Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In

Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!


Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.


iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme.

By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data.

However, Apple offers some methods that facilitate sending and receiving very limited data between applications.

One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like facetime://, whatsapp://, fb-messenger://.

For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication.

In the background, that e-commerce app actually triggers the URL Scheme for the Facebook app (fb://) and passes some context information required to process your login.

Researchers at Trend Micro noticed that since Apple does not explicitly define which app can use what keywords for their Custom URL Scheme, multiple apps on an iOS device can use single URL Scheme—which eventually could trigger and pass sensitive data to a completely different app unexpectedly or maliciously.
To demonstrate this, researchers illustrated an attack scenario, as shown in the image above, using an example of a Chinese retailer app "Suning" and its implementation of "Login with WeChat" feature, explaining how it is susceptible to hacking.   In Short, when the Suning app users choose to access their e-commerce account using WeChat, it generates a login-request and sends it to the WeChat app installed on the same device using the iOS URL Scheme for the messaging app. WeChat app then requests a secret login token from its server and sends it back to the Suning app for authentication.

Researchers found that since Suning always uses the same login-request query to request the secret token and WeChat does not authenticate the source of the login request, the implementation is vulnerable to the app-in-the-middle attack via the iOS URL Scheme, eventually allowing attackers gain unauthorized access to users' accounts.
That means, a malicious app with the same Custom URL Scheme as a targeted application can trick other apps into sharing users' sensitive data with it or can perform unauthorized actions, potentially resulting in the loss of privacy, bill fraud, or exposure to pop-up ads.
Since the exploitability of this vulnerability totally depends upon the way a URL Scheme has been implemented, app developers and popular platforms are recommended to review their apps and validate fix for untrusted requests.



Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

<!> Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram <!> If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again.

Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts.

Dubbed "Media File Jacking," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device.

WhatsApp and Telegram allow users to choose if they want to save all incoming multimedia files on internal or external storage of their device.

However, WhatsApp for Android by default automatically stores media files in the external storage, while Telegram for Android uses internal storage to store users files that are not accessible to any other app.

But, many Telegram users manually change this setting to external storage, using "Save to Gallery" option in the settings, when they want to re-share received media files with their friends using other communication apps like Gmail, Facebook Messenger or WhatsApp.

It should be noted that the attack is not just limited to WhatsApp and Telegram, and affects the functionality and privacy of many other Android apps as well. Just like man-in-the-disk attacks, a malicious app installed on a recipient's device can intercept and manipulate media files, such as private photos, documents, or videos, sent between users through the device's external storage—all without the recipients' knowledge and in real-time.     Researchers illustrated and demonstrated four attack scenarios, as explained below, where a malware app can instantaneously analyze and manipulate incoming files, leading to:
  1.) Image manipulation In this attack scenario, a seemingly innocent-looking, but actually malicious, app downloaded by a user can run in the background to perform a Media File Jacking attack while the victim uses WhatsApp and "manipulate personal photos in near-real-time and without the victim knowing."   2.) Payment manipulation In this scenario, which researchers call "one of the most damaging Media File Jacking attacks," a malicious actor can manipulate an invoice sent by a vendor to customers to trick them into making a payment to an account controlled by the attacker.
  3.) Audio message spoofing In this attack scenario, attackers can exploit the relations of trust between employees in an organization. They can use voice reconstruction via deep learning technology to alter an original audio message for their personal gain or to wreak havoc.
  4.) Spread fake news In Telegram, admins use the concept of "channels" in order to broadcast messages to an unlimited number of subscribers who consume the published content. Using Media File Jacking attacks, an attacker can change the media files that appear in a trusted channel feed in real-time to spread fake news.
  How to Prevent Hackers from Hijacking Your Android Files ?
Symantec already notified Telegram and Facebook/WhatsApp about the Media File Jacking attacks, but it believes the issue will be addressed by Google with its upcoming Android Q update.

Android Q includes a new privacy feature called Scoped Storage that changes the way apps access files on a device's external storage.

