Author: admin

Large-Language-Modelle (LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles und […]

Sophos hat heute seinen neuesten Active Adversary Report unter dem Titel „The Bite from Inside“ veröffentlicht, der einen detaillierten Blick auf die veränderten Verhaltensweisen und Techniken der Angreifer im ersten Halbjahr 2024 wirft. Die Analysedaten stammen aus fast 200 Incident-Response-Fällen, die das Sophos X-Ops IR-Team und Sophos X-Ops Managed Detection and Response Team in den […]

Was bedeutet 2025 für unsere Cybersicherheit? Welche Cyberattacken werden häufiger, welche Branchen stehen besonders im Visier und welche Rolle spielt KI? Die Sophos-Experten haben die aus ihrer Sicht sechs wichtigsten Trends für das kommende Jahr zusammengetragen: 1. Angreifer fokussieren sich verstärkt auf die Cloud Da immer mehr Unternehmen ihre Geräte mit Endpoint Detection and Response […]

Online-Shopping mit Erfolg und gutem Gefühl hängt nicht nur von echten Schnäppchen und wirklichem Bedarf ab – wer in der Hektik Betrügern auf den Leim geht, zahlt am Ende sogar drauf. Wer die acht Sicherheitstipps von Sophos beachtet, hat beste Chancen für ein glückliches Shopping-Erlebnis. Auf den 29. November und 2. Dezember fiebern Schnäppchenjäger schon lange […]

Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques

The Indian tech giant temporarily suspended some of its IT services, which have now been restored

Cyber reports exposed major security flaws in DeepSeek’s R1 LLM

A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services

Video games are a favorite pastime for millions of kids and teenagers worldwide, offering exciting challenges, epic battles, and opportunities to connect with friends online. But what happens when the search for an edge in these games—like cheats or special hacks—leads to something far more dangerous?  

McAfee Labs has uncovered a growing threat aimed at gamers, especially kids, who unknowingly download malware disguised as game hacks, software cracks, and cryptocurrency tools. 

Here’s what you need to know about this sneaky scam and how to stay safe: 

The Games and Platforms at Risk 

Popular games like Minecraft, Roblox, Fortnite, Apex Legends, and Call of Duty are among those targeted by these scams. Gamers searching for cheats to gain an advantage—like seeing through walls, speeding up characters, or unlocking premium items—are being lured to malicious links. These links often appear on GitHub, a platform where developers share and collaborate on code, or in YouTube videos claiming to offer step-by-step instructions. 

GitHub is typically trusted by programmers and tech enthusiasts, but cybercriminals exploit this trust by uploading malware that masquerades as game hacks. By naming their repositories after popular games or tools, scammers trick users into downloading malware instead of the promised cheat software. 

How the Scam Works 

The process starts when someone searches online for free cheats or cracked software—like tools to unlock premium features of Spotify or Adobe—and stumbles upon a GitHub repository or a YouTube video. These repositories often look convincing, with professional descriptions, screenshots, and even licenses designed to appear legitimate. 

Figure 1: Attack Vector

Once users follow the instructions, they’re often asked to disable their antivirus software or Windows Defender. The reasoning provided is that antivirus programs will mistakenly identify the hack or crack as dangerous. In reality, this step clears the way for malware to infect their device. 

What Happens After the Malware is Downloaded? 

Instead of receiving a functional cheat, victims unknowingly install a dangerous program known as Lumma Stealer or similar malware variants. This software quietly: 

• Steals sensitive data: It searches for login credentials, cryptocurrency wallets, and saved passwords. 

• Tracks activity: It scans the user’s browser history and data for anything valuable. 

• Connects to a remote server: Once it gathers data, the malware sends it to the scammer’s server for further exploitation. 

Each week, new repositories and malware variants appear as older ones are detected and removed. This cycle makes it difficult for platforms like GitHub to completely eliminate the threat. 

Why Are Kids Being Targeted? 

Kids and teens are prime targets because they often lack experience in identifying online scams. The promise of features like “Aimbots” (to improve shooting accuracy) or “Anti-Ban” systems (to avoid getting caught by game administrators) makes these fake downloads even more tempting. Scammers exploit this curiosity and eagerness, making it easier to trick young gamers into infecting their devices. 

