Jérôme Segura @jeromesegura.com

Also, this seems like a small feature but much appreciated:

30.04.2025 04:24 — 👍 3 🔁 1 💬 0 📌 0

Mitmproxy 12: Interactive Contentviews

mitmproxy 12 is out! 🚀 It’s now possible to modify the prettified representation of binary protocols. Editing Protobufs is now as easy as editing YAML, no .proto schema needed. 🙌

mitmproxy.org/posts/releas...

29.04.2025 21:23 — 👍 9 🔁 7 💬 2 📌 0

Step 1: Search for bsc-dataseed.binance[.]org on URLscan (urlscan.io). You can sign up for a URLscan account for free. The search results should contain pages from legitimate sites that have been compromised for this campaign.

Step 2: Try one of the sites you found on the URLscan search in a web browser. It should return a fake CAPTCHA page, with a box to check/click. You have to click the box twice. It then shows instructions on how to copy and run script that's been injected into the viewer's clipboard. Note: Make sure you do this in a controlled lab environment on a Windows host specifically used for testing malware. Don't try this on your regular Windows computer!

Step 3: Run the script to infect a Windows host. To emphasize once again, this should be done in a controlled lab environment. This image shows network traffic from an infection filtered in Wireshark and it shows C2 traffic from the StealC infection.

2025-04-22 (Tuesday): Always fun to find the fake CAPTCHA pages with the "ClickFix" style instructions trying to convince viewers to infect their computers with malware. Saw #StealC from an infection today. Indicators at github.com/malware-traf...

22.04.2025 21:20 — 👍 2 🔁 3 💬 0 📌 0

Crooks doing quality control the hard way 😂

console.log("!!!WORKING!!!")

#skimming #ecommerce

12.04.2025 03:46 — 👍 2 🔁 0 💬 0 📌 0

Attack Techniques: Trojaned Clipboard Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. The attacking website convinces the victim user …

“Attack techniques so stupid, they can’t possibly succeed… except they do!”,

The Unwitting Accomplice
textslashplain.com/2024/06/04/a...

08.04.2025 15:59 — 👍 6 🔁 2 💬 0 📌 0

Understanding SmartScreen and Network Protection The vast majority of cyberthreats arrive via one of two related sources: That means that combining network-level sensors and throttles with threat intelligence (which sites deliver attacks), securi…

Understanding (and debugging) SmartScreen/Network Protection

textslashplain.com/2025/04/07/u...

07.04.2025 18:20 — 👍 15 🔁 8 💬 1 📌 1

OSS...

01.04.2025 20:40 — 👍 0 🔁 0 💬 0 📌 0

Fake PuTTy, signed "Eptins Enterprises Llp"

Sets scheduled task "Security Updater" and checks into IP address: 185.196.10.127

Triage: tria.ge/250401-wnbad...

www.virustotal.com/gui/file/7ca...

@jeromesegura.com

01.04.2025 18:58 — 👍 0 🔁 1 💬 0 📌 0

GitHub - jeromesegura/fiddleitm: Your Swiss Army knife to analyze malicious web traffic based on mitmproxy. Your Swiss Army knife to analyze malicious web traffic based on mitmproxy. - jeromesegura/fiddleitm

I moved to mitmproxy, but I do miss certain features from Fiddler Classic. I've been working on an add-on that brings some of those back: github.com/jeromesegura...

27.03.2025 19:29 — 👍 2 🔁 0 💬 0 📌 0

Yes!

Alternatively, have you thought about existing OSS that you could fork/contribute to?

27.03.2025 19:26 — 👍 1 🔁 0 💬 0 📌 0

If you manage #wordpress sites using #managewp, watch out for this #phishing campaign via #googleads.

-> menagewp[.]com (ad URL and redirect)

-> orion[.]manaqewp[.]com (phishing page)

24.03.2025 22:36 — 👍 1 🔁 1 💬 0 📌 0

Malicious ads target Semrush users to steal Google account credentials - Help Net Security Cyber crooks are exploiting users' interest in Semrush, a popular SEO and market research SaaS platform, to steal Google account credentials.

Malicious ads target Semrush users to steal Google account credentials

📖 Read more: www.helpnetsecurity.com/2025/03/21/m...

#cybersecurity #cybersecuritynews #accountcredentials #SEO @malwarebytes.com @jeromesegura.com @semrushofficial.bsky.social

21.03.2025 12:58 — 👍 1 🔁 2 💬 0 📌 0

Scammers are happily abusing multiple platforms at once thanks to lack of controls.

Who's going to protect users here? Google? Facebook?

11.03.2025 17:49 — 👍 2 🔁 1 💬 0 📌 0

PayPal’s “no-code checkout” abused by scammers

www.malwarebytes.com/blog/scams/2...

#malvertising #techsupportscams

28.02.2025 02:45 — 👍 3 🔁 0 💬 0 📌 0

SecTopRAT bundled in Chrome installer distributed via Google Ads

📖
www.malwarebytes.com/blog/news/20...

⚠️
sites[.]google[.]com/view/gfbtechd/
chrome[.]browser[.]com[.]de/GoogleChrome.exe

#malvertising #SecTopRAT

20.02.2025 21:51 — 👍 2 🔁 0 💬 0 📌 0

If you are a developer and use #homebrew, beware of this fraudulent ad on Google.

⚠️
Fake site: brewsh[.]org
Malicious curl command: hxxps[://]raw[.]brewsh[.]org/Homebrew/install/HEAD/install[.]sh
Atomic Stealer (AMOS): www.virustotal.com/gui/file/389...
⚠️

#malvertising #atomicstealer

08.02.2025 03:26 — 👍 0 🔁 0 💬 0 📌 0

ClickFix vs. traditional download in new DarkGate campaign Social engineering methods are being put to the test to distribute malware.

ClickFix vs. traditional download in new DarkGate campaign

www.malwarebytes.com/blog/news/20...

#ClickFix #malvertising

31.01.2025 23:46 — 👍 1 🔁 0 💬 0 📌 0

Microsoft advertisers phished via malicious Google ads Just days after we uncovered a campaign targeting Google Ads accounts, a similar attack has surfaced, this time aimed at Microsoft...

Microsoft advertisers phished via malicious Google ads

www.malwarebytes.com/blog/news/20...

#malvertising #googleads #microsoft #bing

30.01.2025 16:13 — 👍 0 🔁 0 💬 0 📌 0

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads An ongoing malvertising campaign steals Google advertiser accounts via fraudulent ads for Google Ads itself.

Imagine for a moment that Google allowed a sponsored link to a phishing site for Google ads...

www.malwarebytes.com/blog/news/20...

#GoogleSearch #GoogleAds #malvertising #phishing

15.01.2025 13:55 — 👍 1 🔁 1 💬 0 📌 0

Malicious Google ad for Virtuals Protocol

⚠️ virtnals[.]com

#malvertising

28.12.2024 00:20 — 👍 0 🔁 0 💬 0 📌 0

Malicious Google ad for Aerodrome Finance

⚠️ aeroclrome[.]finance

#malvertising

27.12.2024 22:47 — 👍 1 🔁 0 💬 0 📌 0

Malicious Google ad for #Freecad

⚠️
freecad3dmodeling[.]com
freecad3d-download[.]com
hxxps[://]3d-digitals[.]org/downloads/guthub/FreeCAD_Setup_2[.]0[.]74_win_x64[.]zip

#malvertising

22.12.2024 00:43 — 👍 2 🔁 0 💬 0 📌 0