New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile

A new malicious campaign has been discovered targeting users searching for PDF documents online. The attack uses fake CAPTCHAs and CloudFlare Turnstile to deliver LegionLoader malware, which then installs a malicious browser extension. The infection chain involves a drive-by download, execution of a VMware-signed application that sideloads a malicious DLL, and use of process hollowing to inject the LegionLoader payload. The browser extension, disguised as 'Save to Google Drive', is installed on Chrome, Edge, Brave and Opera browsers to steal sensitive user data and monitor Bitcoin activities. The campaign has affected over 140 customers, primarily in North America, Asia and Southern Europe, with technology and financial services sectors being the most targeted.

Pulse ID: 67f0e1fafb3df4665f729a46
Pulse Link: https://otx.alienvault.com/pulse/67f0e1fafb3df4665f729a46
Pulse Author: AlienVault
Created: 2025-04-05 07:55:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

@microsoft @microsoftedge @windows
@WindowsInsider - The New Game Bar in Edge is pretty snazzy!!! Just Sayin' #gaming #gamebar #edge #Microsoft #Windows11Pro #tech

Local Time Converter - Convert Current or a Custom Time from any Region to Local Time.
https://apps.microsoft.com/detail/9p5h6cx8rdz7
.
#Date #Time #TimeZone #Clock #Local #Converter
#Firefox #Chrome #Opera #Edge #Safari
#windows #windows11 #windows10 #Windows7
#Android #Amazon #AmazonAppstore

Silent Credit Card Thief Uncovered

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persistent access, harvesting and exfiltrating sensitive financial data. The attack workflow involves system reconnaissance, downloading additional malicious files, and injecting scripts into web pages. The threat actor uses unique identifiers to track victims and employs sophisticated techniques to evade detection. The campaign demonstrates the evolving nature of web-based credit card skimming threats, highlighting the need for enhanced security measures against LNK-based attacks and unverified browser extensions.

Pulse ID: 67efc6e92fbd533808f09435
Pulse Link: https://otx.alienvault.com/pulse/67efc6e92fbd533808f09435
Pulse Author: AlienVault
Created: 2025-04-04 11:47:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

The PoisonSeed campaign is targeting enterprise organizations and individuals outside the cryptocurrency industry by phishing CRM and bulk email provider credentials. The attackers export email lists and send bulk spam from compromised accounts, primarily to support cryptocurrency spam operations. The campaign uses a novel cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into copying them into new cryptocurrency wallets for future compromise. While similarities exist with Scattered Spider and CryptoChameleon groups, PoisonSeed is currently classified separately due to unique characteristics. The campaign has targeted companies like Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho, using sophisticated phishing techniques and automated processes to quickly exploit compromised accounts.

Pulse ID: 67ef8546d1d9ef9cd8e91906
Pulse Link: https://otx.alienvault.com/pulse/67ef8546d1d9ef9cd8e91906
Pulse Author: AlienVault
Created: 2025-04-04 07:07:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Who has two thumbs, just finished configuring and started #Microsoft #Edge and #Teams in #Slackware Linux using the #firejail isolation tool?

The audio in/out test worked on Teams. And Edge has connected to the $WORK account. This may mean I don’t have to reboot to Windows when working remotely

A few simple tweaks to your browser can reduce the amount of personal information you give up to advertisers and other tech companies. Here's what to change in Chrome, Edge, Firefox, and Safari.

#privacy #chrome #edge #firefox #browser
https://www.pcmag.com/explainers/want-more-privacy-online-change-these-browser-settings

My (small: around 75 systems) #MDM setup works now. It has *only* 1 flaw: it's #Miscrosoft #InTune

I could add my #ubuntu laptops to it, but:
1. I hate the idea of managing systems via such a closed system
2. I would be forced to install #edge and an InTune app, on Ubuntu!

Are there alternatives to manage my #linux computers centrally via an #opensource solution? Updates, apps and websites restrictions, ...

Microsoft Edge's Sidebar just got a big boost for AI users. Copilot within the Sidebar can now show previous conversations and it supports Think Deeper.

#microsoft #edge #browser #copilot #thinkdeeper
https://www.windowscentral.com/software-apps/browsing/my-favorite-microsoft-edge-feature-just-got-an-ai-upgrade-is-this-the-best-way-to-use-copilot-on-a-pc

Looking to enhance your gaming experience? Microsoft Edge is more than just a browser; it’s a gamer’s secret weapon. Let’s explore some common mistakes that could be slowing you down, and features to help you get ahead.

#microsoft #edge #browser #gaming
https://www.microsoft.com/en-us/edge/learning-center/five-common-mistakes-gamers-make

Microsoft today announced inline data protection for its enterprise-focused Edge for Business browser. It's designed to prevent employees from sharing sensitive company-related data into consumer GenAI apps.

#microsoft #edge #business #browser
https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html

Introducing Cosmonic Control: WebAssembly for enterprise. Built on Cloud Native Computing Foundation (CNCF) wasmcloud, Cosmonic Control is a powerful control plane for managing distributed apps across any #cloud, #Kubernetes, #edge, or on premise and self-hosted deployments! More details on the blog, and come see us at KubeCon + CloudNativeCon!

https://cosmonic.com/blog/engineering/2025-03-24-cosmonic-launches-cosmonic-control-webassembly-for-enterprise

Portapeles compartido con el navegador Microsoft Edge #windows #edge #portapapeles https://angelesbroullon.gitlab.io/entredragonesypinguinos/2025/03/19/20250319-portapapeles-compartido/

ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery

ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through drive-by downloads. Threat Actors compromise legitimate websites, injecting malicious JavaScript code that redirects users to convincing fake update pages for browsers like Chrome and Edge. These pages prompt users to download updates hosted on platforms such as Dropbox and OneDrive, which actually contain malware payloads. Notably, since late September, ClearFake has altered its code injection tactics, now utilizing smart contracts from the Binance Smart Chain.

Pulse ID: 67d940dac8271dd8807e87b9
Pulse Link: https://otx.alienvault.com/pulse/67d940dac8271dd8807e87b9
Pulse Author: AlienVault
Created: 2025-03-18 09:46:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Inside BRUTED: Black Basta (RaaS) Used Automated Brute Forcing Framework to Target Edge Network Devices

Black Basta ransomware group has been using a previously unknown brute forcing framework called BRUTED since 2023. This framework automates internet scanning and credential stuffing against edge network devices, including firewalls and VPN solutions. The group targets high-impact industries, with Business Services being the most targeted sector. BRUTED enables Black Basta affiliates to scale attacks and expand their victim pool. The framework supports multiple vendors and technologies, using specialized brute-force logic for each platform. Black Basta's strategy involves exploiting edge network devices for initial access, then targeting ESXi hypervisors to maximize operational impact. The leak of internal chat logs has likely disrupted Black Basta's operations, but former members may reintegrate into other ransomware-as-a-service ecosystems.

Pulse ID: 67d7e50822755960735448a7
Pulse Link: https://otx.alienvault.com/pulse/67d7e50822755960735448a7
Pulse Author: AlienVault
Created: 2025-03-17 09:02:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Black Basta Ransomware Use Brute Force Tactics to Exploit Edge Devices

Pulse ID: 67d5e1112c316ec5654f7635
Pulse Link: https://otx.alienvault.com/pulse/67d5e1112c316ec5654f7635
Pulse Author: cryptocti
Created: 2025-03-15 20:20:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.