Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data
A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to have begun in earnest around February 2025. Of the 4,344 domains tied to the attack, 685 domains contain the name “Booking”, followed by 18 with “Expedia,” 13 with “Agoda,” and 12 with “Airbnb,” indicating an attempt to target all popular booking and rental platforms.
Justice Department Announces Nationwide Actions to Combat Illicit North Korean Government Revenue Generation
The Justice Department today announced five guilty pleas and more than $15 million in civil forfeiture actions against the Democratic People’s Republic of Korea (DPRK) remote information technology (IT) work and virtual currency heist schemes. The DPRK government uses both types of schemes to fund its weapons and other priorities in violation of sanctions. First, as described in court documents associated with the guilty pleas, facilitators in the United States and Ukraine assisted North Korean actors with obtaining remote IT employment with U.S. companies.
Meta must rein in scammers — or face consequences
Meta, the largest social media company in the world, knowingly makes billions from scam ads, recent reporting on the company says. According to internal documents revealed by Reuters, users of Facebook, Instagram, and WhatsApp see 15 billion ads a day promoting scams, from fake Trump stimulus checks to deepfakes of Elon Musk hawking cryptocurrency. The company reportedly knows this; Reuters said that its own trust and safety team estimated that one-third of scams in the US involved a Meta platform. So why hasn’t Meta done more? Perhaps because these ads are apparently highly profitable, to the tune of $7 billion US or more a year.
DanaBot malware is back to infecting Windows after 6-month break
The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. According to security researchers at Zscaler ThreatLabz, there is a new variant of DanaBot, version 669, that has a command-and-control (C2) infrastructure using Tor domains (.onion) and “backconnect” nodes. Zscaler also identified and listed several cryptocurrency addresses that threat actors are using to receive stolen funds, in BTC, ETH, LTC, and TRX.
AI-Powered Stuffed Animal Pulled From Market After Disturbing Interactions With Children
Children’s toymaker FoloToy says it’s pulling its AI-powered teddy bear “Kumma” after a safety group found that the cuddly companion was giving wildly inappropriate and even dangerous responses, including tips on how to find and light matches, and detailed explanations about sexual kinks. “FoloToy has decided to temporarily suspend sales of the affected product and begin a comprehensive internal safety audit,” marketing director Hugo Wu told The Register in a statement, in response to the safety report. “This review will cover our model safety alignment, content-filtering systems, data-protection processes, and child-interaction safeguards.”
Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information technology (IT) worker fraud in violation of international sanctions. Phagnasay, Salazar, and Travis pleaded guilty to one count of wire fraud conspiracy for knowingly allowing IT workers located outside of the U.S. to use their U.S. identities between about September 2019 and November 2022 and secure jobs at American firms. The three defendants also served as facilitators, hosting the company-issued laptops at their residences and installing remote desktop software on those machines without authorization so that the IT workers could connect to them and give the impression that they were working remotely within the U.S.
