Latest news with #passwordattack
Forbes
20-07-2025
- Forbes
This Password Hack Jumps From Laptop To Smartphone — Attacks Underway
Scanception password attack magically jumps from laptop to smartphone. Your passwords are under attack. It really is as simple as that. I mean, it's not surprising when 98.5% fail the most basic password hacking test, and cross-service password reuse just adds fuel to the credentials attack fire. Behind much of this barrage of threat actor activity lies one tactic: phishing. One newly analysed and ongoing password hacking campaign, given the name Scanception by security researchers, uses a transitional tactic to switch the attack from your laptop to your smartphone, which is likely to have much less protection. Here's what you need to know. The Scanception Password Hack Attack Explained At the heart of the Scanception password hack campaign, as analyzed by the Cyble Research & Intelligence Labs team, is an old friend of the Forbes cybersecurity section, quishing. Oh my goodness, I just used that awful word, didn't I? QR code phishing, to be a little longer-winded but much less cheesy, is where the scanning of a QR code takes the unsuspecting user to a malicious site where harm can be done. That might be by way of malware downloads, including infostealers, or more straightforward credential theft involving a cloned account login page. 'The attack chain typically begins with a phishing email containing a PDF lure that urges recipients to scan an embedded QR code,' the Cyble report said, noting this technique 'effectively bypasses traditional email security and endpoint protection controls by shifting the attack surface to unmanaged personal mobile devices.' In the space of just 12 short weeks, the threat actors behind the Scanception campaign, which is very much still active, ongoing and evolving, have used at least 600 unique PDF document lures, and Cyble reported that 'nearly 80% of the quishing PDFs we observed had zero detections on VirusTotal.' The attack has so far targeted a broad sweep of users across North America, EMEA and APAC regions, and high-value industries appear to be favored by the threat actors behind the campaign. These include tech, healthcare, manufacturing and financial sectors. Rather cleverly, the attackers have embedded the malicious QR code at the very end of a four-page PDF that appears legitimate. No doubt intended to evade those detection methods that only scan the start of a document, rather than the whole thing. To scan the QR code and access the further information it promises, the user must use their smartphone camera, thereby shifting the attack from the laptop to the phone. Mitigating The Scanception Password Hack Attacks The Cyble Research & Intelligence Labs team recommended the following mitigation measures:
Forbes
08-06-2025
- Forbes
New Apple Passwords Attack Confirmed — What You Need To Know
New macOS password attack hits Apples users. Although it is far more commonplace to read about password attacks against users of the Windows operating system, or targeting services such as Gmail, the truth of the matter is that nobody is safe from the credential-theft threat as this newly confirmed Apple password-stealing attack illustrates. Here's what you need to know about the AMOS campaign targeting macOS users. The latest adversary intelligence report from Koushik Pal, a threat researcher at CloudSEK, has warned users that a newly identified Atomic macOS stealer campaign utilizing a previously unknown variant has been observed targeting the Apple operating system. Although this latest and ongoing threat leverages well-known existing tactics and techniques, such as the Clickfix fake CAPTCHA screen and multi-platform social engineering, the danger it poses to macOS users remains high nonetheless. Better known as AMOS, this latest variant of the Atomic macOS Stealer has been observed using Clickfix attack sites that impersonate a U.S. support services company within the cable TV, internet provision, mobile phone, and managed services sectors. The brand impersonation in this case is made possible by way of typo-squatting domains that appear similar to the genuine article. 'The macOS users are served a malicious shell script designed to steal system passwords and download an AMOS variant for further exploitation,' Pal warned. This script then uses native macOS commands to 'harvest credentials, bypass security mechanisms, and execute malicious binaries.' This is, to be fair, as significant a threat to your Apple passwords as you are going to get. Targeting both consumer and corporate users, and highlighting a trend in such multi-platform social engineering attacks, Pal said that source code comments suggested that Russian-speaking cybercriminals are behind the new AMOS threat campaign. The AMOS malware utilises legitimate utilities to circumvent endpoint security controls and extract macOS user passwords, which can then be used for lateral movement or sold to initial access brokers for use in other cybercriminal campaigns, including ransomware attacks. Users should be educated about the tactics used by such Apple passwords-stealing campaigns, Pal recommended by way of mitigation, 'especially those disguised as system verification prompts.'
