Strong eCommerce customer service builds trust, boosts loyalty, and drives sales. Learn key strategies, best practices, and tools to enhance online support.

Great online customer support starts with the fundamentals that make shoppers feel valued and understood when they can’t see your face or walk into your store. The basics include responding quickly across multiple channels, writing in a friendly human tone (not corporate-speak), and making it super easy for customers to find help when they need it.

Mastering these foundational elements builds trust with online shoppers and sets the stage for turning one-time buyers into loyal repeat customers. According to WOW24-7, an e-commerce customer service outsourcing provider, recent studies highlight the impact of customer service quality on online shopping behaviour. In April 2024, reports indicated that 79% of consumers may choose not to buy from a brand again after a poor post-purchase experience.

****What is eCommerce Customer Service?****

Generally speaking, e-commerce customer service is a special department that helps and supports online businesses as you are shopping online. Think of it as the digital version of that helpful store employee, but instead of being face-to-face, they’re helping you through chat, email, or phone when you have questions about products, shipping issues, returns, or just need advice before buying something.

****Advantages of a Good eCommerce Customer Service****

Good online customer service is a total game-changer! It builds trust (super important when you can’t see products in person), turns angry customers into happy ones (like when your headphones arrived broken and they shipped new ones overnight), and makes people spend more money.

Plus, happy customers tell their friends – “one of our customer’s customers switched to a new skincare brand just because her friend raved about how they helped her find the right products for her skin type.”

****How To Provide a Stellar Customer Service: Tips For Online Support********1\. Prioritize Multiple Communication Channels****

To provide excellent customer service, be available wherever your customers want to reach you. That means providing various channels of support, including social media support. 

Some people hate phone calls but love texting, while others want to shoot a quick email or DM you on Instagram. The best online stores let me choose – like that clothing shop that lets me track my order through text, ask sizing questions on chat, or call them about complicated returns. It shows they respect how you prefer to communicate instead of forcing you to use their one preferred channel.

So, good customer service plays a key role in customer satisfaction, and it should be multichannel customer support. And what about you, how many channels does your brand offer to contact your team?

****2\. Empower Your Team with Knowledge****

Make sure your support team knows your products inside and out – they can’t help customers if they’re clueless themselves. Indeed, the product knowledge is essential. Create a searchable knowledge base where your team can quickly find answers instead of saying “Let me check on that” for every question.

Our customer, a tea company, has weekly “sip and learn” sessions where staff try new products and discuss common questions, which has cut their average response time in half. The ability to deliver almost instant answers to the customers’ questions. That’s what we call a start for the exceptional customer service. 

****3\. Implement a Full Self-Service System****

Give customers ways to help themselves with detailed FAQs, video tutorials, and searchable help centers available 24/7. That is super important for customer retention.

One of our customers, an electronics ecommerce business has this amazing interactive troubleshooting tool that walks you through fixing common issues before the customers even need to contact them. Just make sure to keep these resources updated – nothing’s more frustrating than outdated information that wastes customers’ time.  

****4\. Track Key Metrics and Analyze Performance****

You can’t improve what you don’t measure, so keep tabs on response times, customer satisfaction scores, and first-contact resolution rates. Look for patterns in customer complaints to fix underlying issues – like when that clothing store noticed a spike in size questions and added better measurement guides. Set goals for your customer service team based on these metrics, but don’t obsess over speed at the expense of actually solving problems properly.

Moreover, track and analyze your customer reviews and work with both positive customer reviews and negative ones. Here’s a tip for you: the leading ecommerce platforms also work with the so-called ‘middle customers’ (the ones that are neither positive nor negative. They are the easiest ones to become your true brand enthusiasts. 

****5\. Personalize the Customer Experience****

Use customer purchase history and preferences to make interactions feel special and relevant. One ecommerce brand, a book subscription service, remembers what genres you love and what you have already read, making their recommendations useful.

Simple touches made by your customer service representative like addressing customers by name and referencing their previous orders make people feel valued instead of just another ticket number in the queue. That is crucial if you want to be the brand that comes with the best customer service for ecommerce. 

****6\. Proactively Address Customer Issues****

A great customer service company does not wait for complaints, it reaches out when its support agents know there might be a problem. For instance, a clothing store emails you before you even notice that your package was delayed due to weather, offering options and a small discount or a free trial. 

Therefore, your customer service agent must watch social media mentions of your brand to catch issues before they escalate into full-blown problems. This customer service strategy builds trust and loyalty. 

****7\. Embrace Technology and Automation****

If you want to offer good customer service experiences, use chatbots to handle simple questions and AI to route complex issues to the right specialist. Add the frequently asked questions section to let your customers find all the answers to their questions without waiting for your reply and the personalization to help them if they contact you. 

