Latest news with #LummaStealer
Hindustan Times
20 hours ago
- Hindustan Times
Google could be working on better Android backups for more convenience
Backing up your phone is one of the most important things you can do to keep your data safe, including photos, videos, and other sensitive documents, especially if you lose your phone or it gets stolen. Having your data constantly backed up to the cloud is a feature that many phones now offer. However, the backup process varies and does not cover all file types or folders. A forthcoming update for Google Play Services may allow Android devices to back up Downloads folders automatically. (REUTERS) Now, while Android phones have always had a robust backup mechanism to safeguard your data, including photos, videos, and more. However, there is a limitation when it comes to certain folders, especially the Downloads folder. Now, it seems that this could finally change in an upcoming Android Play Services update, as spotted by Android Authority. Also read: Scam alert: Fake 'Telegram Premium' site spreading Lumma Stealer malware When can you expect it? Well, this was first noticed with the Google Play Services version 25.32.31, and according to Android Authority, it will give you the option to enable backup for the Downloads folder, just as you do for photos, videos, and other device data. This means you will no longer have to manually upload your Downloads folder to Google Drive. Instead, just as your photos are automatically backed up, the Downloads folder will also be backed up in the same way, allowing you to access the files in your Downloads folder anywhere and on all devices where you are logged into your Google account. Also read: iPhone 17 Pro vs Google Pixel 10 Pro: What to expect from the upcoming flagships Potential Limitations The report also notes that there is a category called Documents, which suggests that Google may allow only certain files to be backed up, and not every file type. This could, of course, make it somewhat limited. Nevertheless, if it does arrive on Android, it would provide a much better experience compared to the current backup option available on Android.
Hindustan Times
20 hours ago
- Hindustan Times
Scam alert: Fake ‘Telegram Premium' site spreading Lumma Stealer malware
Cybersecurity experts have warned users about a new malicious campaign that is spreading through a fake Telegram Premium website. The site, hosted on telegrampremium[.]app, tricks visitors into downloading a dangerous malware called Lumma Stealer, which can steal sensitive information such as saved passwords, cryptocurrency wallet details and system data. According to researchers at Cyfirma, the website looks like the official Telegram Premium service but secretly pushes a file named The worrying part is that this file is downloaded automatically as soon as someone visits the page without any clicks required. Built in C/C++, the malware uses advanced hiding techniques that help it bypass traditional antivirus scans. How the malware works Once the malware is active, it immediately starts collecting data. It can grab login details stored in browsers, copy crypto wallet information, and even capture system-related data. Cybersecurity researchers warn that this puts the user at risk of identity theft and financial loss. Also read Looking for a smartphone? To check mobile finder click here. The malware is also designed to stay hidden. It uses cryptor obfuscation, which makes it difficult for security tools to detect. It imports multiple Windows functions that allow it to manipulate files, change registry settings, run hidden scripts, and cover its tracks. Interestingly, the malware also connects to real services like Telegram and Steam Community, which helps it avoid suspicion while secretly sending stolen data to hidden domains. Experts believe the attackers are using newly registered domains for short campaigns, making it harder for authorities to shut them down quickly. The malicious software also drops disguised files in the system's temporary folder. Some files are encrypted to look like harmless images but are later turned into scripts that keep the malware running in the background. It even delays execution to avoid being caught during security checks. How to stay safe Cybersecurity experts recommend a mix of technical safeguards and user awareness to stay protected from threats like Lumma Stealer. Use advanced endpoint detection tools that track unusual activity like hidden file changes or suspicious connections, making it easier to spot new and evolving malware. Block malicious domains and restrict downloads from unverified websites to prevent automatic, drive-by installations like the one used in this fake Telegram Premium campaign. Enable multi-factor authentication (MFA) across important accounts. Even if passwords are stolen, MFA provides an extra security layer that can block unauthorised access. Rotate login credentials regularly to reduce risk of long-term account compromise. Changing passwords often limits how long stolen information remains useful to attackers. Monitor system and network activity continuously for suspicious behaviour such as unexpected logins, data transfers, or unusual processes running in the background. Most importantly: Download Telegram Premium only from official sources. Fake sites may look convincing, but cautious browsing is the strongest defense. Authored by: Aishwarya Faraswal
Hindustan Times
a day ago
- Entertainment
- Hindustan Times
BGMI redeem codes for August 18: Unlock the White Rabbit backpack and more rewards today
