credentials
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link, ASUS, Ruckus wireless […]
GitHub comments abused to spread Lumma Stealer malware as fake fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware. Further review by GeekFeed […]
Hackers steal banking creds from iOS, Android users via PWA apps
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing. Using this type of […]
Russian who sold 300,000 stolen credentials gets 40 months in prison
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. In a Wednesday press release, the U.S. Department of Justice said that Kavzharadze (also known as TeRorPP, Torqovec, […]
The biggest password leak ever: nearly 10 billion credentials exposed
Cybersecurity researchers are calling it the largest password compilation leak of all time. On July 4, a newly registered user on a popular hacking forum posted a file containing nearly 10 billion compromised passwords in plaintext. The post was first noticed by researchers at Cybernews. “Xmas came early this year,” user “ObamaCare” wrote on the […]