eremit4

My latest research looks at digital #skimming in #LATAM as an ecosystem. #Stealer logs feed access, #SupplyChain abuse provides scale, and checkout skimmers quietly handle monetization. Full analysis and technical details here: sagehollow.world/posts/adversar… #CTI #Magecart #FinCrime

🗞️ Hunting Malicious Mining Pools: Pivoting Through Crypto Mining Infrastructure This blog post aims to demonstrate how we can correlate a small cluster of IOCs to identify a malicious mining pool associated with the Tangerine Turkey operation. Check it out: theshadowslights.com/posts/threat-h… CC: @johnk3r @_eremit4 @moval0x1 @akaclandestine @MichalKoczwara @1ZRR4H @struppigel

Mark Zuckerberg a/k/a shape shifting lizard man, has patented spooky internet ghost technology. Amazing. By training off your data, AI can emulate your existence on social media after you've died. Ever miss Grandmas schizo racist posts? Your heroin addict cousin getting into arguments with family members because he owes them money? Want to be constantly reminded of your friend tragic death? With Meta spooky internet ghost technology this is possible! Yay!

The "cursed harvest" continues. 🍄 New domain associated with Mycelial Mage PhaaS: [+] ingressar-portal[.]com Full analysis: sagehollow.world/posts/adversar…

North Korean actor UNC1069 is targeting the crypto sector with AI-enabled social engineering, deepfakes, and 7 new malware families. Get the details on their TTPs and tooling, as well as IOCs to detect and hunt for the activity detailed in our post 👇 bit.ly/4ckI3rD

Large phishing campaign aimed at Brazil, impersonating jusbrasil @Jusbrasil , using legitimate Microsoft @MsftSecIntel C2 tocadistribuidora./net translogvinece./net telefonesapple./com smartdistburstcn./net speedroutenetrixwb./net

Zscaler ThreatLabz has published a technical analysis of Marco Stealer, an information stealer that our team discovered that harvests sensitive information including browser data and cryptocurrency wallets. Marco Stealer uses HTTP-based C2 communication with AES encrypted payloads. Read the full analysis here: zscaler.com/blogs/security…

🚨 Tracking the Rise of Chinese Tap-to-Pay Android Malware Tap-to-pay fraud is no longer limited to stolen cards or physical proximity. Threat actors are now abusing NFC-enabled #Androidmalware to relay #paymentdata in real time, enabling remote, contactless fraud at scale. Our latest research uncovers how Chinese #cybercrime communities are industrializing this technique and turning it into a fully operational fraud ecosystem. Key Highlights: 🔹 Over 54 NFC-enabled Android malware samples identified, designed to relay payment APDUs remotely 🔹 Multiple Telegram-based vendors offering tap-to-pay malware as a service, complete with subscriptions, support, and custom regional builds 🔹 At least $355,000 in fraudulent transactions linked to a single illicit POS vendor between Nov 2024 and Aug 2025 🔹 #Smishing and #vishing campaigns actively used to trick victims into installing malware and tapping their cards 🔹 Mule networks and compromised mobile wallets enabling global, card-present fraud without physical cards Alongside these findings, the research provides in-depth technical analysis of TX-NFC, #NFU, and related variants, examining code overlaps, cash-out infrastructure, and key defensive considerations for #financialinstitutions and payment networks. Read the full research now: link.group-ib.com/3Li56bI

[1/4] 🇧🇷🎣 #Phishing campaign via WhatsApp targeting #Brazilian CNPJ-MEI Simples Nacional #threat #cybersec #CyberSecurity #IOC #threathunting

Good morning X.

+ @urlscanio

Instead of attribution, the hunt focuses on mechanics: credential capture flows, evolving exfiltration channels, and selectively reused infrastructure, consistent with a phishing-as-a-service model. #LATAM #EU #phishing #CTI #Outlook #AI #ThreatHunting sagehollow.world/posts/adversar…

Over the past months, I've been tracking a #phishing campaign targeting Spanish-speaking users. The operation relies on #Telegram and #Discord for exfiltration and #C2, shows indicators of AI-assisted development, and employs anti-analysis techniques in the wild.

The Mycelial Mage: Tracing a Spanish-Speaking Credential Theft Operation · The Sage Hollow #I recommend reading it; incredible research conducted by my friend. sagehollow.world/posts/adversar…

[1/4] Script obfuscation isn’t the problem people think it is. At runtime, everything must become readable and that’s where AMSI quietly does the heavy lifting. #CyberSecurity #CyberSec #InfoSec #Malware

@abuse_ch @ValidinLLC @P4nd3m1cb0y + wss://cloud.pichat.buzz

IOCs: onlinechatmatrix․/xyz onlinechatmatrix./store onlinechatmatrix./online onlinesupportmatrix․/support onlinesupportmatrix./org onlinesupportmatrix./xyz supportstreamonline/.com @abuse_ch @ValidinLLC @P4nd3m1cb0y

A Magecart campaign targeting LATAM e-commerces via GTM side-loading. Actors compromise CMS blocks to inject a secondary container, establishing a persistent WebSocket (WSS) tunnel for stealthy exfiltration. [+] #CTI #Magecart #InfoSec #LATAM #Skimming

@vxunderground @cyberwarfarelab Drill baby drill 🙀

I have 500 @cyberwarfarelab vouchers. I've given away 17. It is really, really, really hard to coordinate 500 vouchers to random people. I'm tired.