Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Lumma Stealer is a fully-featured crimeware solution that’s offered for sale under the malware-as-a-service (MaaS) model, giving a way for cybercriminals to harvest a wide range of information from compromised Windows hosts. In early 2024, the malware operators announced an integration with a Golang-based proxy malware named GhostSocks.

“The addition of a SOCKS5 backconnect feature to existing Lumma infections, or any malware for that matter, is highly lucrative for threat actors,” Infrawatch said.

“By leveraging victims’ internet connections, attackers can bypass geographic restrictions and IP-based integrity checks, particularly those enforced by financial institutions and other high-value targets. This capability significantly increases the probability of success for unauthorized access attempts using credentials harvested via infostealer logs, further enhancing the post-exploitation value of Lumma infections.”

Read more | >

It’s worth noting that the intrusion set distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with another remote access trojan tracked as ValleyRAT.

“They are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,” Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, told The Hacker News.

“Winos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time. Winos was a name commonly used in 2023 and 2024 while now ValleyRAT is more commonly used. The tool is constantly evolving, and it has both local Trojan/RAT capabilities as well as a command-and-control server.”

Read more | >

A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.

This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and currently has 800,000 active bots.

In September 2024, Dr. Web antivirus researchers found 1.3 million devices across 200 countries compromised by Vo1d malware via an unknown infection vector.

Read more | >

Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content.

An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China (aka ‘cg-dot’), and Phát Phùng Tấn of Vietnam (aka ‘Asakuri’).

As the company explained today, these threat actors are key members of a global cybercrime gang that it tracks as Storm-2139.

Read more | >

Organizations that rely solely on interactive sign-in monitoring are likely blind to these attacks and its risks, which include account takeovers, business disruption, lateral movement, multifactor authentication (MFA) invasion, and conditional access policies (CAP) bypass potential.

“For organizations heavily reliant on Microsoft 365, this attack is a wake-up call,” said Darren Guccione, CEO and co-founder at Keeper Security, in an emailed statement to Dark Reading. “Robust cybersecurity isn’t just about having MFA — it’s about securing every authentication pathway. A password manager enforces strong, unique credentials while minimizing exposure to credential-based attacks. For noninteractive authentication, privileged access management (PAM) is essential, ensuring least-privilege access, regular credential rotation, and real-time monitoring of service accounts.”

As for the threat actors, the researchers believe that it is likely a Chinese-affiliated group, though this theory remains unconfirmed.

Read more | >

In today’s AI news, Meta, the parent company of Facebook, and other leading social media platforms, is looking to raise as much as $35 Billion to build data centers in the US. Apollo Global Management Inc., an alternative asset manager has discussed providing a major part of the financing, said the people, who asked not to be identified. KKR & Co. is also a part of the investor group.

In other advancements, With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today emerging from stealth with $12 Million in funding. Archipelo’s pitch is that it has a platform for “Developer Security Posture Management” (DevSPM).

S integration with Suno, you can turn simple, creative requests into songs. ‘ + And, In its annual letter, payments giant Stripe declared that it was “seeing an AI boom” with its data, revealing that artificial intelligence startups are growing more rapidly than traditional SaaS companies have historically. In a chart, Stripe showed that the top 100 AI companies were able to achieve $5 million in annualized revenue in 24 months in 2024 compared to the top 100 SaaS companies taking 37 months.

In videos, ever wondered how to enhance your AI performance? IBM’s Susan Eickhoff shows how to boost AI performance using an ensemble of models, combining traditional AI and large language models. Learn structured data analysis and dynamic prediction methods.

And, since its launch in 2020, Project Aria has propelled research across the world to advance the state of the art in machine perception and AI, through access to cutting-edge research hardware and open-source datasets, models, and tooling. Today, Meta is excited to announce the next step in this journey: the introduction of Aria Gen 2 glasses.

Continue reading “Meta In Talks To Raise Billion For Data Center With Financing Led By Apollo Global” | >