You might like
🇧🇷BTMOB custom module: sets up OkHttp WebSocket C2, pings/redirects C2, then executes JSON-driven ops: screen stream/control, mic capture, file search/move/upload (chunked b64 + ZIP), browser/notification/lock overlays, call-forwarding, local proxy, terminal shell, and injection…
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G202U27WsAAw9L0.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G202YdTWMAAaKS2.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G204vGWWkAAMTi5.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G204zFJXMAArMDc.png)
Another Brazilian #Magecart observed: first GTM (dropper) spawns a second GTM (maps dataLayer: products, InitiateCheckout, Purchase) then a typo-squatted CDN loads a skimmer that hooks payment inputs for exfiltration. #CTI #LATAM
POST /api/event?event=pwaOpen HTTP/2 Host: nubanktrading[.]site Cookie: piuiding6cq=xxxxxxxxxxxxxxxx; pcpn4bdt0w=pwa; pwaid5n52de=xxxxxxxxx; splitidfnp8kv=-1; fpvdate1uehvj=2025-10-06; sdata6yo0lp=xxxxxxxxxxxxxxxx Origin: https://nubanktrading[.]site Referer:…
![SwitchToThread's tweet image. POST /api/event?event=pwaOpen HTTP/2
Host: nubanktrading[.]site
Cookie: piuiding6cq=xxxxxxxxxxxxxxxx; pcpn4bdt0w=pwa; pwaid5n52de=xxxxxxxxx; splitidfnp8kv=-1; fpvdate1uehvj=2025-10-06; sdata6yo0lp=xxxxxxxxxxxxxxxx
Origin: https://nubanktrading[.]site
Referer:…](https://pbs.twimg.com/media/G2nPCqTWIAAjoae.jpg)
🇧🇷 #phishing Nubank atendimentonubank[.]site avalaianubank[.]site checkout-nubank[.]online comprovantenubank[.]online indeniza-nubank[.]site indenizacaonubank[.]site indenizacaonubankoficial[.]online indenizanubank[.]online indenizanubank[.]shop indenizanubank[.]site…
![SwitchToThread's tweet image. 🇧🇷 #phishing Nubank
atendimentonubank[.]site
avalaianubank[.]site
checkout-nubank[.]online
comprovantenubank[.]online
indeniza-nubank[.]site
indenizacaonubank[.]site
indenizacaonubankoficial[.]online
indenizanubank[.]online
indenizanubank[.]shop
indenizanubank[.]site…](https://pbs.twimg.com/media/G2nIZhjWsAAI6fj.jpg)
🇧🇷 #phishing Nubank atendimentonubank[.]site avalaianubank[.]site checkout-nubank[.]online comprovantenubank[.]online indeniza-nubank[.]site indenizacaonubank[.]site indenizacaonubankoficial[.]online indenizanubank[.]online indenizanubank[.]shop indenizanubank[.]site…
🇧🇷Scammers are impersonating Serasa and asking victims to make a PIX payment to “clear their name.” ▶️Destination { "type": "dynamic", "merchantCategoryCode": "0000", "transactionCurrency": 986, "countryCode": "BR", "merchantName": "AGILE LTDA", "merchantCity":…
🇧🇷 #phishing Uma nova e sofisticada campanha de phishing está circulando na internet, utilizando a marca e o prestígio de um marketplace famoso para enganar usuários com a promessa de um cartão de crédito nível “gold” com limite pré-aprovado de R$ 4.700,00 e zero anuidade. O…
Seeing a sharp rise in the creation of domains linked to unregulated and fraudulent betting schemes in Brazil. Owner: Nome: LEANDRO ROCHA ALMEIDA Email: [email protected] 0000bet[.]com[.]br 0077bet[.]com[.]br 1218bet[.]com[.]br 122bet[.]com[.]br…
![SwitchToThread's tweet image. Seeing a sharp rise in the creation of domains linked to unregulated and fraudulent betting schemes in Brazil.
Owner:
Nome: LEANDRO ROCHA ALMEIDA
Email: receitafederaldarussia@gmail.com
0000bet[.]com[.]br
0077bet[.]com[.]br
1218bet[.]com[.]br
122bet[.]com[.]br…](https://pbs.twimg.com/media/G2AzM59W0AED5Sm.jpg)
#Phishing PIX Stealer🇧🇷 "A CAIXA ECONÔMICA FEDERAL confirma o registro do seu processo indenizatório vinculado ao seu CPF. Após a confirmação do pagamento do IMPOSTO, a sua indenização será LIBERADA imediatamente para sua CHAVE PIX" https://pay[.]declaracao[.]org/ { "type":…
![SwitchToThread's tweet image. #Phishing PIX Stealer🇧🇷
"A CAIXA ECONÔMICA FEDERAL confirma o registro do seu processo indenizatório vinculado ao seu CPF. Após a confirmação do pagamento do IMPOSTO, a sua indenização será LIBERADA imediatamente para sua CHAVE PIX"
https://pay[.]declaracao[.]org/
{
"type":…](https://pbs.twimg.com/media/G1O3bGeXEAEKU0p.jpg)
A large phishing campaign is impersonating Caixa Econômica Federal [Brazil] resgatebr[.]blog/cx/final/ ➡️('config', 'G-LMY7TWF8W9'); consultagratuita[.]cfd recebasuavalor[.]cfd valorareceber[.]cfd prontoconsulta[.]cfd achesuavalor[.]cfd conferecredito[.]cfd recebaagora[.]cfd…
![SwitchToThread's tweet image. A large phishing campaign is impersonating Caixa Econômica Federal [Brazil]
resgatebr[.]blog/cx/final/ ➡️('config', 'G-LMY7TWF8W9');
consultagratuita[.]cfd
recebasuavalor[.]cfd
valorareceber[.]cfd
prontoconsulta[.]cfd
achesuavalor[.]cfd
conferecredito[.]cfd
recebaagora[.]cfd…](https://pbs.twimg.com/media/G1OxuwPXQAAcHXd.jpg)
United States Trends
- 1. Knesset 59.1K posts
- 2. Good Monday 29.1K posts
- 3. Columbus 45.4K posts
- 4. #MondayMotivation 9,708 posts
- 5. #LingOrmTop1and2EMVDiorSS26 87.8K posts
- 6. #GalxeID 8,136 posts
- 7. #njkopw 31.7K posts
- 8. Israeli Parliament 5,998 posts
- 9. CONGRATS LINGORM PFW EMV 81.4K posts
- 10. StandX 2,253 posts
- 11. Cryptocurrencies 4,271 posts
- 12. Branch 42.6K posts
- 13. #IndigenousPeoplesDay 1,189 posts
- 14. All 20 66.5K posts
- 15. Rod Wave 2,164 posts
- 16. Victory Monday N/A
- 17. Red Cross 67.6K posts
- 18. God Bless President Trump 17.2K posts
- 19. Happy Thanksgiving 18.2K posts
- 20. Tom Homan 89.3K posts
You might like
-
Alexandre Borges
@ale_sp_brazil -
Arkbird
@Arkbird_SOLG -
Joe Security
@joe4security -
Dee
@ViriBack -
Pavel Yosifovich
@zodiacon -
Frost
@fr0s7_ -
neonprimetime
@neonprimetime -
Ring3API 🇺🇦
@ntlmrelay -
avman
@avman1995 -
Joe Roosen
@JRoosen -
JAMESWT
@JAMESWT_WT -
Frank Boldewin
@r3c0nst -
Sinaei
@Intel80x86 -
Artsiom Holub
@Mesiagh -
marc ochsenmeier
@ochsenmeier
Something went wrong.
Something went wrong.