Cyber Briefing: 2025.08.05

APT37 hides malware in JPEGs, Plague targets Linux PAM, ClickTok fakes TikTok domains, Chanel data stolen via Salesforce, Monte Carlo resort hacked, major Palo Alto–CyberArk merger.

Aug 05, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. APT37 Hackers Use JPEGs to Hack Windows

APT37's latest campaign, primarily targeting South Korea, utilizes an enhanced version of their RoKRAT malware, which employs sophisticated fileless techniques and steganography to evade detection. The attack chain begins with a deceptive Windows shortcut file that decrypts and injects malicious code into trusted Windows processes, ultimately exfiltrating data through legitimate cloud services.

2. Plague Malware Targets Linux Servers

Plague is a sophisticated Linux backdoor that evades all antivirus engines by exploiting the Pluggable Authentication Modules (PAM) to maintain persistent SSH access. The malware operates as a seemingly legitimate PAM module, allowing it to subvert core authentication mechanisms and remain undetected while removing all traces of its activity.

3. Fake TikTok Domains Spread Malware

Cybersecurity researchers have uncovered a massive phishing and malware campaign, codenamed "ClickTok," that's targeting TikTok Shop users globally. The attackers use fake ads and lookalike websites to trick users into downloading trojanized apps that steal credentials and harvest sensitive data, including cryptocurrency wallet information.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Chanel Hit by Salesforce Data Theft Attacks

A recent data breach at Chanel, attributed to the ShinyHunters extortion group, exposed the personal contact information of US customers. The attack was part of a larger campaign targeting Salesforce users through social engineering and phishing to steal data for extortion.

5. D4rk4rmy Claims Hack of Monte Carlo Resort

The cybercrime group D4rk4rmy has added the Monte-Carlo Société des Bains de Mer (SBM), Monaco's leading luxury hospitality company, to its dark web leak site after a claimed data breach. The attack alleges the theft of sensitive client data and internal corporate records, which could severely impact SBM's global reputation and its elite clientele.

6. Northwest Radiologists Breach Affects Patients

In January 2025, a data breach at Northwest Radiologists exposed the personal information of nearly 350,000 Washington State residents. The company has confirmed the breach and is now notifying those affected while offering complimentary identity protection services.

For more incidents, click here!

Click to Read

📢 Cyber News

7. DOJ Launches Backpage Victim Compensation

The Department of Justice has launched a historic remission process to compensate victims of human trafficking whose exploitation was facilitated by the now-defunct website [suspicious link removed]. The process, the largest of its kind to date, makes over $200 million in forfeited funds available to victims who can file a petition for compensation by February 2, 2026.

8. Palo Alto Networks to Acquire CyberArk for 25B

Cybersecurity giant Palo Alto Networks announced its intent to acquire identity management and security company CyberArk for $25 billion, a deal that represents a major strategic move into the identity security space. This acquisition is the largest in Palo Alto's history and one of the biggest cybersecurity deals of 2025.

9. Proton Fixes Authenticator Bug Leaking TOTP

Proton recently fixed a bug in its new iOS Authenticator app that logged users' sensitive multi-factor authentication (TOTP) secrets in plaintext. This vulnerability, which was not a remote exploit but could expose secrets if local logs were shared, has been patched in the latest app version.

For more news, click here!

Check Events

📈Cyber Stocks

On Tuesday, August 5, 2025, cybersecurity stocks ticked higher as investors adjusted to fresh strategic moves, valuation recalibrations, and AI-driven platform anticipation.

Zscaler (ZS) rose 2.00% to $285.86, supported by renewed investor confidence in its cloud-native security platform and continued strong messaging from ThreatLabz threat intelligence reports.
Rapid7 (RPD) gained 1.87% to $20.74, as sentiment stabilized ahead of its August 7 earnings release, with concerns over valuation easing and anticipation building on its threat-detection pipeline.
Check Point Software Technologies (CHKP) climbed 2.21% to $192.76, rebounding after an earlier earnings-induced sell-off, driven by improving investor perception around billings outlook and renewed federal contract optimism.
SentinelOne (S) rose 2.82% to $18.44, buoyed by renewed excitement over its acquisition of Prompt Security to secure generative AI usage and heightened positioning as a GenAI-native defender
Fortinet (FTNT) moved up 1.21% to $98.55, backed by institutional accumulation and long-term confidence in its growth in firewall refresh cycles and SASE deployments despite near-term volatility.

💡 Cyber Tip

Avoid Fake TikTok Shop Sites Spreading Malware and Stealing Crypto

A massive phishing and malware campaign known as ClickTok is targeting TikTok Shop users with over 15,000 fake domains that impersonate the official platform. These malicious sites and ads trick users into downloading trojanized apps laced with SparkKitty malware, which can steal login credentials, hijack session tokens, and extract cryptocurrency wallet seed phrases from device screenshots.

✅ What you should do:

Avoid downloading TikTok Shop apps from third-party links or unknown sources
Always access TikTok Shop through the official app or verified website
Do not make crypto payments to online storefronts offering unrealistic discounts or bonuses
Use mobile antivirus tools and scan for trojanized apps
Check devices for unauthorized apps or screen-capture activity and review permissions
Back up and secure cryptocurrency wallets using hardware storage or encrypted vaults

🔒 Why this matters:

ClickTok is a global, well-funded scam that combines fake branding, social engineering, and malware to steal crypto and credentials at scale. Its use of AI-generated ads, OAuth abuse, and OCR-powered seed phrase theft highlights a dangerous evolution in financial cybercrime.