Campaign TypoSquatting PyPI Packages with Malicious Packages Containing Crypto Wallet Replacing Malware

On February 10, 2023, Phylum security researchers reported a resurgence in a previously seen campaign typosquatting legitimate Python PyPI packages with malicious packages to deliver a malware with cryptocurrency wallet clipboard replacing capabilities. Context  In November 2022, Phylum reported a similar campaign “in which threat actors attempted to replace cryptocurrency addresses in developer clipboards with…

Read More

Phishing Campaigns Targeting German and U.S. Organizations with Multiple Malware

On February 8, 2023, Proofpoint researchers reported multiple phishing campaigns targeting organizations in multiple industries in the U.S. and Germany. Context Proofpoint attributes the activity to the likely financially-motivated TA866, which they assess is a new threat group. The campaign is currently active and has been since at least October 2022. Technical Details The emails…

Read More

How to Create a Culture of “Healthy Paranoia”

In an increasingly connected world, no one is immune to cyber security risks. You don’t have to be in the middle of an incident to know that cybercrime and data breaches are widespread across all industries — and capable of bringing even a major corporation to its knees. In fact, according to Flashpoint’s 2022 Year…

Read More

Prilex POS Malware Targeting Contactless Credit Card Transactions

Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…

Read More