Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
IEEE

Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem

Abstract: Illicitly hijacking visitors' computational resources for mining cryptocurrency via compromised websites is a consolidated activity.Previous works mainly focused on large-scale analysis of ...

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
IEEE

CryingJackpot: Network Flows and Performance Counters against Cryptojacking

Abstract: Cryptojacking, the appropriation of users' computational resources without their knowledge or consent to obtain cryp-tocurrencies, is a widespread attack, relatively easy to implement and ...

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.