phishing3 articles
Meet Atlas RAT: The Chinese Cybercrime Group Now Targeting Europe
A Chinese-speaking cybercrime group known as TA4922 has expanded its operations into Europe, targeting organisations in Germany, Italy, the UK, and South Africa using newly documented malware including the Atlas RAT backdoor. The group employs localised phishing lures mimicking payroll notices, tax filings, and government communications, and has dramatically increased its activity since March 2026, conducting more unique campaigns than any other tracked cybercrime actor. Researchers at Proofpoint note that the malware's surveillance capabilities — including keylogging, screen capture, and webcam recording — could potentially be sold to or leveraged by espionage groups.
Kali365 Phishing Kit Graduates From Microsoft Nuisance to Multi-Platform Menace
Kali365, a phishing-as-a-service platform previously flagged by the FBI for bypassing Microsoft 365 MFA, has significantly expanded its targets to include AWS, Okta, Xerox DocuShare, and major Russian platforms such as MAX Messenger, Mail.ru, and Yandex. The platform exploits **device code phishing**, abusing OAuth 2.0 authentication workflows to capture access tokens after tricking victims into completing login steps on behalf of attackers — rendering MFA ineffective as a defence. Security researchers at Arctic Wolf identified 126 active malicious hosts in May 2026, highlighting Kali365's growing scale and the broader surge in device code phishing kits, of which at least 14 are now available to threat actors.
Drainer-as-a-Service: How Crypto Wallet Theft Became a Subscription Business
Crypto drainers have evolved into sophisticated "Drainer-as-a-Service" (DaaS) platforms, where operators maintain the technical infrastructure while affiliates drive victims to fake crypto or DeFi websites, tricking them into approving malicious wallet transactions that instantly transfer their assets. An analysis of the "Lucifer DaaS" operation reveals it functions much like a legitimate SaaS business, complete with software updates, affiliate commissions, automated deployment tools, and operational resilience strategies such as migrating to decentralized hosting after takedowns. Users can protect themselves by being cautious of unsolicited wallet connection requests, unexpected approval prompts, urgent claims, and suspicious links received via social media or messaging platforms.