Battlegrounds Mobile India (BGMI) players have another chance to unlock free in-game rewards, as Krafton India has rolled out its 17th set of official redeem codes on August 18. With this release, the total number of active codes has now reached 850. Each set offers 50 unique codes, which help players to grab in-game rewards such as exclusive outfits, weapon skins, upgrade materials and more. This new set also features a special code that might unlock the White Rabbit backpack. BGMI redeem codes for August 18: Unlock exclusive rewards, outfits, weapon skins, and White Rabbit backpack.(Krafton) All codes issued on August 18 remain valid until September 12, 2025. Players are advised to use the official redemption website to claim their items, as any codes circulated through unofficial sources will be treated as invalid. Also read: Scam alert: Fake 'Telegram Premium' site spreading Lumma Stealer malware BGMI Redeem codes for August 18: EDZBZ6J5MW7GCPEG EDZCZNT7MS5HWXWA EDZDZ3QX89C3XUSA EDZEZ9JMEHWPF4B8 EDZFZQ7QQ8X7X8CD EDZGZKC5EJDM6SVC EDZHZQE4CK9Q54Q3 EDZIZQXUHXRK4N89 EDZJZQXVPECFVFNV EDZKZD7FX43R4JQB EDZLZ3JDW94ACDXG EDZMZ7PCTS83FPB4 EDZNZFX85BR3AF4P EDZOZ8844AFXWFF8 EDZPZAWGH888PVDC EDZQZSGPKEAA4JR4 Also read: Call of Duty: Black Ops 7 skips Switch 2 at launch, release date and price leak EDZRZSFKE7MSA7W8 EDZVZBWRNBN4MDPU EDZTZ3HGG9CNES7N EDZUZKSD8RWD8PU4 EDZBAZJC6GU9CK8V EDZBBZ5QCXRCWTPV EDZBCZX94GBEBD7G EDZBDZ673M9WTCSC EDZBEZXDAS3H6BV3 EDZBFZ36NPCSFSPH EDZBGZTBN7FU59JP EDZBHZ7DEDDU5W8A EDZBIZVRVD43EU67 EDZBJZQAWWC45QT4 EDZBKZDXFCCS9QSC EDZBLZRNA8KCUQSN EDZBMZ6EP5NMGSHF EDZBNZC9Q8P6ND4V EDZBOZUPPA6AMCBK EDZBPZC8E4JVP5HJ EDZBQZN35M7SNA4X EDZBRZC87D4TEKE6 EDZBVZQPV59PUBEG EDZBTZ76VFMVDW7Q EDZBUZHAMJGNT34A EDZCAZSAJ65WEH99 EDZCBZDAQM5EXREM EDZCCZU6B5KUTUQ9 EDZCDZ9XFB78RN3W EDZCEZNQ7AHFXMGV EDZCFZHQ5PGXFDCP EDZCGZBX8AQF8ABE EDZCHZA8VRRXNDBH EDZCIZ5VR8RVD96U How to Redeem BGMI Codes for August 18: Visit the official BGMI redemption website - Enter your in-game character ID. Type in the correct redemption code. Complete the Captcha verification. A confirmation message will show 'Code redeemed successfully.' Rewards will then arrive in your in-game mailbox. Also read: Mafia: The Old Country releasing on 8 August, 2025: Here's everything you need to know Important Rules to Remember While Redeeming the Code: Each code is limited to ten users on a first-come, first-served basis. A player cannot redeem the same code twice. Rewards must be collected from in-game mail within seven days. Only one code can be redeemed per account daily. Guest accounts cannot access these rewards. Rewards expire 30 days after reaching the mailbox. As the White Rabbit backpack is available this time, competition for redemptions is expected to be fierce. Players are advised to redeem their codes quickly before they run out.
Indian Express
4 days ago
- Indian Express
Fake CAPTCHA scams: How 'I'm not a robot' could infect your device
It usually starts with a harmless web search. You are attempting to locate a website for a product that you really liked, and as you click on the link, a familiar box pops up, asking you to prove you are not a robot. You see 'I'm not a robot' written, and the checkbox. You have seen it so many times, so you don't really give it much thought. Sometimes, this could be a trap. One wrong click, and instead of proving you're human, you could be opening the door to malware, and behind this, is a fake CATCHA scam. CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart.' It's a security tool to confirm a user is human, not a bot. CAPTCHAs may involve distorted text, image selection, audio cues, simple puzzles, or just ticking a checkbox (called reCAPTCHA). These may also be time-based. Cybercriminals now mimic these tests to trick users into downloading malware. 'Fake CAPTCHAs are often distributed through compromised websites, malicious ads, or phishing emails,' said Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt Ltd. 'They may also appear on lookalike domains of popular sites, persuading users to enable browser notifications or download files under the guise of verification.' According to CloudSEK's Threat Research and Information Analytics Division (TRIAD), 'A sophisticated tactic is being used to spread the Lumma Stealer malware, targeting Windows users through fake human verification pages.' CloudSEK found that in this campaign, threat actors create phishing sites hosted on various providers, often leveraging Content Delivery Networks (CDNs) for faster distribution and added legitimacy. These sites display a counterfeit Google CAPTCHA page, designed to mimic the real verification process. These phishing sites instruct users to: * Open the Run dialog (Win+R) * Press Ctrl+V * Hit Enter This action executes a hidden JavaScript function that copies a base64-encoded PowerShell command to the clipboard, and this, when executed, downloads the Lumma Stealer malware from a remote server. 'Clicking a fake CAPTCHA itself isn't the real danger; the problem begins when you follow the instructions it provides. For example, pasting commands into your terminal and executing them, or downloading a file to 'prove' you're not a robot, can put you at serious risk. Always avoid carrying out such instructions,' said Anshuman Das, cybersecurity researcher at CloudSEK. Deependra Singh, cyber expert, Betul Police (MP), and Rangwala outlined key differences between genuine and fake CAPTCHAs. Legitimate CAPTCHAs appear on trusted websites and involve straightforward tasks such as selecting images, entering distorted text, or ticking a checkbox. Fake ones, on the other hand, often demand unrelated actions like clicking 'Allow' for notifications, downloading files, or providing personal or financial information. A quick way to spot a fake is to check the site's address for misspellings, unusual characters, or unfamiliar domains. Another red flag is if the CAPTCHA appears as a random pop-up rather than being embedded directly within the webpage. What to do if you suspect you have encountered a fake CAPTCHA 📌Exit the site immediately. 📌Disconnect from the internet. 📌Run a full antivirus scan. 📌Clear browser cache and cookies, and remove suspicious extensions. 📌Change passwords for critical accounts using a secure device. 📌Delete any downloaded files without opening them. 'Industries like e-commerce and online gaming face higher risks,' Rangwala warned. 'These attacks can steal credentials, install spyware, or allow remote access.' Singh's advice is simple: 'Avoid clicking unknown links and always check the URL. One wrong click can cost you both your money and your privacy.'
