Blogs and Articles

Cybercriminals are increasingly targeting YouTube creators by exploiting fake brand collaboration offers to distribute malware. These sophisticated phishing campaigns involve carefully crafted emails that impersonate trusted brands, presenting enticing partnership deals. The malware, disguised as legitimate documents like contracts or promotional materials, is often delivered through password-protected files hosted on platforms such as OneDrive to evade detection. Once downloaded, the malware can steal sensitive information, including login credentials and financial data, while also granting attackers remote access to the victim’s systems. With content creators and marketers as primary targets, this global campaign underscores the importance of verifying collaboration requests and adopting robust cybersecurity measures to protect against such threats.

The blog explores the growing threat landscape of Cyber Monday scams, detailing the diverse tactics cybercriminals use to exploit the online shopping surge. Key threats include phishing attacks, fake online marketplaces, social media scams, fraudulent gift card generators, and advanced tools like Malware-as-a-Service (MaaS). Psychological manipulation tactics—such as urgency, authority, and social proof—amplify the success of these schemes.

The Androxgh0st botnet, an emerging cyber threat since January 2024, has resurfaced with advanced capabilities and integration of IoT-focused Mozi payloads. Exploiting over 20 vulnerabilities in technologies like Cisco ASA, Atlassian JIRA, PHP frameworks, and IoT devices, Androxgh0st enables unauthorized access and remote code execution. Its growing sophistication includes shared infrastructure and malware persistence tactics, posing risks to global web servers and IoT networks. CloudSEK’s research highlights the botnet's operational overlap with Mozi, emphasizing the need for immediate patching and vigilant monitoring to mitigate exploitation risks​.

As Halloween approaches, online scams targeting eager celebrants are on the rise. Scammers exploit increased spending on costumes, decorations, and events using fake websites, phishing schemes, and counterfeit products. Tactics include fraudulent costume shops, fake charity events, and phishing links that mimic reputable brands. Protect yourself by verifying websites, sticking to trusted retailers, avoiding unsolicited messages, and reporting scams. Stay vigilant to enjoy a safe and scam-free Halloween season.

Amidst the 2024 Diwali celebrations, CloudSEK's Threat Research team has identified a surge in online scams and phishing attacks targeting Indian consumers. Scammers are leveraging the festive season’s online shopping boom to create fake e-commerce sites, job offers, and firecracker sales scams, impersonating well-known brands to deceive users. Victims are often lured with deep discounts and fake promotions, resulting in financial losses, identity theft, and privacy breaches. The report emphasizes vigilance and provides recommendations to avoid direct bank transfers, verify website authenticity, and share safety tips with loved ones to prevent further scams.

CloudSEK’s TRIAD team created this report based on an analysis of the increasing trend of cryptocurrency counterfeiting, in which tokens impersonate government organizations to provide some legitimacy to their “rug pull” scams. An example of this scam is covered in this report where threat actors have created a counterfeit token named “BRICS”. This token is aimed at exploiting the focus on the BRICS Summit held in Kazan, Russia, and the increased interest in investments and expansion of the BRICS government organization which comprises different countries (Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates)

Deepfakes, realistic yet AI-manipulated media, pose a serious threat to the integrity of US elections. These fabricated videos and images, which use advanced algorithms to alter visual and auditory elements, have been increasingly used to manipulate voter perceptions. During the 2024 US elections, notable examples include deepfakes showing Donald Trump making controversial statements and fabricated endorsements from public figures like Taylor Swift. Scammers have also exploited deepfakes in social media ads, such as offering fake "Trump Fight for America" gold coins, falsely attributing endorsements to high-profile individuals, and running cryptocurrency scams featuring deepfake videos of Elon Musk. Such digital manipulations risk misleading the public and spreading misinformation, eroding trust in democratic institutions and media. To counteract this, CloudSek’s cutting-edge deepfake detection tools identify subtle anomalies in altered media, such as inconsistencies in facial expressions or voice modulations. These tools are essential in swiftly verifying and debunking deepfake content, helping maintain transparency and fairness in the electoral process.

CloudSEK’s Threat Research Team uncovered a sophisticated scam targeting air travelers at Indian airports. The fraud involves a malicious Android application named Lounge Pass, distributed through fake domains like loungepass.in. This app secretly intercepts and forwards SMS messages from victims’ devices to cybercriminals, resulting in significant financial losses. The investigation revealed that between July and August 2024, over 450 travelers unknowingly installed the fraudulent app, resulting in a reported theft of more than INR 9 lakhs (approx. $11,000). The scammers exploited an exposed Firebase endpoint to store stolen SMS messages. Through domain analysis and passive DNS data, researchers identified several related domains spreading similar APKs. Key recommendations include downloading apps only from official stores, avoiding scanning random QR codes, and never granting SMS access to travel or lounge apps. Travelers should book lounge access through official channels and stay vigilant to protect their personal data. Stay updated on the latest scams and protect your travel data by following these guidelines.

The CloudSEK Threat Intelligence Splunk app on Splunkbase is a new integration that addresses the evolving cybersecurity landscape. It combines CloudSEK's threat data analysis with Splunk's data processing capabilities to offer a comprehensive solution for threat detection, prevention, and response. Key benefits include early threat identification, correlation of external and internal security data, and faster incident response. The integration aims to help security professionals enhance their security posture and navigate complex threats effectively.