Cybercriminals Use Fake Online Popularity to Spread Crypto-Stealing Malware
Cybersecurity researchers have uncovered a scam campaign in which a threat actor uses many of the same marketing tactics as legitimate companies to make malicious software appear trustworthy. The operation promotes fake cryptocurrency and gambling tools through news-site press releases, GitHub and SourceForge projects, YouTube videos, and coordinated positive reviews and ratings across multiple platforms.
The software being promoted actually contains malware known as a “clipboard hijacker.” Once installed on a Windows or Mac computer, it watches for copied cryptocurrency wallet addresses and secretly replaces them with an attacker-controlled address. As a result, victims who try to send cryptocurrency may unknowingly transfer their funds to the criminals instead.
What makes the campaign unusual is its large-scale effort to manufacture credibility. The attackers allegedly inflate download counts, post glowing reviews, create tutorial videos with AI-generated narration, and even manipulate security platforms to make malicious files appear safe. Researchers warn that this strategy of building fake online trust could be used in the future to spread even more dangerous threats, such as information-stealing malware or ransomware.
INC Ransomware Grows by Perfecting Proven Attack Tactics
INC is a rapidly growing ransomware group that has become one of the most active cybercrime operations since emerging in 2023. Researchers say the group benefited from the decline of other major ransomware gangs and has claimed more than 800 victims, particularly targeting organizations such as healthcare providers, schools, manufacturers, and legal firms that face strong pressure to restore operations quickly after an attack.
Rather than relying on sophisticated new hacking techniques, INC succeeds by consistently using common methods that work. The group gains access through phishing emails, stolen passwords, and known software vulnerabilities, then steals sensitive data and locks computer systems. Victims are often threatened with both operational disruption and public exposure of their data unless a ransom is paid.
Security experts believe INC's success comes from its ability to scale its operations efficiently and attract a large network of partners. The group's malware is effective but not especially innovative, showing that cybercriminals do not always need advanced tools to cause major damage. Researchers recommend organizations reduce risk by keeping systems updated, strengthening access controls, and maintaining secure, tested backups of important data.
Microsoft Prepares Fix for RoguePlanet Defender Flaw
Microsoft has confirmed it is developing a security update to fix a newly disclosed vulnerability in Microsoft Defender, known as "RoguePlanet." The flaw could allow an attacker who already has access to a computer to gain higher system privileges, potentially giving them greater control over the device.
The issue was publicly revealed by a security researcher, who said the exploit can sometimes grant the highest level of system access on affected machines. Microsoft is investigating and preparing a patch. RoguePlanet is the fourth Microsoft Defender vulnerability reported by the same researcher in recent months, following three earlier flaws that Microsoft has already fixed.
Defensible Strategies
Learn from those who have been attacked
Stolen Fortinet Credentials Put Thousands of Organizations at Risk
A massive collection of stolen login credentials linked to approximately 75,000 Fortinet firewall devices has been discovered, potentially affecting more than 21,000 organizations worldwide. Security researchers verified that many of the credentials are genuine and belong to major companies across numerous industries, raising concerns that attackers could gain unauthorized access to corporate networks.
According to researchers, cybercriminals used large-scale password-cracking efforts to obtain VPN and administrative login credentials from internet-facing Fortinet devices. The stolen data reportedly enabled attackers to compromise some organizations, including at least one defense contractor, highlighting the serious risks posed by exposed or weak credentials.
Experts are urging organizations that use Fortinet firewalls to immediately reset passwords, enable multi-factor authentication, and review their security settings. Fortinet stated that the leaked credentials appear to come from older incidents and password-cracking activity rather than a new breach, but security professionals still recommend treating the exposed credentials as a significant threat and taking preventive action.
Kodak Investigates Data Breach Claimed by ShinyHunters Group
Kodak has confirmed it is investigating a cybersecurity incident after hackers gained unauthorized access to a limited amount of company data. The company says it has brought in outside security experts and is working with law enforcement, adding that its operations and systems remain secure.
The extortion group known as ShinyHunters has claimed responsibility for the breach, alleging it stole more than 2.2 million records containing customer personal information and internal company data. The group has threatened to release the data unless contacted by a deadline, a common tactic used to pressure victims into paying or negotiating.
Kodak has not yet confirmed how the attackers gained access or verified the full scope of the stolen data. However, ShinyHunters is a known cybercrime group linked to multiple large-scale attacks on other companies and platforms, often targeting customer databases through security weaknesses or third-party services.