Latest news with #infostealer
Fox News
20 hours ago
- Business
- Fox News
Microsoft takes down malware found on 394,000 Windows PCs
Infostealer malware has been on the rise recently, and that's evident from the billions of user records leaked online in the past year alone. This type of malware targets everything from your name, phone number and address to financial details and cryptocurrency. Leading the charge is the Lumma infostealer. I have been reporting on this malware since last year, and security researchers have called it one of the most dangerous infostealers, infecting millions. There have been countless incidents of Lumma targeting people's personal data (more on this later), but the good news is that Microsoft has taken it down. The Redmond-based company announced it has dismantled the Lumma Stealer malware operation with the help of law enforcement agencies around the world. Microsoft confirmed that it has successfully taken down the Lumma Stealer malware network in collaboration with law enforcement agencies around the world. In a blog post, the company revealed that its Digital Crimes Unit had tracked infections on more than 394,000 Windows devices globally between March 16 and May 16. Lumma was a go-to tool for cybercriminals, often used to siphon sensitive information like login credentials, credit card numbers, bank account details and cryptocurrency wallet data. The malware's reach and impact made it a favored choice among threat actors for financial theft and data breaches. To disrupt the malware's operation, Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia, which allowed the company to take down key domains that supported Lumma's infrastructure. This was followed by the U.S. Department of Justice stepping in to seize control of Lumma's core command system and shut down marketplaces where the malware was being sold. International cooperation played a major role as well. Japan's cybercrime unit helped dismantle Lumma's locally hosted infrastructure, while Europol assisted in actions against hundreds of domains used in the operation. In total, over 1,300 domains were seized or redirected to Microsoft-managed sinkholes to prevent further damage. Microsoft says this takedown effort also included support from industry partners such as Cloudflare, Bitsight and Lumen, which helped dismantle the broader ecosystem that enabled Lumma to thrive. Lumma is a Malware-as-a-Service (MaaS) that has been marketed and sold through underground forums since at least 2022. Over the years, its developers have released multiple versions to continually improve its capabilities. I first reported on Lumma in February 2024, when it was used by hackers to access Google accounts using expired cookies that contained login information. Lumma continued targeting users, with reports in October 2024 revealing it was impersonating fake human verification pages to trick Windows users into sharing sensitive information. The malware wasn't limited to Windows. In January 2024, security researchers found the infostealer malware was targeting 100 million Mac users, stealing browser credentials, cryptocurrency wallets and other personal data. To protect yourself from the evolving threat of infostealer malware, which continues to target users through sophisticated social engineering tactics, consider taking these six essential security measures: 1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it's likely a scam. Close the page immediately and avoid interacting with it. 2. Don't click links from unverified emails and use strong antivirus software: Many infostealer attacks start with phishing emails that impersonate trusted services. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company's official website instead of clicking any links inside the email. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Enable two-factor authentication: Enable two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. 4. Keep devices updated: Regularly updating your operating system, browser and security software ensures you have the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, so enabling automatic updates is a simple but effective way to stay protected. 5. Monitor your accounts for suspicious activity and change your passwords: If you've interacted with a suspicious website, phishing email or fake login page, check your online accounts for any unusual activity. Look for unexpected login attempts, unauthorized password resets or financial transactions that you don't recognize. If anything seems off, change your passwords immediately and report the activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 6. Invest in a personal data removal service: Consider using a service that monitors your personal information and alerts you to potential breaches or unauthorized use of your data. These services can provide early warning signs of identity theft or other malicious activities resulting from infostealer malware or similar attacks. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. Microsoft's takedown of the Lumma Stealer malware network is a major win in the fight against infostealers, which have fueled a surge in data breaches over the past year. Lumma had become a go-to tool for cybercriminals, targeting everything from browser credentials to crypto wallets across Windows and Mac systems. I've been tracking this malware since early 2024, and its ability to impersonate human verification pages and abuse expired cookies made it especially dangerous. Do you feel tech companies are doing enough to protect users from malware like this? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
The Sun
5 days ago
- General
- The Sun
Urgent warning as 180 MILLION passwords ‘exposed' including Gmail, Netflix and PayPal accounts in huge data dump