Figure 2: YouTube Video containing malicious URL in description.

How to Protect Yourself and Your Family 

McAfee Labs offers these tips to avoid falling victim to these scams: 

1. Be skeptical of free hacks or cracks: If it sounds too good to be true, it probably is. Avoid downloading software from unverified sources. 
2. Keep antivirus software up to date: Always have an active antivirus program running on your devices to detect and block malware. 
3. Educate kids about online safety: Teach them to recognize suspicious websites and downloads. Remind them to never disable antivirus programs or click on unfamiliar links. 
4. Verify links and sources: Before downloading anything, check the website’s URL for inconsistencies or unusual details. 
5. Monitor device activity: Regularly check for unfamiliar files or programs on your devices. 

A Lesson in Cybersecurity 

The takeaway? Scammers will go to great lengths to exploit the interests and habits of gamers. And unfortunately, this isn’t the first time we’ve seen such malware attacks targeting gamers. By educating yourself and your family about these threats, you can play smarter and stay safer online. Always remember: no cheat or crack is worth compromising your security. 

Read the full report from McAfee Labs outlining our research and findings on this malware risk. Learn more about how you can protect yourself with McAfee+. 

The post Scam Alert: Fake Minecraft, Roblox Hacks on YouTube Hide Malware, Target Kids appeared first on McAfee Blog.

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations). The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

The Dutch authorities said 39 servers and domains abroad were seized, and that the servers contained millions of records from victims worldwide — including at least 100,000 records pertaining to Dutch citizens.

A statement from the U.S. Department of Justice refers to the cybercrime group as Saim Raza, after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media.

“The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained.

The core Manipulaters product is Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me, to name a few.

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party.

“Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DOJ wrote. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes. The seizure of these domains is intended to disrupt the ongoing activity of these groups and stop the proliferation of these tools within the cybercriminal community.”

KrebsOnSecurity first wrote about The Manipulaters in May 2015, mainly because their ads at the time were blanketing a number of popular cybercrime forums, and because they were fairly open and brazen about what they were doing — even who they were in real life.

We caught up with The Manipulaters again in 2021, with a story that found the core employees had started a web coding company in Lahore called WeCodeSolutions — presumably as a way to account for their considerable Heartsender income. That piece examined how WeCodeSolutions employees had all doxed themselves on Facebook by posting pictures from company parties each year featuring a large cake with the words FudCo written in icing.

A follow-up story last year about The Manipulaters prompted messages from various WeCodeSolutions employees who pleaded with this publication to remove stories about them. The Saim Raza identity told KrebsOnSecurity they were recently released from jail after being arrested and charged by local police, although they declined to elaborate on the charges.

The Manipulaters never seemed to care much about protecting their own identities, so it’s not surprising that they were unable or unwilling to protect their own customers. In an analysis released last year, DomainTools.com found the web-hosted version of Heartsender leaked an extraordinary amount of user information to unauthenticated users, including customer credentials and email records from Heartsender employees.

DomainTools also uncovered evidence that the computers used by The Manipulaters were all infected with the same password-stealing malware, and that vast numbers of credentials were stolen from the group and sold online.

“Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote. “The data table ‘User Feedbacks’ (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain.”

Police in The Netherlands said the investigation into the owners and customers of the service is ongoing.

“The Cybercrime Team is on the trail of a number of buyers of the tools,” the Dutch national police said. “Presumably, these buyers also include Dutch nationals. The investigation into the makers and buyers of this phishing software has not yet been completed with the seizure of the servers and domains.”

U.S. authorities this week also joined law enforcement in Australia, France, Greece, Italy, Romania and Spain in seizing a number of domains for several long-running cybercrime forums and services, including Cracked and Nulled. According to a statement from the European police agency Europol, the two communities attracted more than 10 million users in total.

Other domains seized as part of “Operation Talent” included Sellix, an e-commerce platform that was frequently used by cybercrime forum members to buy and sell illicit goods and services.