Cybercriminals Abuse AI Website Creation App For Phishing

Cybercriminals are exploiting an AI-powered website creation platform called Lovable to generate fraudulent websites for credential phishing and malware delivery. The threat actors create or clone sites impersonating well-known brands, use CAPTCHA for filtering, and post stolen credentials to Telegram. Campaigns observed include Tycoon phishing, payment and personal data theft, cryptocurrency wallet draining, and malware distribution. The ease of use of such AI tools significantly lowers the barrier to entry for cybercriminals, allowing them to quickly create convincing phishing pages. While Lovable has implemented new security measures, organizations are advised to consider allow-listing policies for frequently abused tools.

Pulse ID: 68a66a49869588c8cfb1af6a
Pulse Link: https://otx.alienvault.com/pulse/68a66a49869588c8cfb1af6a
Pulse Author: AlienVault
Created: 2025-08-21 00:37:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CAPTCHA #CyberSecurity #DataTheft #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #RAT #Telegram #bot #cryptocurrency #AlienVault

How normalised is his mushroom on the squeezed end of the bell curve? With extreme poverty on the left and privileged ICE poverty on the right, it won’t work well. All thanks to a delusional tea party to be mimicked but on bad odds by Reform in the U.K., the AfD in Germany and VOX in Spain etc. #TranshumanistData #DataTheft #GDPR #Normalisation #Assimilation #TheBorg #TheFederation

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

A malware campaign utilizing malvertising has been distributing PS1Bot, a sophisticated multi-stage framework implemented in PowerShell and C#. PS1Bot features modular design, enabling information theft, keylogging, reconnaissance, and persistent system access. The malware minimizes artifacts and uses in-memory execution techniques for stealth. Active since early 2025, PS1Bot's information stealer targets cryptocurrency wallets and employs wordlists to identify files containing passwords and seed phrases. The campaign overlaps with previously reported Skitnet activities and uses similar C2 infrastructure. Delivery involves compressed archives with obfuscated scripts, leading to PowerShell modules for antivirus detection, screen capture, data theft, keylogging, and system information collection. Persistence is established through startup directory manipulation.

Pulse ID: 689bb3c9004eca543a36d5fc
Pulse Link: https://otx.alienvault.com/pulse/689bb3c9004eca543a36d5fc
Pulse Author: AlienVault
Created: 2025-08-12 21:36:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DataTheft #InfoSec #InformationTheft #Malvertising #Malware #Nim #OTX #OpenThreatExchange #Password #Passwords #PowerShell #Word #bot #cryptocurrency #AlienVault

Infrastructure of Interest: High Confidence InfoStealer

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft.

Pulse ID: 68944f2e9f9c9eb0ffe45b5c
Pulse Link: https://otx.alienvault.com/pulse/68944f2e9f9c9eb0ffe45b5c
Pulse Author: AlienVault
Created: 2025-08-07 07:01:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cookies #CyberSecurity #DataTheft #Endpoint #ICS #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #RCE #bot #AlienVault

Infrastructure of Interest: Medium Confidence InfoStealer

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft.

Pulse ID: 6894566bd94b79b7fbdbade1
Pulse Link: https://otx.alienvault.com/pulse/6894566bd94b79b7fbdbade1
Pulse Author: AlienVault
Created: 2025-08-07 07:31:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cookies #CyberSecurity #DataTheft #Endpoint #ICS #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #RCE #bot #AlienVault

New Arsenal: LAMEHUG, the First AI-Powered Malware

APT28, a Russian threat group, has developed LAMEHUG, a Python-based malware that utilizes AI to generate and execute system commands. This malware, targeting Ukraine's security and defense sector, begins with a phishing email containing a malicious attachment. LAMEHUG employs the Qwen 2.5-Coder-32B-Instruct model via Hugging Face API to translate text instructions into system commands. It performs system reconnaissance, data theft, and exfiltration using AI-generated commands. The malware collects system information, searches for documents, and exfiltrates data via SFTP or HTTP POST requests. Multiple variants of LAMEHUG have been identified, each with different data exfiltration methods. This marks a significant evolution in malware capabilities, incorporating large language models to enhance attack flexibility and sophistication.