A DATA dump containing more than 180million private login details from popular online services has been uncovered by a security expert. The huge haul reportedly includes credentials and passwords for accounts including Facebook, Netflix, Google, PayPal and more. 2 2 Others range from Roblox and Microsoft, to Apple and Discord. Login information for banks, health platforms and even government portals were also exposed. Cybersecurity researcher Jeremiah Fowler sounded the alarm after finding the publicly exposed database which was not password -protected or encrypted. The expert believes the breach may have come about because of common infostealer malware. Infostealer malware sneakily captures sensitive details from infected systems. They tend to sniff out usernames and passwords stored on things like web browsers, email software or messaging apps. "Many people unknowingly treat their email accounts like free cloud storage and keep years' worth of sensitive documents, such as tax forms, medical records, contracts, and passwords without considering how sensitive they are," Fowler wrote. "This could create serious security and privacy risks if criminals were to gain access to thousands or even millions of email accounts. "From a cybersecurity perspective, I highly recommend knowing what sensitive information is stored in your email account and regularly deleting old, sensitive emails that contain PII, financial documents or any other important files. "If sensitive files must be shared, I recommend using an encrypted cloud storage solution instead of an email." 6 Essential Safety Tips for Online Shoppers The exposure serves as an important reminder that users must routinely change their passwords. It's not clear how long the database was left for anyone to see, but it's now been taken down. There's also no indication about who may be responsible for the large collection, which had a total of 184,162,718 records. Fowler reported the database to the web hosting platform World Host Group. The company's CEO told Wired: 'It appears a fraudulent user signed up and uploaded illegal content to their server. "The system has since been shut down. Our legal team is reviewing any information we have that might be relevant for law enforcement." TIME TO TRY PASSKEYS? Here's what security expert Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, told The Sun... 'Passwords are both hard to remember and in most cases, easy to guess. "I would venture to say that most users (especially older users) will reuse passwords, simply because of all of the websites and apps that require sign-ins. "While password managers do help, they are at best, a stopgap measure and do not offer full-ranging security for your login information. "Passkeys offer the advantage of eliminating the need to enter an email address and password to log in. "This is especially handy when users are logging in on an iPhone or Android device. "Passkeys have multiple advantages over passwords. Passkeys cannot be shared or guessed. "Passkeys are unique to the website or app they are created for, so they cannot be used to login elsewhere like a reused password can. "Plus, passkeys cannot be stolen in a data breach, as the passkeys are not stored on the company's servers. "But are instead are a private key stored only on your device, where biometric authentication (like face ID or Touch ID) is required to use the passkey.' Image credit: Getty
Arab News
6 days ago
- Health
- Arab News
No breach reported by any Pakistani government, private agency amid global data leak — official
ISLAMABAD: A spokesperson for Pakistan's National Cyber Emergency Response Team (NCERT) said on Tuesday no breach had been reported by any government agency or private company following a data breach affecting 184 million Internet users worldwide. NCERT released an advisory on May 25 regarding a major global data exposure incident involving a publicly accessible, unencrypted file containing more than 184 million unique account credentials. The breach exposed usernames, passwords, email addresses, and associated URLs linked to services from Google, Microsoft, Apple, Facebook, Instagram, Snapchat, as well as government portals, banking institutions, and health care platforms worldwide. 'As of now, no incidents of data breach have been reported to NCERT by any government or private organization within Pakistan,' Syed Imran Haider, the NCERT spokesperson, told Arab News, adding that his organization's incident management response team was 'vigilant, in contact with all relevant departments, and working around the clock' to monitor the situation. 'We are closely engaged with global CERTs and international cybersecurity platforms.' NCERT had provided cybersecurity guidelines to all government departments, and each organization had established its own infrastructure for data protection, Haider said. The leaked database is believed to have been compiled using infostealer malware, malicious software that extracts sensitive information from compromised systems, with the data then stored in plain text and left completely unprotected, with no encryption or password safeguarding, Haider explained. The NCERT advisory had recommended changing all passwords, especially those reused across accounts, and to activate multi-factor authentication on all services, particularly financial, email, and administrative accounts. 'Users are advised to use unique, complex passwords for every online service, avoid storing passwords in emails or unprotected files, consider a password manager to securely handle account credentials,' the NCERT spokesman said. Users were also advised to monitor account login activity for any anomalies and use credible online services that can help determine whether their email addresses, phone numbers, or other personal data have been exposed in a data breach. Commenting on the potential impact of the breach, cybersecurity expert Dr. Shahid Sultan said Pakistani users were at risk of personal account hijacking, identity misuse, and targeted scams due to the leaked login credentials. 'Banking and financial service accounts may be compromised, enabling unauthorized transactions and potential financial loss,' he told Arab News, calling on all users and organizations to remain vigilant, report suspicious activities, and act on the precautionary measures suggested by NCERT.
