Alleged Scattered Spider hackers Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, Joel Martin Evans, and Tyler Robert Buchanan have been indicted for their involvement in a prolonged cryptocurrency theft operation that involved SMS phishing, corporate system compromise, and further phishing intrusions.
Clicking on the ads including alerts on compromised passwords redirects targets to a Chrome Web Store-spoofing page, which prompts the download of the fake update in the guise of a browser extension, according to a Bitdefender report.
While SVG primarily enables the crafting of images using text, lines, and shapes in code rather than pixels, such files could also be utilized to show HTML and facilitate JavaScript execution in credential-stealing phishing forms.
Aside from facilitating email address extraction from public GitHub profiles, GoIssue — which also features proxy support, customizable email templates, and token management capabilities — also enables the automation of targeted phishing campaigns that could result in developer credential theft, private repository access, or malware delivery, a SlashNext report showed.
Threat actors leveraged search results for the query 'Are Bengal Cats legal in Australia?' which when clicked enabled the download of a malicious ZIP archive installing the GootKit information-stealing payload and remote access trojan, according to a Sophos report.
