Jérôme Segura
LightNews LightNews
banner
Jérôme Segura
@jeromesegura.com
130 followers 92 following 67 posts
Security researcher with a special interest for web threats.
Posts Replies Media Videos
Reposted by Jérôme Segura
hi.ls
mitmproxy 12 is out! 🚀 It’s now possible to modify the prettified representation of binary protocols. Editing Protobufs is now as easy as editing YAML, no .proto schema needed. 🙌

mitmproxy.org/posts/releas...
Mitmproxy 12: Interactive Contentviews
mitmproxy.org
April 29, 2025 at 9:23 PM
Reposted by Jérôme Segura
malware-traffic-analysis.net
2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the "ClickFix" style instructions trying to convince viewers to infect their computers with malware. Saw #StealC from an infection today. Indicators at github.com/malware-traf...
Step 1: Search for bsc-dataseed.binance[.]org on URLscan (urlscan.io). You can sign up for a URLscan account for free. The search results should contain pages from legitimate sites that have been compromised for this campaign. Step 2: Try one of the sites you found on the URLscan search in a web browser. It should return a fake CAPTCHA page, with a box to check/click. You have to click the box twice. It then shows instructions on how to copy and run script that's been injected into the viewer's clipboard. Note: Make sure you do this in a controlled lab environment on a Windows host specifically used for testing malware. Don't try this on your regular Windows computer! Step 3: Run the script to infect a Windows host. To emphasize once again, this should be done in a controlled lab environment. This image shows network traffic from an infection filtered in Wireshark and it shows C2 traffic from the StealC infection.
April 22, 2025 at 9:20 PM
Crooks doing quality control the hard way 😂

console.log("!!!WORKING!!!")

#skimming #ecommerce
April 12, 2025 at 3:46 AM
Reposted by Jérôme Segura
ericlawrence.com
“Attack techniques so stupid, they can’t possibly succeed… except they do!”,

The Unwitting Accomplice
textslashplain.com/2024/06/04/a...
Attack Techniques: Trojaned Clipboard
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. The attacking website convinces the victim user …
textslashplain.com
April 8, 2025 at 3:59 PM
Reposted by Jérôme Segura
ericlawrence.com
Understanding (and debugging) SmartScreen/Network Protection

textslashplain.com/2025/04/07/u...
Understanding SmartScreen and Network Protection
The vast majority of cyberthreats arrive via one of two related sources: That means that combining network-level sensors and throttles with threat intelligence (which sites deliver attacks), securi…
textslashplain.com
April 7, 2025 at 6:20 PM
Reposted by Jérôme Segura
squiblydoo.bsky.social
Fake PuTTy, signed "Eptins Enterprises Llp"

Sets scheduled task "Security Updater" and checks into IP address: 185.196.10.127

Triage: tria.ge/250401-wnbad...

www.virustotal.com/gui/file/7ca...

@jeromesegura.com
April 1, 2025 at 6:58 PM
If you manage #wordpress sites using #managewp, watch out for this #phishing campaign via #googleads.

-> menagewp[.]com (ad URL and redirect)

-> orion[.]manaqewp[.]com (phishing page)
March 24, 2025 at 10:36 PM
Reposted by Jérôme Segura
helpnetsecurity.com
Malicious ads target Semrush users to steal Google account credentials

📖 Read more: www.helpnetsecurity.com/2025/03/21/m...

#cybersecurity #cybersecuritynews #accountcredentials #SEO @malwarebytes.com @jeromesegura.com @semrushofficial.bsky.social
Malicious ads target Semrush users to steal Google account credentials - Help Net Security
Cyber crooks are exploiting users' interest in Semrush, a popular SEO and market research SaaS platform, to steal Google account credentials.
www.helpnetsecurity.com
March 21, 2025 at 12:58 PM
Scammers are happily abusing multiple platforms at once thanks to lack of controls.

Who's going to protect users here? Google? Facebook?
March 11, 2025 at 5:50 PM
PayPal’s “no-code checkout” abused by scammers

www.malwarebytes.com/blog/scams/2...

#malvertising #techsupportscams
February 28, 2025 at 2:45 AM
SecTopRAT bundled in Chrome installer distributed via Google Ads

📖
www.malwarebytes.com/blog/news/20...

⚠️
sites[.]google[.]com/view/gfbtechd/
chrome[.]browser[.]com[.]de/GoogleChrome.exe

#malvertising #SecTopRAT
February 20, 2025 at 9:51 PM
If you are a developer and use #homebrew, beware of this fraudulent ad on Google.

⚠️
Fake site: brewsh[.]org
Malicious curl command: hxxps[://]raw[.]brewsh[.]org/Homebrew/install/HEAD/install[.]sh
Atomic Stealer (AMOS): www.virustotal.com/gui/file/389...
⚠️

#malvertising #atomicstealer
February 8, 2025 at 3:26 AM
ClickFix vs. traditional download in new DarkGate campaign

www.malwarebytes.com/blog/news/20...

#ClickFix #malvertising
ClickFix vs. traditional download in new DarkGate campaign
Social engineering methods are being put to the test to distribute malware.
www.malwarebytes.com
January 31, 2025 at 11:46 PM
Microsoft advertisers phished via malicious Google ads

www.malwarebytes.com/blog/news/20...

#malvertising #googleads #microsoft #bing
Microsoft advertisers phished via malicious Google ads
Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft...
www.malwarebytes.com
January 30, 2025 at 4:13 PM
Imagine for a moment that Google allowed a sponsored link to a phishing site for Google ads...

www.malwarebytes.com/blog/news/20...

#GoogleSearch #GoogleAds #malvertising #phishing
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.
www.malwarebytes.com
January 15, 2025 at 1:55 PM
Malicious Google ad for Virtuals Protocol

⚠️ virtnals[.]com

#malvertising
December 28, 2024 at 12:20 AM
Malicious Google ad for Aerodrome Finance

⚠️ aeroclrome[.]finance

#malvertising
December 27, 2024 at 10:47 PM
Malicious Google ad for #Freecad

⚠️
freecad3dmodeling[.]com
freecad3d-download[.]com
hxxps[://]3d-digitals[.]org/downloads/guthub/FreeCAD_Setup_2[.]0[.]74_win_x64[.]zip

#malvertising
December 22, 2024 at 12:43 AM
‘Fix It’ social-engineering scheme impersonates several brands

www.malwarebytes.com/blog/news/20...
December 19, 2024 at 10:35 PM
Malicious Google ad for Netflix

⚠️ +1[-]877[-]906[-]4471

#malvertising
December 18, 2024 at 8:36 PM
Malicious Google ad for onshape 3D

⚠️
onshapeservices[.]com

#malvertising
December 18, 2024 at 8:34 PM
Malicious Google ad for Freecad

⚠️
freecad3design[.]com

#malvertising
December 17, 2024 at 6:09 PM
Malicious Google ad for Rhino 3D

⚠️
rhino3ddev[.]net

#malvertising
December 17, 2024 at 6:07 PM
Malicious Google ad for m⁣y⁣N⁣Y⁣LG⁣B⁣S⁣⁣

⚠️
bluehome[.]uk
essnewyorkplatform[.]com

#malvertising
December 17, 2024 at 5:01 PM
Malicious Google ad for PayPal

⚠️
hxxps[:]//repairsexpert[.]online/services/

#malvertising
December 16, 2024 at 11:11 PM