Zawya
6 days ago
- Business
- Zawya
ESET participates in operation to disrupt the infrastructure of Danabot infostealer
While primarily developed as an infostealer, Danabot also has been used to distribute additional malware, including ransomware. Danabot's authors promote their toolset through underground forums and offer various rental options to potential affiliates. This ESET Research analysis covers the features used in the latest versions of the malware, the authors' business model, and an overview of the toolset offered to affiliates. Poland, Italy, Spain and Turkey are historically one of the most targeted countries by Danabot. Dubai, UAE: ESET has participated in a major infrastructure disruption of the notorious infostealer, Danabot, by the US Department of Justice, the FBI, and US Department of Defense's Defense Criminal Investigative Service. U.S. agencies were working closely with Germany's Bundeskriminalamt, the Netherlands' National Police, and the Australian Federal Police . ESET took part in the effort alongside Amazon, CrowdStrike, Flashpoint, Google, Intel471, PayPal, Proofpoint, Team Cymru and Zscaler. ESET Research, which has been tracking Danabot since 2018, contributed assistance that included providing technical analysis of the malware and its backend infrastructure, as well as identifying Danabot's C&C servers. During that period, ESET analyzed various Danabot campaigns all over the world, with Poland, Italy, Spain and Turkey historically being one of the most targeted countries. The joint takedown effort also led to the identification of individuals responsible for Danabot development, sales, administration, and more. These law enforcement operations were conducted under Operation Endgame — an ongoing global initiative aimed at identifying, dismantling, and prosecuting cybercriminal networks. Coordinated by Europol and Eurojust, the operation successfully took down critical infrastructure used to deploy ransomware through malicious software. 'Since Danabot has been largely disrupted, we are using this opportunity to share our insights into the workings of this malware-as-a-service operation, covering the features used in the latest versions of the malware, the authors' business model, and an overview of the toolset offered to affiliates. Apart from exfiltrating sensitive data, we have observed that Danabot is also used to deliver further malware, which can include ransomware, to an already compromised system,' says ESET researcher Tomáš Procházka, who investigated Danabot. The authors of Danabot operate as a single group, offering their tool for rental to potential affiliates, who subsequently employ it for their malicious purposes by establishing and managing their own botnets. Danabot's authors have developed a vast variety of features to assist customers with their malevolent motives. The most prominent features offered by Danabot include: the ability to steal various data from browsers, mail clients, FTP clients, and other popular software; keylogging and screen recording; real-time remote control of the victims' systems; file grabbing (commonly used for stealing cryptocurrency wallets); support for Zeus-like webinjects and form grabbing; and arbitrary payload upload and execution. Besides utilizing its stealing capabilities, ESET Research has observed a variety of payloads being distributed via Danabot over the years. Furthermore, ESET has encountered instances of Danabot being used to download ransomware onto already compromised systems. In addition to typical cybercrime, Danabot has also been used in less conventional activities such as utilizing compromised machines for launching DDoS attacks... for example, a DDoS attack against Ukraine's Ministry of Defense soon after the Russian invasion of Ukraine. Throughout its existence, according to ESET monitoring, Danabot has been a tool of choice for many cybercriminals and each of them has used different means of distribution. Danabot's developers even partnered with the authors of several malware cryptors and loaders, and offered special pricing for a distribution bundle to their customers, helping them with the process. Recently, out of all distribution mechanisms ESET observed, the misuse of Google Ads to display seemingly relevant, but actually malicious, websites among the sponsored links in Google search results stands out as one of the most prominent methods to lure victims into downloading Danabot. The most popular ploy is packing the malware with legitimate software and offering such a package through bogus software sites or websites falsely promising users to help them find unclaimed funds. The latest addition to these social engineering techniques are deceptive websites offering solutions for fabricated computer issues, whose only purpose is to lure victims into execution of a malicious command secretly inserted into the user's clipboard. The typical toolset provided by Danabot's authors to their affiliates includes an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communications between the bots and the actual C&C server. Affiliates can choose from various options to generate new Danabot builds, and it's their responsibility to distribute these builds through their own campaigns. 