A simple example: there’s a tech shop that uses automation to send perfectly timed setup guides after purchase, preventing tons of support calls. Just make sure there’s always an easy escape hatch to reach your ecommerce customer service team when the bot can’t help. That’s crucial if you want to deliver an excellent customer service. 

****8\. Offer Easy Returns and Exchanges****

Make returns painless with prepaid labels, clear instructions, and quick processing. Yes, in the world of e-commerce, you have to provide the customer with the possibility to return in a fast, easy and free manner.

Here’s an example. There’s a shoe company that includes a return label right in the box and lets you start the return process with a single text message. And here comes an interesting fact: Good return policies increase sales because people feel safer trying new products. 

****9\. Solicit and Respond to Feedback****

Actively ask customers how they’re doing through quick surveys after purchases or support interactions. Every ecommerce business will benefit from customer service tools or special support software that collects data about the quality of service and customer communications. 

Just a simple case from our experience. There’s a coffee subscription that sends a three-question survey after each delivery, and when somebody mentioned their packaging was excessive in the comments, they changed it within a month. Show customers that the feedback matters by implementing changes and letting them know. There’s a necessity to adapt to the changing world of customer satisfaction. 

****10\. Invest in Ongoing Training and Development****

Keep your ecommerce customer support team sharp with regular product training and customer service skill development. My cousin works at an online beauty store where they spend Friday afternoons practising tough customer scenarios and learning about new product ingredients. Well-trained agents solve problems faster and make customers happier.

****11\. Foster a Culture of Customer-Centricity****

Make customer happiness everyone’s job, not just the support team’s. One of our customers, a small electronics brand, believes that excellent service is critical and so it invites its engineers to join support calls monthly to hear customer struggles firsthand. Then their support system analyses the available customer needs and the online shopping experience and thinks of ways to improve service to customers.

Celebrate team members who go above and beyond for customers, and use customer stories in company meetings to keep their needs front and center.

****An Effective eCommerce Customer Service: Key Takeaways****

Great online customer service is crucial as it talks to your customers directly. It’s all about being focused on customer wants, needs, and expectations. Plus, since great service is important for brand success, multi-channel customer support has become the new normal for companies who want to boost the customer’s lifetime value. Response speed matters hugely, but the quality and personal touch of those responses turn one-time buyers into loyal fans who spread the word.

The best online stores use the right software like Intercom and technology to handle routine stuff while freeing up humans to solve complex problems with empathy and creativity to improve their customer experience. Track what’s working (and what isn’t) through customer feedback and solid metrics, then actually use that info to keep improving. Remember that in the digital world where competitors are just a click away, exceptional service isn’t just nice to have – it’s often your biggest competitive advantage. 

Therefore, these are the eCommerce Customer Service Best Practices that help you improve customer service and provide an amazing customer service experience. Just remember that true customer service means the real care of your customers, not just words.

****Customer Service Channels FAQ********Why is customer service important for e-Commerce businesses?****

It’s your digital storefront’s personality! Without face-to-face interaction, it’s hard to make your customers happy. When one of our customers launched her handmade jewellery store, her amazing response time and personalized packaging notes turned first-time buyers into repeat customers who shared her store all over social media. Plus, in a world where switching to a competitor takes one click, great service is often the only thing keeping customers loyal.

****What are the key challenges of providing online customer support?****

The biggest headache is managing customer expectations for instant 24/7 help when you’re a small team (or solo entrepreneur). Then there’s the challenge of explaining products people can’t touch or try on, handling shipping issues you don’t directly control, and building trust without in-person connections. For instance, a hot sauce company can struggle with international customers who fail to understand the cause of shipping delays until they create a visual tracking system that shows exactly where packages are stuck.

****How can I improve response times for customer inquiries?****

*   Create templates for common questions so you’re not typing the same shipping policy explanation fifty times a day.
*   Set up auto-responses that acknowledge messages immediately even if you’ll answer fully later.
*   Use a smartphone app connected to your help desk so you can quickly answer simple questions while on the go.
*   You can dramatically cut response times by creating a shared Google Doc where all staff will document weird questions and answers for everyone to reference.

****What are the best tools for managing eCommerce customer service?****

For small shops, Zendesk or Freshdesk are solid starting points that won’t break the bank. Gorgias is amazing if you’re on Shopify since it shows order history right alongside customer conversations. Help Scout has a super clean interface that’s easy for non-tech folks. The gaming stores often Intercom so they can chat with the customers right on their website while they are browsing, which saves from abandoning the cart multiple times.

****How can I handle difficult customers effectively?****

First, take a deep breath and remember it’s rarely personal. Listen fully before responding – sometimes people just want to be heard. Offer concrete solutions instead of excuses. Know when to give a little (like a small discount) to solve a bigger problem.

One more tip to keep in mind: if you have a super angry customer about shipping damage, remember that customer service is important and it’s imperative to react instantly. So, immediately send a replacement with a small bonus. That can help you turn your angry customer into the biggest Instagram advocate.