Scoped Storage gives each app an isolated storage sandbox into the device external storage where no other app can directly access data saved by other apps on your device.

Until then, users can mitigate the risk of such attacks by disabling the feature responsible for saving media files to the device's external storage. To do so, Android users can head on to:
  WhatsApp: Settings → Chats → Turn the toggle off for 'Media Visibility' Telegram: Settings → Chat Settings → Disable the toggle for 'Save to Gallery'



Hackers Stole $32 Million Worth Cryptocurrency Assets from Bitpoint Cryptocurrency Exchange

Hackers Stole $32 Million Worth Cryptocurrency Assets from Bitpoint Cryptocurrency Exchange The hackers stole 3.5 billion yen ( $32 million) worth funds in five cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereal. The exchange noted that out of the stolen 3.5 billion yen ($32 million), 2.5 billion yen ($23 million) were customer funds, while the rest were reserve funds owned by the exchange. Attackers breached the Japan-based cryptocurrency exchange Bitcoin and stole over $32 million worth of cryptocurrency assets. The big picture RemixPoint, the legal entity behind Bitpoint, said that hackers breached the Bitpoint exchange network on July 11, 2019, and stole funds from both of its ‘hot’ and ‘cold’ wallets. Hot wallets are used to store funds for current transactions, while the cold wallets are used for storing emergency and long-term funds. Bitpoint detected the hack after it experienced errors while remitting Ripple funds to customers. Soon the exchange realized that funds from cryptocurrency wallets on its platform have been stolen. The cryptocurrency exchange then held a meeting with its management and shut down the platform. It suspended all the transactions including all deposits and withdrawals. The exchange also notified the law enforcement authorities about the incident. “Today, we have stopped the remittance (sending) and receiving (depositing) services from 6:30, but we will stop all services including transactions and sending and receiving from around 10:30. We apologize for the great inconvenience to our customers, but we appreciate your understanding and cooperation,” Bitpoint said in a notice posted on its website. What was stolen? The hacker stole 3.5 billion yen ( $32 million) worth funds in five cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereal. Bitpoint noted that out of the stolen 3.5 billion yen ($32 million), 2.5 billion yen ($23 million) were customer funds, while the rest were reserve funds owned by the exchange.



What's Termux ?

Termux is an android terminal emulator, it allows each owner of an android to enjoy a linux terminal without having to root his phone. You can download it on the PlayStore :
Warning If you do not root your phone you will not be able to modify your phone, because the application installs you in the directory of the application in / DATA
If you try to go to the root of your phone access will not be allowed
               However it allows you to emulate a terminal and be able to launch applications, and guess what?
Your favorite app is already available for your phone     You can get nmap by the official packages pkg install nmap So you understand where I'm coming from? So you can use your scripts on your phone!
Many repository github contains scripts specifically designed for using Termux in cybersecurity at the first use time please update your termux using : pkg update && pkg upgrade
apt update like linux You can install package like :

  Discover in our next video youtube installation and use of termux when using pentest.



Cybercriminals target pizza delivery website to concoct personalized spam campaigns

Cybercriminals target pizza delivery website to concoct personalized spam campaigns   The scammers used the website’s content in order to create tailor-made spam campaigns. In one instance, the attackers promoted Xenical, a prescription drug used to treat obesity. A pizza delivery website has become the latest target of cyberattackers as it was exploited to deliver personalized spam campaigns. This compromised website was first discovered by Sucuri researchers who it using an older version of WordPress. The attackers exploited the website content in order to devise personalized spams. In one instance, they also promoted Xenical, a prescription medication meant for treating obesity. The big picture The attackers advertised Xenical in a message filled with hyperlinks on the homepage of the compromised pizza delivery site. The message begins by mentioning pizza as one of the food products responsible for obesity and then trails with information on Xenical and its availability on a site known as ‘DietXPills’. It also impersonated the pizza company. Sucuri researchers identified that the server shared by the ‘DietXPills’ website was also used by 46 other sites that allegedly sold medications without prescription. The message content, which was not encoded, was present in a PHP file of the WordPress-based site. In addition, a malicious WordPress user profile was discovered which was subsequently removed by Sucuri researchers. Worth noting The researchers uncovered that the pizza delivery site used an older version of WordPress. “When we received this case, the website had been using outdated software: WordPress version 4.9.6. The most plausible explanation for how the hacker gained access to the site, is that they leveraged the vulnerability to plant their spam content,” they said in the blog. “We encourage website owners to keep everything in the website up to date, be it plugins, themes, or CMS installations,” advised the researchers



