Cybercriminals are exploiting trust and social engineering at scale, preying on unsuspecting victims across industries. The Russian-speaking cybercrime gang Crazy Evil has been linked to over 10 social media scams, tricking users into installing malware like StealC and AMOS. Operating primarily through Telegram, the group specializes in identity fraud, cryptocurrency theft, and info-stealers.

A wedding invitation should bring good news, not malware. Hackers in Malaysia and Brunei are targeting users with fake wedding invites spread via WhatsApp and Telegram, tricking them into installing a new Android malware called Tria. The campaign resembles UdangaSteal but focuses on new social engineering tactics.

Even the tightest security can come undone with a race condition. Apple patched a critical vulnerability in macOS Sonoma, Sequoia, and iPadOS, which allowed hackers to escalate privileges and run code at the kernel level. Apple fixed the issue by improving memory management, but this serves as another reminder that even the most secure systems need constant vigilance.

Top Malware Reported in the Last 24 Hours

Crazy Evil focuses on crypto heists

A Russian-speaking cybercrime gang Crazy Evil has been linked to over 10 social media scams that manipulate victims into installing malware like StealC and AMOS in the cryptocurrency and software sectors. They focus on identity fraud, cryptocurrency theft, and info-stealers. Active since 2021, Crazy Evil exploits digital assets like NFTs and cryptocurrencies, generating over $5 million in illegal revenue and affecting thousands of devices globally. The group operates primarily via Telegram, with many sub-teams each specializing in various scams to trick users into downloading malware disguised as legitimate software.

Android malware Tria hits Malaysia and Brunei

Hackers are targeting users in Malaysia and Brunei with fake wedding invitations to spread new Android malware Tria. Since mid-2024, they have been using Telegram and WhatsApp to send invitations that prompt users to install a rogue app. This malware steals sensitive data from messages, emails, and call logs, aiming to control victims' WhatsApp and Telegram accounts and send fraud requests. The attacks resemble a previous campaign 'UdangaSteal' but differ in tactics and targets.

CISA warns about a backdoor in Contec devices

The CISA issued a warning about Contec CMS8000 devices, used for healthcare patient monitoring, which contain a backdoor. This backdoor secretly sends patient data to a remote address and can download and execute files on the device. A researcher's tests showed unusual network traffic linked to a hard-coded external IP address associated with a Chinese university. The devices send patient data and can be taken over remotely, without any logging to inform administrators. The backdoor still exists in recent firmware updates. Healthcare entities are urged to disconnect these devices from their networks and to check for any signs of tampering.

Web skimming campaign affects Casio's UK site

A web skimming campaign affected 17 websites, including Casio's UK site. These infections arose from flaws in Magento or similar platforms. The skimmer used a double-entry web skimming attack, loading a script from a Russian provider to target the cart page and capture sensitive user data via a fake payment form. The attack had a two-stage skimmer, with an unobfuscated loader injecting a more complex one, and the stolen data was encrypted before being sent out. Casio's ineffective Content Security Policy contributed to the attack's success.

Top Vulnerabilities Reported in the Last 24 Hours`

Mediatek patches multiple flaws

MediaTek's February 2025 Product Security Bulletin highlights critical security flaws in chipsets used for smartphones and tablets. Key issues include three serious flaws in the WLAN AP driver that allow remote code execution without user interaction. Other flaws affect various drivers and modems. MediaTek coordinated with device makers to release security patches. Users must update their devices soon to fix these security risks. The full bulletin with details about affected chipsets is available on MediaTek's website.

Critical bug impacts Apple’s macOS kernel

A new race condition in Apple’s macOS kernel, tracked as CVE-2025-24118, lets hackers escalate privileges and execute code at the kernel level. This critical flaw was patched in macOS Sonoma 14.7.3, macOS Sequoia 15.3, and iPadOS 17.7.4. It occurs due to a concurrency issue with thread credentials and unsafe memory updates, enabling unauthorized changes to credential pointers. Unprivileged hackers can exploit this through a multi-threaded attack. Apple resolved this by improving memory management and enforcing atomic updates for credential pointers.