****What role does automation play in e-Commerce customer support?****

Automation handles the repetitive stuff so humans can focus on complex problems. Think automatic order confirmations, shipping updates, and chatbots that answer basic questions like “What’s your return policy?” The smart plant shop I order from automatically emails care instructions based on what I purchased and sends reminders when it’s time to report – this prevents tons of support questions while making me feel taken care of.

****How can live chat improve customer satisfaction?****

Live chat catches customers right when they’re considering a purchase but have questions – like when I was about to abandon a pricey camera purchase until their chat agent explained why it was worth the investment. It feels more immediate than email but less intrusive than phone calls. 

****What are the best practices for handling returns and refunds?****

Make your policy crystal clear and easy to find. Don’t make customers jump through hoops – include return labels in the original package if possible. Process refunds quickly once items are received. Be flexible when it makes sense – that clothing store that gave me store credit past their return window earned way more of my money long-term. The best companies view returns as opportunities to learn product issues and improve, not as losses to minimize.

****How can I measure the success of my ecommerce customer service?****

Track obvious stuff like response time and resolution time, but also watch customer satisfaction scores (quick post-interaction surveys) and Net Promoter Score (would they recommend you?). Look at repeat purchase rates after service interactions – my favourite coffee subscription saw that customers who had a resolved issue spent 20% more in the following six months than those who never had problems. Also, track how many support tickets you get per 100 orders – this should decrease as you improve product descriptions and FAQs.

****What are some common mistakes to avoid in online customer support?****

The biggest fails include: making customers repeat their problem to multiple agents, hiding contact information so people can’t easily reach you, using robotic templated responses without personalizing them, promising unrealistic shipping/delivery times, and not following up after resolving issues. My worst experience was with that electronics store that transferred me three times, made me re-explain my issue each time, then promised to call back and disappeared forever – I’ll never shop there again!

Featured Image via Pixabay

1.  The Basics of Ecommerce Cybersecurity
2.  Enhance customer experiences with Generative AI
3.  How Payment Orchestration Enhances Business Efficiency
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Future of eCommerce: Emerging Tech Shaping Online Retail in 2024

eCommerce Customer Service Tips For Online Support: The Basics

Do you want to have the best communication system at your workplace? Learn how to maximize the benefits…

Do you want to have the best communication system at your workplace? Learn how to maximize the benefits of Slack for business. This guide walks you through setting up your workspace and explores how its features can enhance team collaboration.

****Setting Up Your Slack Workspace****

The initial task to solve your company’s communication problems is to create your own Slack workspace. Start with a company-associated email and organize your workspace. 

The first step is to select a unique and attractive name, suggest the goal and purpose of your workspace, and then refer to your teammates to invite them to the channel. Communicate the objectives and construction of your Slack workspace so that you can promote the team’s organization and alignment of ideas.

After:

*   Next, have a one-off name for your workspace that is very precise.

*   Let your team know that they are welcome to join and include them in the invites.

*   So, begin by using a company-associated email to create a well-organized workspace.

*   Take a moment to clearly define the Slack workspace objective and scope, which will further boost the team members’ communication and collaboration.

After your workspace is set up, be the coordinator of the projects, ensuring that everything is done in detail. Targeted channels ensure that discussions are quick, simple, and well-organised.

Additionally, optimize apps to streamline processes and increase productivity. Implement the conversational ticketing systems to manage tasks efficiently and adapt the workspace to your team’s unique requirements.

****Create Dedicated Channels****

There is nothing more important in Slack than dedicated channels, which are the center and goal of effective communication. These channels allow for the grouping of discussions based on projects, departments, or other topics. 

Certain channels can be tailored to particular projects to bring clarity and eliminate the communication mess. Channels might be public or private, letting you decide who can access particular topics, such as sensitive information, and the discussions.

Setting up customized channels oriented towards particular projects or topics allows team members to communicate with each other in a focused manner, which results in productive conversations. This style is not only a way of information that is concerned with the flow but also diminishes the risk of information overflow.

Dedicated channels guarantee fast and efficient information retrieval for your team.

****Ticketing System for Conversation****

Conversational ticketing within Slack can simply redefine the way in which your business goes about tasks and support requests. According to Suptask, a Slack ticketing system allows users to create tickets and carry out tasks directly inside Slack, streamlining conversations into actionable items, reducing context-switching, and ensuring requests are tracked and resolved efficiently.

*   This tool can receive tickets from every corner of Slack, therefore, tracking them and managing easy. 

*   This leads to the possibility of private tickets, guaranteeing a level of security for sensitive data and collaboration among users to go on a well-resolved journey on the road of tickets.

*   Introduces options like smart and interactive Service Level Agreements (SLA), custom ticket forms, and dashboard analytics with KPI metrics.

*   It offers a range of integrations and the ability to manage tasks in Slack seamlessly. It is a type of helpdesk that uses direct messaging applications such as Slack to provide customer support.

