#social-engineering

#social-engineering

"I started to create videos about cryptocurrency and launch my own exchange on cryptocurrency," the Durham, North Carolina, resident said.

The campaign spreads the Odyssey Stealer and AMOS (Atomic macOS Stealer) malware families. Both families focus on stealing system information, browser data, and crypto wallet login details. The attacks are carefully designed to exploit developers' trust. The fake Homebrew and TradingView sites display seemingly legitimate download portals with buttons such as Copy command. When a user clicks the button, a hidden, base64-encoded Terminal command is copied to the clipboard.

Cybersecurity Researcher Jeremiah Fowler discovered a database that lacked password protection as well as encryption, exposing 85,361 files (158 GB in total). The records included invoices, claims, and emails that contained policy holder names, addresses, phone numbers, email addresses, and other personally identifiable information (PII). The personal information of pets were also exposed, including their names, ages, breeds, medical histories, microchip numbers, and more.

The attack chains, per the cybersecurity company, leverage ZIP archives containing decoy PDF documents along with malicious shortcut (LNK) or executable files that are masked as PDF to trick users into opening them. When launched, the LNK file runs an embedded PowerShell script that reaches out to an external server to download a lure document, a PDF for a marketing job at Marriott.

Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior trips." Some of the other territories targeted by the threat actors include Singapore, Malaysia, Canada, South Africa, and the U.K. The campaigns, it added, specifically focused on elderly people looking for social activities, trips, in-person meetings, and similar events. These Facebook groups have been found to share artificial intelligence (AI)-generated content, claiming to organize various activities for seniors.

FileFix is a variation on ClickFix, a newish type of social-engineering technique first spotted last year that tricks victims into running malware on their own devices using fake fixes and login prompts. These types of attacks have surged by 517 percent in the past six months, according to researchers at antivirus and internet security software vendor ESET, making them second most common attack vector behind phishing.

Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking employees into starting the conversation. What follows are weeks of professional, credible exchanges, often sealed with fake NDAs, before delivering a weaponized ZIP file carrying MixShell, a stealthy in-memory malware.