toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

295
active users

#phishkit

0 posts0 participants0 posts today

🚨 Fake Booking.com phishing pages used to deliver malware and steal data
⚠️ Attackers use #cybersquatting, mimicking Booking website to create legitimate-looking phishing pages that trick users into executing malicious actions.
Leveraging #ANYRUN's interactivity, security professionals can follow the entire infection chain and gather #IOCs.

👨‍💻 Case 1: The user is instructed to open the Run tool by pressing Win + R, then Ctrl + V to paste the script, and hit Enter. This sequence of actions executes a #malicious script that downloads and runs malware, in this case, #XWorm.
Take a look at the analysis: app.any.run/tasks/61fd06c8-233

🔍 TI Lookup request to find domains, IPs, and analysis sessions related to this campaign:
intelligence.any.run/analysis/

🎯 Use this search query to find more examples of this fake #CAPTCHA technique and enhance your organization's security response:
intelligence.any.run/analysis/

👨‍💻 Case 2: In this scenario, threat actors aim to steal victims’ banking information. It’s a typical phishing site that mimics Booking website and, after a few steps, prompts users to enter their card details to ‘verify’ their stay.
See example: app.any.run/tasks/87c49110-90f

📌 A key domain in this campaign, Iili[.]io, was also used by #Tycoon2FA #phishkit.
🔍 Use this TI Lookup query to find more examples:
intelligence.any.run/analysis/

Investigate the latest #malware and #phishing attacks with #ANYRUN 🚀