****Integrate Essential Apps****

Integrating essential apps into Slack massively increases team productivity and significantly boosts not only employee engagement but also new skills that each employee acquires. 

Slack provides unlimited app integration options thus companies can choose the tools that fit their preferences.

There are over 2,600 different apps available, and Slack allows you to construct your ones so you can enjoy the functions tailored to your specific demands. As a result of the integrations with tools like 

1.  Trello
2.  Zoom
3.  Dropbox 
4.  Google Drive

App integration brings all the communication and task management to one place, and that is how the workspace is the most optimized. This way, communication is managed and the workflow is improved. Slack’s powerful API is also able to give developers the flexibility to design custom integrations, which means that businesses can customize Slack based on their specific requirements.

****Personalize Workspace****

Personalize your Slack workspace based on the specific needs and preferences of your team. Without any additional fees, users can add a theme to the chatroom, include seasonal emojis, and edit their links so that when opening a discussion, they can be the first to engage with the bot.

For personal notifications, the messages can be made to pop up at the right time that one is working on a specific item in the list of things. These are the tasks that matter.

Introducing a communication timeframe into existing work allows for increased team property effectiveness. The use of custom emojis, themes, and notification settings not only excites the users but also facilitates a smoother and stress-free working environment for the teammates.

****Improved Communication with Slack Features****

Due to Slack’s multitasking features that are all aimed at communication efficiency, Slack can bring people together in a team. 

1.  Specific Slack channels for various projects and teams create a proper internal communication system that helps members stay together.  
    
2.  The concept of threads in individual channels is meant to both clear the main conversation and provide the opportunity for different users to have sub-conversations. A well-organized chat reduces the use of emails and ensures that essential messages are read.  
    
3.  Direct messages on Slack, Slack Huddles, and Slack Connect are the primary communication and collaboration tools that are instant and efficient. 

These applications contribute to streamlining dialogue, regardless of whether it is fast two-person conversations, team meetings, or dealing with external partners. All those features can greatly escalate the communication between the team members.

****Chat Or Private Conversation With The Group****

Direct messages on Slack provide more effective communication as their communication paths are clearer, and the endless threads present in traditional emails are only obstacles. Direct messages are for quick questions and elaborated dialogues, and they allow you the possibility to communicate in real time as well as keep the conversations concise and private. Teams can do the same by setting up group direct messages, through which several participants can hold the conversation aside from the main channels.

Direct messages help avoid the cluttering of public or private channels and thus keep the important chats organized. This not only optimizes the communication but also keeps the direct message workspace structure.

****Slack Huddles and Video meetings****

Slack Huddles are pretty simple immediate video group calls that can be arranged to ensure the efficient flow of vital information, especially when numerous people are working remotely. 

These calls provide the live-audio multimedia element that intensifies the interactive discussion as it lets the group members communicate without being present physically. This tool can be a great asset for companies that use instant communication as their main channel for making important decisions.

Allowing Slack Huddles to become a standard part of your daily schedule will make sure that meetings using audio and video are as smooth as silk – and they are, thus, more likely to be efficient and effective. This tool is indispensable for teams working on different stages, and therefore, it is a must for those who want to solve business problems quickly, it is also needed for those who are adding new members to the team in the early stages of the project.

****Slack Connect****

Slack Connect is a feature of great potential which is deployed (or that can be set up) in the same manner as for businesses who use direct collaboration with other secure accounts. 

It also prevails as an embodiment that has, the advantage, of being based on the premise that it connects different organizations so that they can transmit messages (one-on-one and group direct messages) among them, apart from the fact that in case the number of participating organizations can exceed 250, the topic of inter-organizational communication will be the subject of a prominent content. 

The saving of time and money in centralized communication contributes not only to the efficiency of partnerships but also to the ease of collaboration with outsiders.

Slack Connect is a medium between customers and partners, who communicate frequently with their partners to improve the efficiency of their systems. This means that they can eliminate the difficulties they have using centralized communication and consequently, increase the performance of the overall organization.

****Conclusion****

Slack has a lot to offer with its various tools and features that are used to help the work environment be more efficient and productive. Right from the company to connecting channels, the vital software to be integrated, and the automation system to provide maximum security, Slack is the complete package that a company can use for streamlining.

Implementing my directions and suggestions will allow you to fully use Slack in your business. Enjoy using these functions, which will help you communicate better, manage your tasks more effectively, and, above all, sustain a friendly atmosphere in your team. Utilize Slack to the fullest and see your company rise on the digital world graph.

Image Via Unsplash

How to Use Slack for Business: Workplace Communication

Auto-color: New Linux backdoor malware targeting the US and Asia. Learn about its advanced evasion, persistence, and detection…

Auto-color: New Linux backdoor malware targeting the US and Asia. Learn about its advanced evasion, persistence, and detection methods.

