and Mechanical Weed Control. The company has over 5,000 employees and a revenue of $461.7 million.
IcedID’s Malware Replaced by Latrodectus Malware
Cybersecurity researchers uncovered a rise in the delivery of Latrodectus, which is a nascent malware loader via email phishing campaigns since March 2024. A deep dive into Latrodectus functionality revealed it possesses the required abilities of malware that deploys additional payloads such as QakBot, DarkGate, and PikaBot, which fosters post-exploitation activities for threat actors. More details from Daniel Stepanic and Samir Bousseaden, an Elastic Security Labs researcher, that “These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI’s ability to invoke msiexec.exe and install a remotely-hosted MSI file, remotely hosted on a WEBDAV share.”
Hackers Leverage Foxit PDF Reader Flaw to Deliver Diverse Malware Arsenal
Exploitable design flaw in Foxit PDF Reader provides a ground for multiple threat actors to deliver malwares such as Agent Tesla, AsyncRAT, Pony, DCRat, Remcos, NanoCore RAT, NjRAT, and XWorm. Despite the panic about the situation, researchers observed Adobe Acrobat Reader wasn’t susceptible to this specific exploitation. Further information by Check Point about the security breach suggests, “This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands. This exploit has been used by multiple threat actors, from e-crime to espionage.”
 impersonating 1Password, Bartender 5){kind=link}