Pulse ID: 68948bfb370ac711edbb5278
Pulse Link: https://otx.alienvault.com/pulse/68948bfb370ac711edbb5278
Pulse Author: AlienVault
Created: 2025-08-07 11:20:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APT28 #CyberSecurity #DataTheft #Email #HTTP #HuggingFace #InfoSec #Malware #OTX #OpenThreatExchange #Phishing #Python #RAT #Russia #UK #Ukr #Ukraine #bot #AlienVault

Because #Codeberg Pages is under indefinite development, and Microsoft et al. more evil by the day, I've updated this Github Pages to Codeberg tutorial: https://www.arscyni.cc/file/codeberg.html

It simply offloads the hosting to https://www.statichost.eu whose founder was kind enough to answer even trivial questions.

#BuyEuropean #Enshittification #GDPR #DataTheft

FAKE TELEGRAM PREMIUM SITE DISTRIBUTES NEW LUMMA STEALER VARIANT

A malicious campaign using the domain 'telegrampremium[.]app' is distributing a new variant of Lumma Stealer malware. The fake site mimics the official Telegram Premium platform and automatically downloads an executable file 'start.exe' upon access. This sophisticated information-stealing trojan can exfiltrate browser credentials, cryptocurrency wallet details, and system information. The malware employs various techniques for persistence, defense evasion, and data theft, including file system manipulation, registry modification, and clipboard operations. The campaign highlights the ongoing use of brand impersonation and social engineering for large-scale malware distribution, emphasizing the need for robust security measures and user awareness.

Pulse ID: 688ee51c244879cbcd8b5826
Pulse Link: https://otx.alienvault.com/pulse/688ee51c244879cbcd8b5826
Pulse Author: AlienVault
Created: 2025-08-03 04:27:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Clipboard #CyberSecurity #DataTheft #ICS #InfoSec #LummaStealer #Malware #Mimic #OTX #OpenThreatExchange #RAT #SocialEngineering #Telegram #Trojan #bot #cryptocurrency #AlienVault

@mfioretti_en To any that doubt that Trump is accelerating the push for a violent totalitarian world order, than explain the increase in racketeering e.g. Thiel’s acquisition of NHS data to be used as blackmail to finance their Neo-Nazi programme? Government collaboration and submission to his ultras’ final solution of ecocide; pushback against necessary environmental protections is as real as it gets. If any of us or our children survive their great ecocide collapse it likely be an intervention from Nature itself! https://www.splcenter.org/resources/hatewatch/white-nationalist-who-met-peter-thiel-admired-terroristic-literature/ #Purges #Genocides #Resistance #OligarchsAreNeoNazis #Ecocide #RevolutionOrExtinction #DataTheft #3rdPartyTakeovers #FascistDeathCults #CivilWars #TheHegemonyOfHydra #FascistTech

So, Lemmy.world does not know how to respect me by returning all of my data that they stole from me, which is a violation of respect for the human being, as stated in the Universal Declaration of Human Rights.

#DataPrivacy #HumanRights #LemmyWorld #UDHR #DigitalRights #PrivacyMatters #DataTheft #OnlineFreedom #CyberEthics #HumanDignity #InternetPrivacy #DataProtection #TechAccountability #PrivacyViolations #DigitalJustice #MyDataMyRights #TechEthics #OnlineSafety #HumanRightsOnline #StandUp

Coyote malware abuses Windows accessibility framework for data theft
https://www.bleepingcomputer.com/news/security/coyote-malware-abuses-windows-accessibility-framework-for-data-theft/

#Infosec #Security #Cybersecurity #CeptBiro #Coyote #Malware #Windows #AccessibilityFramework #DataTheft

