Whatsapp

The likely Russian-aligned GreyVibe group is targeting Ukrainian organizations with AI-generated lures delivered via spear-phishing and malicious websites, deploying custom malware such as PhantomRelay, LegionRelay, and FallSpy to exfiltrate sensitive data.

The TeamPCP hacking group released the source code of the Shai-Hulud worm impacting npm and PyPI, prompting European governments to seek secure messaging alternatives due to phishing risks and data sovereignty concerns, while historical analysis reveals the Fast16 malware targeted Iran's nuclear program by tampering with simulation software.

Microsoft disrupted SignSpaceCloud, a Russian cybercrime service providing code signing certificates to malware and ransomware operators, while European governments are shifting from Signal and WhatsApp due to phishing and data sovereignty risks, and the Fast16 malware targeted Iran's nuclear program.

The detection rule identifies suspicious child processes spawned from communication applications on Windows systems, potentially indicating masquerading or exploitation of vulnerabilities within these applications.

Attackers may attempt to evade defenses by masquerading malicious processes as legitimate communication applications such as Slack, WebEx, Teams, Discord, RocketChat, Mattermost, WhatsApp, Zoom, Outlook and Thunderbird.