A newly discovered Linux malware, dubbed Auto-color, is targeting educational institutions and government entities in North America and Asia, employing advanced stealth techniques to avoid detection and removal.

Researchers at Palo Alto Networks Unit 42 identified this malware. Their investigation reveals that this malware was active between November and December 2024. Auto-color distinguishes itself by using innocuous file names, such as common words like “door” or “egg,” to disguise its initial executable.

“Although the file sizes are always the same, the hashes are different. This is because the malware author statically compiled the encrypted C2 configuration payload into each malware sample,” Unit 42’s blog post, authored by Alex Armstrong, revealed.

Upon execution, it checks its file name and, if it doesn’t match a designated name, initiates an installation phase. This phase involves embedding a malicious library implant, mimicking a legitimate system library, within the system. The malware’s behaviour varies depending on whether the user has root privileges. If root access is available, it installs a library designed to override core system functions.

Auto-color Flow diagram (Source Palo Alto Networks)

A key aspect of Auto-color’s stealth is its manipulation of the Linux system’s ld.preload file. This allows the malware to ensure its malicious library is loaded before other system libraries, enabling it to intercept and modify system functions. This technique grants the malware significant control over the system’s behaviour, including the ability to hide its network activity.  

Auto-color employs sophisticated methods to conceal its network connections. It hooks into functions within the C standard library, allowing it to filter and manipulate the system’s network connection information. By altering the contents of the /proc/net/tcp file, it effectively hides its communication with command-and-control servers, making it difficult for security analysts to detect. This manipulation is more advanced than similar techniques used by previously discovered malware, researchers observed.

The malware uses a proprietary encryption mechanism to connect to remote servers, retrieving target server details from a dynamically generated configuration file or an embedded encrypted payload. It uses a custom stream cipher for secure communication with the attackers’ infrastructure.

“A stream cipher is an encryption scheme in which the key interacts with each byte of the ciphertext,” the blog post read.

Once established, the malware exchanges encrypted messages with the server, enabling the execution of commands on the compromised system.

Auto-color discovery highlights the growing sophistication of Linux-based malware as it can manipulate core system processes and its advanced evasion techniques pose a significant threat to targeted sectors. Organizations should strengthen their security measures, including stringent privilege controls, behavioural threat detection, and continuous monitoring of Linux systems, to mitigate the risk of infection.

New Backdoor Auto-color Linux Targets Systems in US and Asia

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and…

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and how to protect your Windows system.

Fortinet’s FortiGuard Labs has disclosed details of a new malware campaign targeting Taiwanese businesses. Reaching out to Hackread.com on this discovery, prior to its publishing on Thursday, researchers revealed that this campaign was discovered in January 2025 and deployed a highly advanced malware framework, known as Winos 4.0. This attack exhibited a high severity level, and utilized a multi-stage infection process, ultimately aiming to steal sensitive information for future malicious activities.

Further probing revealed that this malware specifically targeted Microsoft Windows platforms. A phishing email, carefully crafted to impersonate Taiwan’s National Taxation Bureau, served as the initial attack vector. This deceptive email claimed to contain a list of companies scheduled for tax inspections, urging recipients to forward the information to their financial departments. The attached file, disguised as an official document from the Ministry of Finance, contained a malicious DLL for the next attack stage.

The Deceptive PDF (Source: Fortinet)

The attack unfolded through a series of executable and dynamic link library (DLL) files. The ZIP file contained files that executed in a sequence: 20250109.exe, ApowerREC.exe, and lastbld2Base.dll.

“20250109.exe is a launcher originally used to execute the actual APowerREC.exe in ./app/ProgramFiles. The attacker created the same folder structure in the ZIP file and used a loader to replace ApowerREC.exe. The fake ApowerREC.exe does nothing but call a function imported from lastbld2Base.dll,” researchers explained in the blog post.

This DLL decrypts and executes shellcode, which contains configuration data including the command-and-control (C2) server address. The shellcode further implements optional features, such as permission escalation, anti-sandbox techniques (e.g. taking multiple screenshots to detect user activity, delaying execution if no user interaction was detected), and process window hiding. The malware downloads encrypted shellcode and the core Winos 4.0 module from the C2 server. This data was stored within the system’s registry for later decryption and execution.

The Attack Flow (Source: Fortinet)

The module initiates several malicious tasks, such as establishing persistence, bypassing UAC (User Account Control), collecting system information (including computer name, operating system version, and installing antivirus software), and disabling screen savers and power-saving features on the infected system.

In addition, the malware actively monitors and manipulates user activity. This includes capturing screenshots, logging keystrokes and clipboard contents (even connected USB devices with their insertion and removal logs), and modifying clipboard data based on predefined rules. It can also disable network connections for security software. Alternative attack chains were also observed, involving Python scripts and further shellcode injection techniques. These variations demonstrate the flexibility and adaptability of the Winos 4.0 framework.