'It remains to be seen whether Danabot can recover from the takedown. The blow will, however, surely be felt, since law enforcement managed to unmask several individuals involved in the malware's operations,' concludes Procházka. For technical overview of Danabot and insight into its operation, check out ESET Research blogpost: 'Danabot: Analyzing a fallen empire' on Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs. Media Contact Sanjeev Vistar Communications PO Box 127631 Dubai, UAE Email: sanjeev@
Forbes
24-05-2025
- Forbes
Windows Passwords Are Under Attack — Do These 7 Things Now
Beware these Windows CAPTCHA attacks. SOPA Images/LightRocket via Getty Images Microsoft Windows is always a premier target for cybercriminal actors, and more often than not, passwords are front and center of their campaign payloads. Be it the pray and spray hackers employing automatic password hacking machines, state-sponsored advanced persistent threat groups targeting the enterprise, or even warnings from security researchers about the threat presented by Copilot AI for SharePoint, Windows passwords are the most valuable of low-hanging fruits. Now Trend Micro has confirmed how one particular password threat is making a determined effort to get hold of yours. Here are seven things you need to do to stop your organization being the next victim of the Captcha hackers. The Completely Automated Public Turing test to tell Computers and Humans Apart, thankfully shortened to Captcha, is something that we have all encountered and all have much the same hatred for. Being asked to select squares containing images of bicycles or ticking a checkbox to prove we are not a robot (wouldn't a robot be able to do that?) are largely pointless at the best of times, and downright dangerous at the worst. If AI cannot solve a Captcha more often than not, then, frankly, we have nothing to fear from our robot overlords. What we do have to fear, however, are hackers using Captcha methods to initiate an infostealer malware infection chain that ultimately leads to password compromise. he latest Trend Micro research takes a deep dive into the technical details behind what it refers to as 'a notable surge in fake Captcha cases.' As always, I recommend you go and read that report in full if it is the technical teardown that you are after. The TL;DR, however, is that this wave of fake Captcha attacks is tricking users into pasting malicious commands into the Windows Run dialog, with payloads executed in memory and often employing PowerShell. 'These attacks enable data exfiltration, credential theft, remote access, and loader deployment,' the Trend Micro researchers warned, 'via malware such as Lumma Stealer, Rhadamanthys, AsyncRAT, Emmental, and XWorm.' Yes, Microsoft has just led a global operation to dismantle much of the Lumma Stealer network infrastructure. No, that doesn't mean you are now safe. As one player is disrupted, so others rise to fill the void. 'These campaigns abuse multiple legitimate platforms, including file-sharing services, content and search platforms, music repositories, URL redirectors and document hosts,' Trend Micro said, and those using Windows operating systems where minimal script execution restrictions are employed are most at risk. Microsoft has recommended that 'customers always practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers,' as well as 'switching to Passkeys wherever possible and using authentication apps such as Microsoft Authenticator, which warn users about potential phishing attempts.' The Trend Micro report, however, concludes that organizations should apply the following seven mitigations: Of course, if you really care about your Windows passwords, I would also add that opening the Windows Run window by pressing Windows+R, pasting the clipboard's content in the run window using CTRL+V, and then pressing Enter to execute it, isn't the best response to a supposed Captcha text. Think smart and don't do that, OK?
