1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This devious VENOM phishing campaign targets business executives

    From TechnologyDaily@1337:1/100 to All on Mon Apr 6 15:30:28 2026
    This devious VENOM phishing campaign targets business executives by name so watch what you click on

    Date:
    Mon, 06 Apr 2026 14:20:00 +0000

    Description:
    Researchers found a new phishing kit called VENOM, capable of stealing 2FA codes and access tokens.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter VENOM phishing kit targets C-Suite executives by name Emails mimic SharePoint notifications with Unicode QR codes Attackers steal credentials, 2FA codes, and access tokens If you work as Director or a C-Suite at a major global organization, be on the lookout for a new phishing attack targeting you by name.

    Security researchers from Abnormal have warned of a campaign in which the threat actors carefully cherry-pick their targets and then approach them with a highly tailored phishing email, whose goal is to steal login credentials
    and 2FA codes . The entire process is built in a previously undocumented phishing kit called VENOM, which has a licensing and activation model, structured token storage, and a full campaign management interface. Article continues below You may like This phishing campaign spoofs internal messages
    - here's what we know A new LinkedIn phishing scam is targeting executives online - make sure you don't fall for this TikTok for Business accounts targeted in phishing campaign here's how to stay safe Stealing secrets Abnormal says that it has not yet appeared in any public threat intelligence databases and was not observed being sold on dark-web forums. This means that it is most likely a closed-access platform distributed through vetted channels.

    The emails themselves are themed around SharePoint document-sharing notifications. The victims are led to believe they have been given a
    document, and are invited to scan the provided QR code to access it.

    The QR code itself is a work of art, as well. Instead of simply embedding an image (which might get picked up by email security solutions), the threat actors built it entirely from Unicode block characters rendered inside an
    HTML .

    Those that scan the code are first redirected to a fake verification checkpoint, designed to filter out bots, scanners, sandboxes, and security researchers. After passing the checkpoint, the victims are presented with one of two ways of authenticating: either with login credentials and a 2FA code, or through device sign-in using Microsoft s legitimate device code flow. The former steals passwords and relays 2FA codes, while the latter obtains access tokens. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Defending against these attacks is the same as against any other phishing email - using common sense, skepticism, and a touch of paranoia when reading emails. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-venom-phishing-campaign-ta rgets-business-executives-by-name-so-watch-what-you-click-on


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)