Protecting yourself from sophisticated malware like Winos 4.0 requires being highly suspicious of unsolicited emails, especially those with attachments or links, avoiding opening compressed files (ZIP, RAR) attached to emails, as they are often used to deliver malware, and enabling real-time scanning to detect and block threats before they can infect your system.

“This attack follows a classic phishing pattern but with a fun twist around the trusted authority to invoke a reaction,” explains J. Stephen Kowski, Field CTO at SlashNext. “The threat actors cleverly exploit human psychology by creating urgency and curiosity, making recipients more likely to download malicious content.”

Beyond email security, Kowski highlights the importance of a multi-layered approach to defence. “Most organizations are now using managed file transfer systems that require registration and internal approval while simultaneously blocking zip attachments altogether. Combining user education with advanced threat detection technologies is key to stopping sophisticated social engineering attempts before they reach inboxes.”

Hackers Impersonate Taiwan’s Tax Authority to Deploy Winos 4.0 Malware

Angry Likho APT resurfaces, targeting Russian and Belarusian organizations with Lumma Stealer malware via phishing attacks, stealing credentials, banking data, and more.

Cybersecurity researchers at Kaspersky’s Securelist have found a cyber espionage group known as Angry Likho APT (also referred to as Sticky Werewolf by some security vendors) has reemerged with a new wave of cyberattacks, primarily targeting organizations in Russia and Belarus.

This group, which has been active since 2023, shares similarities with the previously analyzed Awaken Likho group, and is linked to cyber attacks against government agencies and large corporate contractors in Russia and parts of Belarus.

**Who Are They Targeting?**

Angry Likho APT has a history of sending highly targeted spear-phishing emails, focusing on employees of large organizations, including government agencies and their contractors. These messages come with malicious RAR files that include harmful shortcut files along with an apparently harmless document.

Once opened, the archive triggers a complex infection chain, ultimately deploying a stealer malware known as Lumma Stealer.

The group’s phishing emails and bait files are written in fluent Russian, suggesting the attackers are likely native Russian speakers. While the majority of victims are in Russia and Belarus, some incidental targets have been identified in other countries, possibly researchers or users of Tor and VPN networks.

According to Securelist’s technical details put together in its blog post, in June 2024, researchers discovered a new implant associated with Angry Likho APT, distributed under the name FrameworkSurvivor.exe. This implant, created using the legitimate Nullsoft Scriptable Install System, functions as a self-extracting archive (SFX).

Upon execution, it extracts files into a folder named $INTERNET_CACHE and launches a heavily obfuscated command file, Helping.cmd. This file, in turn, executes a malicious AutoIt script, which injects the Lumma stealer into the system.

Phishing emails used in the campaign (Via Securelist)

****What Does Lumma Stealer Do?****

The Lumma stealer is designed to harvest sensitive data from infected devices. It collects system information, installed software details, and personal data such as cookies, usernames, passwords, banking card numbers, and connection logs. It also targets data from popular browsers like Chrome, Firefox, and Opera, as well as cryptocurrency wallets and extensions like MetaMask and Authenticator.

****Recent Activity****

In January 2025, Russian cybersecurity firm F6 ( (previously F.A.C.C.T) reported new attacks from Angry Likho APT. These attacks involved image files (e.g., test.jpg and test2.jpg) containing Base64-encoded malicious payloads, a tactic previously observed in 2024.

Researchers also identified several new command servers used by Angry Likho, including domains like averageorganicfallfawshop and distincttangyflippanshop. By analyzing these servers, they uncovered over 60 malicious implants, some of which shared the same payload. This suggests the group is actively expanding its infrastructure to evade analysis and detection.

Nevertheless, the research shows that Angry Likho continues to operate consistently, though in a predictable manner. While they make small changes each time, their approach stays the same: targeted phishing emails, a self-extracting archive, and a final payload designed to steal sensitive data.

Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia

HaveIbeenPwned (HIBP) website has significantly expanded its database with hundreds of millions of newly compromised credentials extracted by hackers though infostealer logs.

A massive collection of compromised data, dubbed “ALIEN TXTBASE,” has been integrated into the Have I Been Pwned, (a website that alerts users about data breaches) database.

According to Have I Been Pwned’s founder Troy Hunt, this information was harvested from individuals whose devices were infected with infostealer malware designed to steal personal data. This addition comprises 1.5 terabytes of stolen credentials, containing 23 billion entries.

Analysis of this data reveals 493 million unique email and website combinations, impacting 284 million individual email addresses. Furthermore, 244 million previously unknown passwords have been added to the Pwned Passwords database, with updated frequency counts for another 199 million existing entries.

In addition to expanding the database, HIBP has introduced new APIs to enhance data accessibility for organizations. These APIs allow querying of stealer logs by email and website domain, enabling assessments of workforce exposure and identifying compromised customer credentials. These tools are available through a Pwned 5 subscription, which includes an API for email search and a free web UI for email log viewing. A new “IsStealerLog” flag is added for differentiated handling of stealer log data.

