Cybercriminals are using credential phishing sites to trick users into entering their credentials into fake login pages of email and collaboration platforms and videoconferencing apps.
Many attackers are switching from file-based malware to memory-based attacks to improve their stealth. “Fileless,” “zero-footprint,” or “living off the land” threats use legitimate applications to carry out malicious activities.
A variant of Loki info stealer that we detected through our honeypot is propagated as Windows CAB file email attachments. It uses process hollowing to evade detection.