🚨 British hacker #IntelBroker faces extradition to U.S. 💰 Over $25M in damages from 40+ company breaches 💻 Victims include Cisco, AMD, Ford, and healthcare providers 🏥 Healthcare data including SSNs and medical plans stolen #CyberCrime #DataTheft #CyberSecurity 👉 https://www.netsec.news/cyber-criminal-extradition-to-the-us/

“Suno, for those of you not familiar, is an #AI #SongGenerator: enter a text prompt (such as “a jazz, reggae, EDM pop song about my imagination”) and a song comes back. Like many #GenerativeAI companies, it is also being sued by all and sundry for ingesting #copyrighted #material. The parties in the suit — including major labels and the #RIAA — don’t have a smoking gun, since they can’t directly peek at Suno’s #TrainingData. But they have managed to generate some suspiciously similar-sounding AI generated materials, #mimicking (among others) “Johnny B. Goode,” “Great Balls of Fire,” and Jason Derulo’s habit of singing his own name.

#Suno essentially admits these songs were #regurgitated from #copyrighted source material, but it says such use was legal. “It is no secret that the tens of millions of #recordings that Suno’s model was trained on presumably included recordings whose rights are owned by the Plaintiffs in this case,” it says in its own legal filing. Whether AI training data constitutes fair use is a common but unsettled legal argument, and the plaintiffs contend Suno still amounts to “pervasive #illegal #copying” of artists’ works.”

#NYA / #music / #ElizabethLopatto / #amazon / #DataTheft <https://neilyoungarchives.com/news/3/article?id=Music%20-%20Amazon%20is%20blundering%20into%20an%20AI%20copyright%20nightmare>

Those refusing WhatsApp are often considered Luddites; "There's no escaping for-profit privacy intrusion / mass surveillance anyway." False. It's actually the general populace that are the Luddites for not using Matrix, etc.

#Privacy #encryption #WhatsApp #Matrix #Tox #surveillance #DataTheft

Google secretly used Android users’ mobile data to collect info for ads—even when phones were idle—making users unknowingly pay for surveillance. A jury ruled this wasn’t just a privacy breach, but actual financial harm.

#Google #Android #DataPrivacy #TechNews #Surveillance #DataTheft #PrivacyBreach #UserRights #HiddenCosts

Read Full Article Here :- https://www.techi.com/google-android-data-lawsuit-privacy-costs-users/

Discover the LapDogs Cyber Espionage Operation targeting SOHO devices. Enhance network security now! #CyberThreats #DataTheft #NetworkSecurity https://redoracle.com/News/Unveiling-the-LapDogs-Cyber-Espionage-Operation.html

Recent cybersecurity incidents have exposed vulnerabilities in Chrome extensions and the emergence of the BingoMod banking Trojan. Stay informed! #Cybersecurity #Malware #DataTheft https://redoracle.com/News/Cybersecurity-Challenges-Chrome-Extensions-and-Banking-Trojan.html

Five reasons hackers deploy #Malware: Financial gain 💰 System disruption 🔒 Espionage 🕵️ IP theft 📊 Resource hijacking ⚡ Understanding motivations strengthens defense strategies #CyberSecurity #CyberThreats #DataTheft #Ransomware #IdentityTheft #CyberDefense 👉 https://www.defensorum.com/malware/

Learn how to safeguard your personal data while traveling through public charging ports. #DataTheft #TravelSafety #CyberSecurity https://redoracle.com/News/Charging-Port-Security-Safeguarding-Personal-Data-While-Traveling.html

🏥 Kettering Health restores Epic EHR after ransomware attack 💻 Incident disrupted multiple Ohio medical centers 🔒 Interlock group publishes 941 GB of stolen data 📱 Fraudulent calls and emails targeting public📞 Phone systems and MyChart still offline #Ransomware #Healthcare #CyberSecurity #DataTheft 👉 https://www.netsec.news/kettering-health-ransomware-attack/