Source: HIBP

“This means that anyone programmatically dealing with data in HIBP can now easily elect to handle stealer logs differently than other breaches,” Hunt explained.

The ALIEN TXTBASE data originated from a Telegram channel distributing stolen credentials.  This channel, one of many involved in such activities, came to light after a government agency alerted HIBP to its existence. 

Source: HIBP

“The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.”

The data is disseminated in individual files, a sample of which reveals the channel’s monetization strategy: offering free samples and then selling subscriptions for access to newly acquired stolen data. These credentials are typically obtained through malware infections, often spread via pirated software or disguised within seemingly legitimate downloads. Once a machine is compromised, the malware silently harvests user credentials as they are entered into websites, enabling further exploitation.

Unlike breaches from single sources like a specific website, the ALIEN TXTBASE breach involved credentials from a multitude of sites, making it challenging to verify their authenticity, Hunt noted.

Standard verification methods like password resets are complicated by geo-fencing implemented by some services, such as Netflix’s geo-restrictions. HIBP uses VPNs to verify compromised accounts, and direct contact with its subscribers helped validate data. While the data is largely legitimate, it may contain fabricated entries, making it difficult to distinguish valid from invalid information.

The ALIEN TXTBASE stealer logs are now accessible through existing HIBP search methods, along with the newly introduced domain-based APIs. This data empowers organizations and individuals to identify compromised credentials and take proactive steps to protect themselves. HIBP emphasizes that the free web UI for viewing stealer log results by email remains available. Users can access this feature by visiting the notification page and verifying their email address.

Have I Been Pwned Adds ALIEN TXTBASE Data 280M Emails & Passwords

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.

Swedish law enforcement and security agencies are advocating for legislation that would compel encrypted messaging services, such as Signal and WhatsApp, to implement backdoors.

This measure aims to grant authorities access to users’ communications for criminal investigations. However, this proposal has met with strong resistance from both the service providers and Sweden’s own military.

Meredith Whittaker, President of the Signal Foundation, has unequivocally stated that Signal would withdraw from the Swedish market rather than compromise its encryption standards. In an interview with SVT Nyheter, Whittaker emphasized that introducing a backdoor would undermine the app’s entire security architecture, stating, “If you create a vulnerability based on Swedish wishes, it would create a way to undermine our entire network.”

She further stated that Signal’s commitment to user privacy and data protection is paramount, and the organization would not acquiesce to demands that jeopardize this principle.

> Signal has announced that it will “leave Sweden” if the Swedish government mandates encryption backdoors. Many are celebrating this as a bold act of resistance. But what does it actually mean?
> 
> Signal has no offices or legal presence in Sweden. Will they block Swedish IP… https://t.co/ffkD1pyz9n
> 
> — Nadim Kobeissi (@kaepora) February 25, 2025

Interestingly, the Swedish Armed Forces, which have recently adopted Signal for secure, non-classified communications, have also expressed concerns regarding the proposed legislation. In a letter to the government, military officials cautioned that mandating backdoors could introduce vulnerabilities exploitable by malicious actors, thereby compromising national security. This stance highlights a discord between Sweden’s defence priorities and the objectives of its law enforcement agencies.

Justice Minister Gunnar Strömmer has defended the proposal, arguing that it is essential for law enforcement to effectively access electronic communications in the fight against serious crimes. The bill, which could be presented to the Riksdag (Swedish Parliament) as early as March next year, seeks to balance the needs of national security with individual privacy rights, a balance that is proving contentious.

William Wright, CEO of Closed Door Security, criticized the move, stating:

_“Building backdoors into software is akin to deliberately creating vulnerabilities. Once embedded, threat actors will focus on finding and exploiting them, putting millions at risk. History has shown that even government-backed backdoors, like those exploited in the Salt Typhoon attack, can be turned against the very institutions that created them. The long-term risks far outweigh any short-term benefits for law enforcement.”_

This development in Sweden is similar to debates in other countries. Notably, the United Kingdom recently demanded that Apple provide access to encrypted iCloud accounts. In response, Apple chose to remove the option for British users to protect their accounts with end-to-end encryption rather than compromise its security protocols.

These situations highlight the constant struggle between governments wanting access to private data for security reasons and the need to protect people’s privacy. As Sweden debates this proposal, the final decision could have a major impact, not just on encrypted messaging within the country but also on global conversations about privacy and digital security.

Signal Threatens to Exit Sweden Over Government’s Backdoor Proposal

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services,…

A data breach at DISA Global Solutions, a firm providing background checks, and drugs and alcohol testing services, exposed the personal information of 3.3 million. Learn what data was affected and what steps are being taken.

