According to C3N, Europol received a disinfection solution from Sekoia, which sinkholed a command-and-control (C&C) server for a widely distributed PlugX variant in April. At the time, Sekoia suggested using the C&C server to push a custom PlugX plugin to infected devices to issue a self-deletion command that removes the infection. However, due to potential legal ramifications related to sending commands to computers not owned by the company, Sekoia instead chose to share the solution with law enforcement.

The disinfection operation began on July 18, 2024, and is expected to continue for several months.

Sophisticated phishing kit leverages AI to help criminals target Spanish users

The bundle has everything a cybercriminal needs to get into the world of financial crime. The Android malware that comes in the bundled version adds features for stealing SMS one-time-passwords (OTP) and other data from the device, which could help the attackers steal funds from victims.

A notable element of the kit is the AI-powered voice phishing feature, which can be used to make voice calls to intended victims. The calls are made to appear they are coming from banks and are based on prompts by the cybercriminal, who will instruct the kit to make voice calls to victims asking them to perform various actions such as providing two-factor authentication codes or other activities that may be required by the cybercriminal.

WhatsApp for Windows bug lets Python, PHP scripts execute with no warning

A vulnerability in the latest version of WhatsApp for Windows allows Python and PHP attachments to be executed without any warning when the recipient opens them.

As Python needs to be installed for an attack to be successful, targets for such attacks are likely limited to software developers, researchers, and power users.

When contacted about the issue, WhatsApp told BleepingComputer that it does not plan to add Python to the blocked files list.

PyPi-hosted malicious package used in highly targeted attacks against macOS users

The attack uses a fake Python package named “lr-utils-lib” which was uploaded to the official Python repository PyPi in June 2024. The fake library was said to be downloaded a total of 61 times before it was finally removed from PyPi.

PKFail: Millions of devices vulnerable to Secure Boot bypass issue

UEFI products from multiple vendors are susceptible to compromise due to a critical firmware supply-chain issue dubbed PKfail, which allows attackers to bypass Secure Boot and install malware.

The issue affects millions of Intel and ARM microprocessor-based computing systems due to them sharing a previously leaked cryptographic key used in the device startup process.

“This compromises the entire security chain, from firmware to the operating system,