Fake JQuery Campaign On the Rise For Ad Fraud And Malvertising

Fake JQuery Campaign For Ad Fraud Some malware campaigns seemingly never stop, rather they keep coming back again and again to prey on users. One such malware campaign involving fake jQuery has returned. This fake jQuery campaign now runs for ad fraud schemes and malvertising. Fake JQuery Campaign For Ad Fraud Researchers from Malwarebytes have spotted another fake jQuery campaign in the wild. The fake jQuery campaign that dates back to 2016, has once again gained momentum. Nonetheless, this time, the campaign aims at malvertising and ad fraud. Elaborating on their findings in a blog post, the researchers stated that the payload here focuses at monetizing through ads. The matter caught the attention of Malwarebytes after another researcher with alias ‘Placebo’ highlighted it in his tweet. By searching the domains mentioned in this tweet on PublicWWW, the researchers could find thousands of domains infected with malicious script. When LHN attempted to cross-check this claim, we could also see at least over 1000 domains running the scripts for every domain listed by Placebo. The least results were found for “lib0[.]org” only, which were made up of a few hundred. Digging further into the matter further Malwarebytes to establish that the fake jQuery domains basically redirect to other websites. They could see “12js.org” redirecting to financeleader[.]co, to which other fake domains also redirect. However, if someone tries to directly visit the malicious website “financeleader[.]co”, the user will not succeed. The link redirects to Google.com, as Malwarebytes explained and LHN can verify. Even if a visitor reaches the malicious domain with special identifiers via desktop, the user would only see a bogus website when on a US IP address. With a non-US IP address, the link would redirect to a site advertising VPNs. This depicts some kind of geotargeting behind this campaign. Upon further research, they could also see another domain “afflink[.]org”, besides “financeleader[.]org”, as redirect link. Mobile Phone Users Are Main Targets According to Malwarebytes, the main target of this campaign seems mobile phone users. Where the payload will display full-screen ads on devices at regular intervals. Explaining about this behavior, the researchers stated, In one case, when visiting the site on an Android phone, the researchers could see a malicious adult app asking for download. Upon analysis, this malicious app was found to generate full-screen ads at intervals. While the researchers could not precisely determine the scale of this malware campaign for now, they fear that it will trigger massive ad fraud. Mobile phone users must stay vigilant when browsing different sites and downloading apps. Moreover, they will benefit from using a robust antimalware app running on their devices. Let us know your thoughts in the comments.



Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.

WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

The Wi-Fi Protected Access III (WPA3) protocol was launched in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecureand found vulnerable to KRACK (Key Reinstallation Attack).

Though WPA3 relies on a more secure handshake, known as Dragonfly, that aims to protect Wi-Fi networks against offline dictionary attacks, security researchers Mathy Vanhoef and Eyal Ronen found weaknesses in the early implementation of WPA3-Personal, allowing an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks.
  "Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on," the researchers say.   Vulnerabilities in WPA3 — Hacking WiFi Password
In a research paper, dubbed DragonBlood, published today, researchers detailed two types of design flaws in WPA3—first leads to downgrade attacks and second to side-channel leaks.

Also Read: How to Hack WiFi Password Easily Using New Attack On WPA/WPA2.

Since the 15-year-old WPA2 protocol has been widely used by billions of devices, widespread adoption of WPA3 won't happen overnight. To support old devices, WPA3 Certified devices offer a "transitional mode of operation" that can be configured to accept connections using both WPA3-SAE and WPA2.