Techday NZ
05-08-2025
- Business
- Techday NZ
Phishing kits & AI drive surge in email attacks on firms
VIPRE Security Group has released its Q2 2025 Email Threat Landscape Report, presenting findings based on its continuous monitoring and analysis of global cybersecurity trends. Phishing kits dominate attacks The report indicates that 58% of phishing sites now use unidentifiable phishing kits. These kits are increasingly customised or obfuscated, making them very difficult for defenders to detect or analyse, and often leveraging artificial intelligence to reduce costs. Notable kits cited include Evilginx (20%), Tycoon 2FA (10%), 16shop (7%), with a further 5% attributed to other generic offerings. Such phishing kits are described as untraceable, with the report stating that they "can't easily be reverse-engineered, tracked, or caught." This trend underscores a shift toward more sophisticated and hard-to-combat forms of phishing campaigns. Manufacturing sector remains primary target For the sixth consecutive quarter, the manufacturing sector continues to be the most targeted industry for email-based cyberattacks, accounting for 26% of all reported incidents. These attacks include business email compromise (BEC), phishing, and malspam. The retail sector follows at 20%, with healthcare comprising 19% of recorded attacks for Q2 2025. VIPRE notes that this distribution aligns with trends identified over the previous year. Scandinavia targeted by BEC schemes The report reveals a marked increase in BEC attacks targeting Scandinavian executives. While English-speaking executives still represent the largest group targeted by BEC emails (42%), a substantial portion target Danish (38%), with Swedish and Norwegian executives representing a combined 19%. Language and localisation in attack emails are on the rise. Danish is used in 11.9% of BEC scam attempts, Swedish in 3.8%, and Norwegian in 1.5%. The report attributes the targeting of native languages to the fact that many corporate communications, particularly in HR, finance, and executive functions, still take place in local tongues despite high English proficiency in the region. Impersonation remains the main BEC tactic, with 82% of scams involving the impersonation of CEOs and executives. Directors and managers account for a further 9%, HR staff for 4%, IT staff for 3%, and school heads for 2%. Lumma Stealer observed as top malware Lumma Stealer has become the most observed malware family during Q2 2025, the report states. It is typically delivered via malicious .docx, .html, or .pdf attachments, or through phishing links hosted on services such as OneDrive and Google Drive. The malware's accessibility stems from its availability as "Malware-as-a-Service" (MaaS), benefiting from active development support and competitive pricing. This broadens its appeal to both experienced and novice cybercriminals. Bait and persuasion techniques Financial incentives were the most common lure in malicious emails, accounting for 35% of samples. Messages feigning urgency comprised the second most frequent tactic at 25%, followed by account verification and update requests (20%), travel-related themes (10%), package delivery notifications (5%), and legal or HR notices (5%). Cybercriminals continued to use open redirect mechanisms for phishing, with 54% of attacks masking malicious destinations via links on marketing, tracking, or even security platforms. Compromised websites delivered 30% of phishing links, and URL shorteners were used in 7% of incidents. PDFs remain the dominant file format for malicious attachments at 64%, with a rising proportion now containing embedded QR codes to facilitate attacks. Exploitation mechanisms after delivery In the final stage of attacks, cybercriminals rely on exploitation mechanisms such as HTTP POST to remote servers, accounting for 52% of observed cases, with email exfiltration reported in 30%. "It's clear what the threat actors are doing – they are outsmarting humans through hyper-personalised phishing techniques using the full capability of AI and deploying at scale," Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group, says. "Organisations can no longer rely on standard cybersecurity processes, techniques, and technology. They need comprehensive and advanced email security solutions that can help them to deploy like-for-like defenses – at the very least – if not help them stay a step ahead of the tactics used by cybercriminals." The report draws on intelligence gathered by VIPRE Antivirus Lab through continual analysis of email threats.
