Latest news with #Sekoia
Yahoo
4 days ago
- Business
- Yahoo
Cisco security flaw exploited to build botnet of thousands of devices
When you buy through links on our articles, Future and its syndication partners may earn a commission. Sekoia researchers warn of new ViciousTrap botnet So far, it compromised more than 5,000 dated Cisco routers The devices are vulnerable to an old improper validation bug A high-severity vulnerability plaguing old Cisco routers is being used to build a malicious, global botnet, experts have warned. Cybersecurity researchers Sekoia published an in-depth report on the threat actor - dubbed ViciousTrap - which is using a vulnerability tracked as CVE-2023-20118, to target Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. This flaw, found in the web-based management interface, allows an authenticated, remote attacker to execute arbitrary commands on an affected device, made possible due to improper validation of user input within incoming HTTP packets. Unfortunately, Cisco won't be patching the bug since the affected devices are past their end-of-life date, WNE Security reported. The vulnerability allowed ViciousTrap to execute a shell script named NetGhost, 'which redirects incoming traffic from specific ports of the compromised router to a honeypot-like infrastructure under the attacker's control allowing them to intercept network flows,' Sekoia explained. So far, almost 5,300 devices, found in 84 countries around the world, were assimilated into the botnet. The majority of the victims are located in - Macau (850). This is not the first time Sekoia is ringing the alarm on CVE-2023-20118. In late February 2025, TechRadar Pro reported Sekoia was warning about a botnet named PolarEdge, using the same vulnerability to target a range of devices from Cisco, ASUS, QNAP, and Synology. At the time, roughly 2,000 devices were said to have been affected. For ViciousTrap's work, all exploitation attempts came from a single IP address, the researchers further discovered, stating that the attacks started in March 2025. It was also said the threat actors repurposed an undocumented web shell previously used in PolarEdge attacks. Although these things are always difficult to confirm, Sekoia believes the attackers are Chinese in origin. Via The Hacker News IoT's botnet problem is up 500% – three things admins must do now Take a look at our guide to the best authenticator app We've rounded up the best password managers
Yahoo
06-02-2025
- Yahoo
Beware of fake Reddit solutions delivering dangerous malware
Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don't help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution. But bad actors have caught on to this, too. They're now mimicking Reddit to spread malware that can steal your personal information. Get Security Alerts, Expert Tips - Sign Up For Kurt's Newsletter - The Cyberguy Report Here Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services. On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware. Read On The Fox News App All these fake pages have the following things in common: The websites include a brand name (like "Reddit" or "WeTransfer") followed by random characters to appear legitimate at first glance They use ".org" or ".net" domains instead of the official one, which is ".com" The interface closely mimics the real sites to deceive users These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware. According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics. How To Remove Your Private Data From The Internet Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password. But Reddit isn't the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks. This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It's a growing threat, especially for companies that rely on password-based security. What Is Artificial Intelligence (Ai)? Best Antivirus For Mac, Pc, Iphones And Androids - Cyberguy Picks 1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it's better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name. 2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com"). 4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2Fa) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here. 5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit. 6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. How To Fight Back Against Debit Card Hackers Who Are After Your Money Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they're designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals. Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover. Follow Kurt on his social channels: Facebook YouTube Instagram Answers to the most asked CyberGuy questions: What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? What is the best way to stay private, secure and anonymous while browsing the web? How can I get rid of robocalls with apps and data removal services? How do I remove my private data from the internet? New from Kurt: Try CyberGuy's new games (crosswords, word searches, trivia and more!) Copyright 2025 All rights article source: Beware of fake Reddit solutions delivering dangerous malware
Fox News
06-02-2025
- Fox News
Beware of fake Reddit solutions delivering dangerous malware
Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don't help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution. But bad actors have caught on to this, too. They're now mimicking Reddit to spread malware that can steal your personal information. Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services. On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware. All these fake pages have the following things in common: These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware. According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics. Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password. But Reddit isn't the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks. This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It's a growing threat, especially for companies that rely on password-based security. 1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it's better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name. 2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com"). 4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here. 5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit. 6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they're designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals. Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels: Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