Researchers find that the transitional mode is vulnerable to downgrade attacks, which attackers can abuse to set up a rogue AP that only supports WPA2, forcing WPA3-supported devices to connect using insecure WPA2's 4-way handshake.
  "We also discovered a downgrade attack against SAE [Simultaneous Authentication of Equals handshake, commonly known as Dragonfly] itself, where we can force a device into using a weaker elliptic curve than it normally would use," the researchers say.
Moreover, a man-in-the-middle position is not needed to carry out downgrade attack. Instead, attackers only need to know the SSID of the WPA3- SAE network.

Researchers also detail two side-channel attacks—Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks—against Dragonfly's password encoding method that could allow attackers to perform a password partitioning attack, similar to an offline dictionary attack, to obtain Wi-Fi password.
  "For our password partitioning attack, we need to record several handshakes with different MAC addresses. We can get handshakes with different MAC addresses by targeting multiple clients in the same network (e.g. convince multiple users to download the same malicious application). If we are only able to attack one client, we can set up rogue APs with the same SSID but a spoofed MAC address."
Besides these, the duo also documented a Denial of Service attack that can be launched by overloading an "AP by initiating a large amount of handshakes with a WPA3-enabled Access Point," bypassing SAE's anti-clogging mechanism that is supposed to prevent DoS attacks.

Some of these vulnerabilities also affect devices using the EAP-pwd (Extensible Authentication Protocol-Password) protocol, which is also based on the Dragonfly password-authenticated key exchange method.

As a proof-of-concept, researchers will shortly release the following four separate tools (in the GitHub repositories hyperlinked below) that can be used to test the vulnerabilities as mentioned above.
  Dragondrain—a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3's Dragonfly handshake. Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake. Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack. Dragonslayer—a tool that implements attacks against EAP-pwd.   "Nearly all of our attacks are against SAE’s password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks," the researchers say.   Wi-Fi Alliance Working With Vendors to Patch Reported Issues
The duo reported their findings to the WiFi Alliance, the non-profit organization that certifies WiFi standards and Wi-Fi products for conformity, who acknowledged the issues and are working with vendors to patch existing WPA3-certified devices.
  "The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can refer to their device vendors' websites for more information," the WiFi Alliance says in its press release.   "The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together."
You can read more information about these vulnerabilities on the DragonBlood dedicated website, and the research paper [PDF], which also explains how minor changes to the protocol could prevent most of the attacks detailed by the researchers.



540 Million Facebook User Records Found On Unprotected Amazon Servers

It's been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… ...the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers. The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers. Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet.                               More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more. The second dataset belonging to "At the Pool" app contains information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords and email addresses for 22,000 people." Though UpGuard believes the plaintext passwords found in the database were for the At the Pool app, and not for users' Facebook accounts, given the fact that people frequently re-use the same passwords for multiple apps, many of the leaked passwords could be used to access Facebook accounts.     "As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third-party access. But as these exposures show, the data genie cannot be put back in the bottle. Data about Facebook users have been spread far beyond the bounds of what Facebook can control today," experts at UpGuard said.
Both datasets were stored in unsecured Amazon S3 buckets, which have now been secured and taken offline after Upguard, Facebook and media contacted Amazon. This is not the first time third-party companies have collected or misused Facebook data and sometimes leaked it to the public. The most famous incident is the Cambridge Analytica scandal wherein the political data firm improperly gathered and misused data on 87 million users through a seemingly innocuous quiz app, for which the social media giant is facing £500,000 EU fine.



The Bank of Dakar hacked

The Banque de Dakar has been the victim of hacking against a backdrop of fraudulent transactions. The implicated, a Senegalese and 6 Nigerians arrested by the Special Division of Cybercrime. According to AS, which gives the information, once a personal or corporate account is opened at the Bdk, they have managed, with a sophisticated computer system, to enter the network of the banking institution to pump several million Fcfa. The newspaper says they pumped about 50 million CFA francs per account. But the overall amount can change considerably during investigations.



