![nsquar3's tweet photo. A new phishing campaign is abusing the Starlink brand to harvest user credentials.
starlink-nepal.vercel[.]app
@elonmusk https://t.co/ppxI419QmN](https://pbs.twimg.com/media/HK78r3eWsAAVvWB.jpg)
![nsquar3's tweet photo. A new phishing campaign is abusing the Starlink brand to harvest user credentials.
starlink-nepal.vercel[.]app
@elonmusk https://t.co/ppxI419QmN](https://pbs.twimg.com/media/HK78r3bXIAAskXo.jpg)
![nsquar3's tweet photo. Beware Of Promotion-ChatGPT[.]com
The site impersonating ChatGPT to deploy a malware through ClickFix.
URL:
promotion-chatgpt[.]com
promotion-claudes[.].com
claudescript[.]top
hxxps://www.youtube[.]com/watch?v=ubHZ-R4qVbk https://t.co/JSq62v3FMI](https://pbs.twimg.com/media/HJWuQ_vXUAElkmb.jpg)
![nsquar3's tweet photo. π¨ New Phishing Chain: SSA -> ps1 -> GitHub β RAT
Weβre tracking multiple active campaign abusing a βSocial Securityβ theme to deliver malware developed in Golang.
Analysis (https://t.co/hWQiOm05VK):
hxxps://app.any[.]run/tasks/5e9cc1e8-6094-436b-871e-80154bf28f1b https://t.co/siRScjdFCh](https://pbs.twimg.com/media/HGePJTkX0AAR3ba.jpg)
![nsquar3's tweet photo. π¨ New Phishing Chain: SSA -> ps1 -> GitHub β RAT
Weβre tracking multiple active campaign abusing a βSocial Securityβ theme to deliver malware developed in Golang.
Analysis (https://t.co/hWQiOm05VK):
hxxps://app.any[.]run/tasks/5e9cc1e8-6094-436b-871e-80154bf28f1b https://t.co/siRScjdFCh](https://pbs.twimg.com/media/HGePH75WUAItS6H.jpg)
Olivia
Online
nsquar3
@nsquar3
Malware Researcher, Reverser and coder.
Joined October 2020
125 Following
15 Followers
30 Posts
@Dixit_404 @ElementalX2 @smica83 @AndreGironda @skocherhan @Cyberdost @IncomeTaxIndia @IndianCERT Nice write up. I saw similar campaign but deliver different payload.
https://t.co/pOVRojb9yI
China-Nexus APT Targets India with Fake Tax Assessment Campaign Using DLL Hijacking
Attack chain:
π§ Phishing Email β π PDF β π Fake Tax Portal β π¦ ZIP β π½ VHDX β βοΈ DLL Hijacking β π§ ValleyRat
π https://t.co/pOVRojb9yI
What are the chances? π
While analyzing a Discord stealer today, I found a screenshot of the threat actor's desktop... scanning https://t.co/qIh5AhwKqE.
As a Drexel alum, I definitely wasn't expecting to see my old university during malware hunting.
A new phishing campaign is abusing the Starlink brand to harvest user credentials.
starlink-nepal.vercel[.]app
@elonmusk
![nsquar3's tweet photo. A new phishing campaign is abusing the Starlink brand to harvest user credentials.
starlink-nepal.vercel[.]app
@elonmusk https://t.co/ppxI419QmN](https://pbs.twimg.com/media/HK78r3hXkAA8TVh.jpg)
https:// friendlygamelink[.]com/
phish using Canada Revenue Agency (CRA) theme.
A legitimate, signed RMM application.
Full remote access for the attacker.
Is This URL Malicious?
https:// login.microsoftonline[.]com/common/oauth2/v2.0/authorize?state=%7bRECIPIENT_BASE64_EMAIL%7d&scope=openid&prompt=none&client_id=952a8d0d-0053-4672-953e-d20a6abc4a3a
How much is a victim worth? $1.
Cybercriminal advertising 100 ScreenConnect victims for $100.
We're seeing IRS and Social Security-themed phishing campaigns deliver remote access tools daily. Thousands have already fallen victim.
#CyberSecurity #ThreatIntelligence #CyberCrime
Microsoft is moving toward a passwordless future.
We've spent years focusing on stolen passwords, and cookies.
Game over for phishers?
Not quite. Attackers are already shifting toward authentication artifacts created after login, including Cloud Kerberos authentication data.
