Threats Tagged 'campaign'

A malvertising campaign is leveraging ChatGPT and OpenAI branding to deceive users into downloading malware. The campaign was reported via a Reddit post linking to an external analysis by Evalian. There are no specific affected software versions or technical exploit details provided. The campaign is categorized as phishing and malware distribution. No known exploits in the wild or patch information is available. The threat appears to be recent but has minimal discussion and no direct indicators shared.

The WaSteal campaign involves a large number of malicious Chrome extensions used for data exfiltration. Recent analysis revealed 57 additional extensions linked to the same operator and backend, bringing the total to 183 active extensions on the Chrome Web Store. These extensions share the same exfiltration behavior and remain live, posing ongoing risk to users who install them. The campaign is actively tracked and reported by threat intelligence sources, but no specific patch or remediation guidance is provided in the available data.

Four coordinated npm supply chain campaigns were active during May and June 2026, targeting the npm ecosystem with various sophisticated techniques including dependency confusion, namespace compromise, scope confusion, and typosquatting. These campaigns employ multi-stage postinstall execution chains that fetch and run platform-specific payloads, aiming to steal environment variables, CI/CD secrets, cloud metadata service tokens, and other sensitive credentials. The campaigns affect multiple platforms (Windows, macOS, Linux) and cloud environments (GCP, Azure). Detection relies on identifying version sentinels, cloud metadata endpoint access patterns, and characteristic postinstall behaviors. An open-source scanner with detection capabilities for these campaigns is available for community use.

A new phishing campaign targets Japanese online banking users by impersonating a legitimate bank with a typographical error in the brand name, using 'PayPoy' instead of the correct name. The phishing emails demand verification within 24 hours but contain a conspicuous branding typo that has reduced the campaign's perceived credibility, turning it into a viral meme in the local tech community rather than causing widespread alarm. The campaign was reported on Reddit cybersecurity forums with minimal discussion and no confirmed exploits in the wild. No patch or official remediation is applicable as this is a phishing campaign rather than a software vulnerability.

MediumPhishingJapan#cybersecurity#reddit#campaign

A large-scale smishing campaign has been exposed involving 1,628 malicious URLs linked by a unique 128-character HTML fingerprint. This campaign spans 19 countries and uses infrastructure distributed across multiple cloud providers including Tencent Cloud, Alibaba Cloud, Cloudflare anycast, and ALEXHOST Moldova. The campaign targets users via SMS phishing (smishing) with URLs designed to deceive recipients. The detection artifact is a consistent metadata hash found on all phishing pages, facilitating identification. There is no information about active exploitation or patches since this is a threat campaign rather than a software vulnerability.

A macOS stealer malware campaign was discovered by a non-security professional who was tricked into running a malicious terminal command from a fake Apple support website delivered via a Google Ad. The attack involved downloading and executing obfuscated scripts that ultimately attempted to run a binary designed to steal browser credentials. The attack was halted when the victim denied Finder access permissions. The campaign uses multiple domains for phishing, tracking, and payload delivery, with infrastructure registered very recently. No sample of the final binary was obtained, and the campaign is currently undocumented elsewhere.