600,000 pirated printers to promote UX training

Printer ports open to the world Can a bot able to hack printers from around the world encourage office workers to become designers fighting the future of AI? Nothing is less certain, but this is what the Russian online university Skillbox is trying to do, which uses an iconoclastic means to publicize one of its new web design courses. Using the Shodan API, which indexes devices connected to the Web, the marketing agency Possible Group has reported that it has successfully printed a warning message sent by a company since March 11, 2019, on more than 600,000 printers worldwide. bot to office workers. Without being a lawyer, we know that Possible Group, which is part of the multinational WPP, should probably not run the risk of a legal catastrophe by carrying out such an operation. It seems that it is the Russian branch that is at work, perhaps less hesitant to flout certain basic ethical rules. But the fact remains that in the end, all these scanned printers do not represent a violation of computer fraud laws because no damage was caused to the devices during this scan.
These printers, stupidly exposed online because of their open 9100 port, can not be damaged by Shodan users who can simply print a message. But there is something to wonder about its content: "By 2024, there is a 94% chance that I replace millions of accountants, auditors and financial analysts, regardless of their level of experience or talented ", one can read the clerical employees targeted by this iconoclast piracy. " All is not lost. I will not be able to replace the creative professions in the near future. Only 20% of graphics work will be replaced by bots by 2024, "says the message, before embarking on a Skillbox UX design course created by Michael Janda, author of Burn Your Portfolio. "The world is changing rapidly and we need to tell as many people as possible," Skillbox CEO Dmitry Krutov said of his "surprising" promotion. "We want to avoid mass unemployment that will result from advances in technology. Everyone deserves a job that will allow them to reach their full potential and help them succeed. That's why it's important to start thinking now about the work you'll be doing in five to ten years. And, of course, the CEO wants employees to sign up, clearly outlining the growing paranoia in society that AI will take jobs. The full message can be read on the Beware of Bots website or - why not - by contacting a nearby company to find out if it has been targeted by this strange hacking campaign.



Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk

Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets.  
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details. 

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.




Gmail, from Google, is one of the main services that use this login method Network security and ethical hacking specialists from the International Institute of Cyber security ensure that malicious actors have been developing their methods to deploy phishing campaigns to the point where they are able to bypass multi factor authentication. “There has been a significant increase in the number of phishing attacks capable of bypassing two-factor authentication (2FA)”, experts commented. This phishing variant works by tricking the victim into revealing your password and a one-use code that protects your email account. This code of a use is very difficult to get for hackers, as it is sent to the phone number linked to the email account and expires less than a minute later. A few months ago, Amnesty International detected a group of hackers who managed to bypass the authentication of two factors using an automatic phishing tool capable of extracting the keys and entering them on the legitimate platform. Subsequently, a network security expert launched a set of open source tools that worked in a similar way. Because this one-use code is sent via SMS, any technique to intercept these utensils will be useful to complete the attack. Therefore, two-factor authentication is primarily vulnerable to attacks against the SMS system. Google, which uses this authentication system for its Gmail service, is deploying a hacking prevention campaign, mainly through blocking logins from unknown locations. The company has also alerted users to possible emails with malicious links or attachments. According to network security specialists, the best way to prevent this kind of attack is with hardware solutions, such as the USB security keys. These tools eliminate the need to receive a key by SMS, because the hardware itself works as a second way of authentication. By Google policy, for example, all of its employees carry one of these security keys and, although their price is not the most economical, cybersecurity experts reaffirm that, so far, this is the best way to prevent phishing attacks. The news about these phishing variants is a reminder to any user about how important it is to check what goes into your email. The operators of these campaigns will always try to impersonate legitimate services, such as streaming platforms or accounts in applications developed by third parties; It is the responsibility of each user to distinguish between legitimate and malicious content and know how to act in case of finding a phishing attempt.