Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.

• Incredibly convincing websites, selling everything from shoes and clothes to diverse electronics, are tricking people into paying monthly subscriptions and willingly give away credit card data.
• Many of the websites are linked to a single address in Cyprus, likely home to an offshore company.
• The scam encompassed more than 200 different websites, including many that are still up and running.
• Criminals create Facebook pages and take out full ads to promote the already classic "mystery box" scam and other variants.
• The "mystery box" scam has evolved and now includes almost hidden recurring payments, alongside links to websites to various shops.
• Facebook is used as the main platform for these new and enhanced mystery box scams
• Content creators are being impersonated to promote mystery boxes or fraudster create new pages that look a lot like the originals.

• Bitdefender researchers have identified a series of vulnerabilities in PV plant management platforms operated by Solarman and Deye.
• This platform is responsible for coordinating production operations of millions of solar installations worldwide generating a whopping output of approximately 195 GW of solar power (20% of the global solar production)
• If exploited, these vulnerabilities could allow an attacker to control inverter settings that could take parts of the grid down, potentially causing blackouts.
• These vulnerabilities have been communicated to the affected vendors and fixed.

As the creator of the world’s first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world’s best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.

Bitdefender researchers have discovered a new backdoor targeting Mac OS users.

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

In June 2023, Bitdefender Labs published a research paper about espionage operation in East Asia. This operation was ongoing since at least the beginning of 2022, showing a high level of sophistication typically associated with state-sponsored groups. Despite trying various methods, we have been unable to attribute these attacks to a specific threat actor, but the target aligns with the interest of China-based threat actors.

Gravity Forms, a popular WordPress plugin, has been found vulnerable to
unauthenticated PHP Object Injection attacks.

Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.

A common theme we've noticed in the last few months consists of malicious apps
distributed directly from the Google Play Store.