Kali365 Panel
sfn.letsrockscgx02[.]net/login
g78w4chwjn.completecallsolution[.]com
![nsquar3's tweet photo. Kali365 Panel
sfn.letsrockscgx02[.]net/login
g78w4chwjn.completecallsolution[.]com https://t.co/dYznuYb8r5](https://pbs.twimg.com/media/HJ0jcVnWUAAWwOt.jpg)
Beware Of Promotion-ChatGPT[.]com
The site impersonating ChatGPT to deploy a malware through ClickFix.
URL:
promotion-chatgpt[.]com
promotion-claudes[.].com
claudescript[.]top
hxxps://www.youtube[.]com/watch?v=ubHZ-R4qVbk
![nsquar3's tweet photo. Beware Of Promotion-ChatGPT[.]com
The site impersonating ChatGPT to deploy a malware through ClickFix.
URL:
promotion-chatgpt[.]com
promotion-claudes[.].com
claudescript[.]top
hxxps://www.youtube[.]com/watch?v=ubHZ-R4qVbk https://t.co/JSq62v3FMI](https://pbs.twimg.com/media/HJWuTY2W4AEiy_N.jpg)
Using ChatGPT to write a malware decryptor in 5 seconds
Over 400 users across Indian universities were impacted by a phishing campaign focused on session hijacking, not just credentials.
Impacted:
@Vijaybhoomi_Uni β 34
@JAGSOMblr β 31
@IFIM β 17
@PresidencyUni β 26
Modern phishing enables persistent access without passwords
Shadow Syndicate C2 Command Center
transcendent-yeot-3b164d.netlify[.]app
![nsquar3's tweet photo. Shadow Syndicate C2 Command Center
transcendent-yeot-3b164d.netlify[.]app https://t.co/GawAAnPN3N](https://pbs.twimg.com/media/HGnOxqtXgAAYgaO.jpg)
URLs:
sslinkdoc[.]top
privlink1[.]top
constructionaltg[.]com
salinkme[.]top
hxxps://github[.]com/lemay679 hxxps://github[.].com/RobertAsh-arc hxxps://github[.]com/Oladaddy1
π¨ New Phishing Chain: SSA -> ps1 -> GitHub β RAT
Weβre tracking multiple active campaign abusing a βSocial Securityβ theme to deliver malware developed in Golang.
Analysis (https://t.co/hWQiOm05VK):
hxxps://app.any[.]run/tasks/5e9cc1e8-6094-436b-871e-80154bf28f1b
![nsquar3's tweet photo. π¨ New Phishing Chain: SSA -> ps1 -> GitHub β RAT
Weβre tracking multiple active campaign abusing a βSocial Securityβ theme to deliver malware developed in Golang.
Analysis (https://t.co/hWQiOm05VK):
hxxps://app.any[.]run/tasks/5e9cc1e8-6094-436b-871e-80154bf28f1b https://t.co/siRScjdFCh](https://pbs.twimg.com/media/HGePK6hXUAA4kXS.jpg)
Yesterday, we observed cybercriminals targeting religious organizations in a phishing campaign. If you are on the web, you will be a target.
Weβre seeing campaigns use GraphQL to capture credentials and validate them in real timeβno traditional form posts, no obvious endpoints. Fronted by Cloudflare to blend in.
Not Evilginxβsame result.
https://t.co/iMP5a5lRIN
#phishing #cybersecurity #threatintel
β οΈ Phishing Alert: Fake @NavyFederal pages are targeting seniors, show a fake check to build trust and steal sensitive data.
Verify before you act.
#Phishing #CyberSecurity #ScamAlert
π¨ Beware of a New Instagram Impersonation Scam
Scammers copy photos from public profiles, create look-alike accounts (often adding β_β), and message friends or family asking for moneyβusing the correct local currency to appear real.
Last Seen Users on Sotwe
kisho96
Seen from Algeria
ericko lim201
Seen from Indonesia
pamer....bojone wonh
Seen from Indonesia
snoopy 
Seen from Thailand
PStw99
Seen from Indonesia
sinh viΓͺn mα»i lα»nππ
Seen from Vietnam
an an
Seen from Vietnam
ΨΉΩΨΉΩέͺΩΫ
Ω
π²π¦howay marocain π²π¦
Seen from Singapore
resort3232
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers