#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Credential Stealing | Breaking Cybersecurity News | The Hacker News

Category — Credential Stealing
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Sep 11, 2025 Malvertising / Browser Security
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender , is designed to push fake " Meta Verified " browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads have been observed serving the extension in question. "The malicious ads are bundled with a video tutorial that guides viewers through the process of downloading and installing a so-called browser extension, which claims to unlock the blue verification tick on Facebook or other special features," the Romanian cybersecurity vendor said. But, in reality, the extension – which is hosted on a legitimate cloud service called Box -- is capable of collecting session cookies from Facebook and sending them to a Telegram bot controlled by the attackers. It's also equipped to ...
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Apr 11, 2025 Malware / Vulnerability
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul . The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations. Attack chains mounted by the threat actor have also been observed incorporating a disruptive component, wherein the intrusions go beyond distributing malware for espionage purposes to also change passwords belonging to employee accounts. The attacks themselves are initiated via phishing emails that contain a macro-laced lure document, which, upon opening and enabling macros, paves the way for th...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>