Olivia
Online
Thanks Corsin .@cocaman & Andre .@AndreGironda for great sharing on @abuse_ch Bazaar, ThreatFox & URLhaus!
This is a rather interesting #AsyncRAT campaign.
Spoofing @swisspost & @USPS as sender
CC: @SwissPost_CERT & @OIGUSPS
🧵 1/
#MalwareChallenge
Be aware of current patterns of fraud:
Swiss Post does not process payments
via post[.]ch[.]paysget[.]info.
Find out more ⬇️
https://t.co/C4u3iZZJ3G
@mylaocoon Besten Dank Candid für die Meldung!
Wir kümmern uns um die Phishing Domains.
@FrPhishing @abuse_ch Thanks for your notification. Takedown process has been initiated 2021-01-26 18:17 CET, and escalated again today.
@mylaocoon Late thanks for the headsup. Notified roughly 200 phishing sites this month mimicking Swiss Post.
https://t.co/b7WQ1Ihzpw: Time to move forward. Your help is needed ⛑️
👉 https://t.co/uy0x9KpZRg
@ninoseki Thanks as always for the notification / mention!
We also just found this blog (in German), but not sure if it's the same sample or malware.
No real IOCs, but nice screenshots and earlier waves (from Aug & May 2020) linked at the bottom as well.
https://t.co/vmBSmCSRty
@akulhanek Danke für die Meldung! (und auch noch ans CERT Team 👍)
Wir versuchen laufend solche Phishing Seiten schnell vom Netz nehmen zu können.
New blog: This year the cybercrime group #RoamingMantis has been actively targeting the European users of both #iOS and #Android devices. This post provides an insight into the rate of success in their recent advancements. https://t.co/WWKz50wxhE #Malware #Phishing @csis_cyber
@ninoseki @cybereason @CyberCSIS We're always interested to find out more about #FakeSpy campaigns involving @SwissPost impersonations.
Please mention @SwissPost_CERT to notify us.
I believe #RoamingMantis is a name of a campaign (which is named by Kaspersky GReAT). It is not a group.
But recently I saw some reports which use #RoamingMantis as a name of a group.
e.g.
https://t.co/XgVlrqOJNS
(by @cybereason)
https://t.co/o7y8Kt6yka
(by @CyberCSIS)
CSIS researcher (and past VB conference speaker) @s_metanka looked at how the RoamingMantis Android malware is now targeting European countries too and how the same group is engaging in Apple ID phishing https://t.co/VSlaG6SicW
@papa_anniekey Thanks for the hint!
We believe there likely is a connection.
There is some great and interesting info in this #RoamingMantis presentation from @BotConf 2019
https://t.co/fgyr4orEqw
Betrüger geben sich als @postschweiz aus und versuchen Spionage App zu verteilen…
https://t.co/oJZLTFgVWF
#sicherheit #malware #phishing #malware
@midnight_comms Thanks for the heads-up!
I will take this up with @SwissPost_CERT
We've been seeing an uptick of #FakeSpy Android Malware recently.
Vorsicht vor gefälschten E-Mails im Namen der Eidgenössischen Steuerverwaltung ESTV: Beim Excel Anhang handelt es sich um Schadsoftware #guloader. Nicht öffnen!
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers