A recent cyber threat involves a sophisticated phishing campaign that leverages browser-based media APIs to capture victims' photos, videos, and audio recordings without requiring backend servers for image exfiltration. The attackers use Telegram infrastructure for data transmission and edgeone.app domain for hosting the phishing pages. The campaign includes extensive device fingerprinting and geolocation tracking, providing detailed victim information to the operators. Additionally, there are indications of generative AI usage in script development due to observed emoji embedding within operational code. Targeted countries and impersonated brands remain globally accessible and varied, respectively, highlighting a versatile and scalable phishing kit capable of rapid URL rotation.
Read the full article at Malware Analysis, News and Indicators - Latest topics
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
