Execution of the nefarious DeepSeek-spoofing "deepseeek" and "deepseekai" packages enabled the theft of user and system information, as well as database credentials.
Attackers who targeted Casio UK's website between Jan. 14 and 24 deployed a two-stage skimmer that consisted of an unobfuscated loader purporting to be a third-party script that triggers the second-stage skimmer that not only encrypted and exfiltrated contact information, credit card details, and billing addresses but also concealed malicious activity through XOR-based string masking and custom encoding.
Attacks involved luring targets looking for "Microsoft Ads" and other similar terms on Google Search into clicking on nefarious sponsored links, which redirect to a phishing page resembling the "ads.microsoft[.]com" site that seeks users' login credentials and two-factor authentication codes later used for account takeovers.
The tool's latest features focus on proactive prevention of account compromise and enhanced threat response capabilities, as well ways to make these capabilities available to a broader range of customers.
The new security tool is integrated into the company's Edge browser and uses machine learning and computer vision to identify fraudulent full-screen pop-ups that trick users into installing malware or purchasing unnecessary software.