DISA Global Solutions, a company specializing in workplace compliance and employee screening solutions, has announced a significant data breach impacting over 3.3 million individuals, including over 15,000 Maine residents.

DISA is headquartered in Houston, Texas, and the breach notification was submitted by their legal counsel, Holland & Knight LLP. It was discovered on April 22, 2024, and reportedly involved unauthorized access to a portion of their network between February 9th and April 22nd, 2024. During this period, an unknown third party gained access to and acquired some data.

While the investigation could not definitively determine the exact nature of the compromised information, it is known that the affected files contained personal data collected by DISA for employment screening purposes, including drug and alcohol testing and background checks.

This information may include names, social security numbers, driver’s license numbers, other government identification numbers, financial account details, and other personal data elements. However, it is worth noting that not all data points were present for every individual affected.

DISA has stated that they are not currently aware of any misuse of the stolen data. The company is notifying all affected individuals and offering them access to credit monitoring and identity restoration services through Experian for a period of 12 months.

“We take this incident seriously and sincerely regret any inconvenience this incident may cause affected individuals,” DISA’s official statement read.

In response, DISA has taken steps to secure its network, alerted law enforcement, restored its systems and operations, and implemented additional security measures to prevent future incidents. They have also established a dedicated call centre to address questions and concerns related to the breach.

The incident is categorized as an external system breach or hacking incident. Notification letters were sent to affected individuals beginning February 21, 2024.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“Two dimensions of this cyber incident are notable. The first is that SSNs were exfiltrated for individuals and these are easily monetized by threat actors. Storing SSNs for any purpose should require a higher level of security and using SSNs to identify digital consumers is an obsolete data management practice.

“The second dimension is the root cause of the breach is not provided so it is not clear what steps DISA took to reduce the probability of this happening again. Cyber incidents occur in all enterprises, so missing an opportunity to make adjustments to controls and processes based on the learnings applied from previous breaches is an indication of cyber resilience and a positive indicator. In this case, there is no indication of cyber resilience.”

While the DISA Global Solutions breach is significant, unfortunately, this isn’t an isolated incident. Data breaches are becoming increasingly common and are a serious threat, but there are steps individuals and organizations can take to minimize the risk. Proactive cybersecurity is crucial for individuals and organizations, and it is not enough to react after a breach has occurred. Using multiple layers of security and continuously improving your security measures can help protect against attacks.

US Background Check Firm Data Breach Exposes 3.3M Records

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to protect your assets with secure wallets and best practices.

Cryptocurrency has revolutionized finance forever, but it has also exposed users to cybercriminals and scams. From large-scale exchange breaches to malicious wallets sneaking into app stores, the risks are growing. If you’re in crypto, securing your assets is no longer optional; it’s a necessity.

****The Bybit Hack: A Wake-Up Call****

Just recently, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a massive security breach. Hackers from the North Korean Lazarus Group managed to steal $1.4 billion in assets, once again proving that even well-established platforms are vulnerable. While Bybit has since taken action to reinforce security, this incident clearly shows why leaving funds on exchanges is a risk.

But, it’s not just ByBit. No exchange is “unhackable”. Even giants like Binance, KuCoin, and Mt. Gox have suffered devastating hacks in the past. These breaches highlight the importance of self-custody; if you don’t control your private keys, you don’t fully own your crypto.

****Malicious Wallets: A Silent but Growing Threat****

While exchange hacks grab headlines, a more stealthy and growing problem is the rise of fake and malicious crypto wallets on iOS and Google Play Store. These malicious apps pose as legitimate wallets but are designed to steal funds the moment users deposit their assets.

Researchers have found a surge in these fraudulent wallets, often disguised as clones of popular apps. They look identical to trusted wallets like MetaMask, Trust Wallet, or Coinbase Wallet, tricking unsuspecting users into transferring their funds straight to hackers.

This issue isn’t just limited to scam wallets, even some browser extensions and fake dApps have been caught injecting malicious scripts to drain wallets. The takeaway? Never download a crypto wallet without verifying its authenticity through the official website or developer page.

****A Booming Crypto Market Means More Targets for Hackers****

According to researchers at Best Wallet, a popular crypto wallet, as of January 2025, approximately 562 million people worldwide own cryptocurrencies, with 28% of adults in the United States, equating to 65 million people, holding crypto.

With such rapid adoption, hackers have more targets than ever. From phishing scams to SIM swap attacks, crypto theft is at an all-time high. If you own crypto, taking cybersecurity seriously is no longer an option, it’s a must.

****How to Protect Your Crypto From Hacks & Scams****

Securing your cryptocurrency is essential in an era of increasing cyber threats. Here are some must-follow security tips to protect your digital assets from hacks and scams.

****1\. Use a Reliable Crypto Wallet****

One of the safest ways to store your crypto is by using a self-custodial wallet. Avoid keeping funds on exchanges, as they are frequent targets for hackers. Instead, opt for hardware wallets like Ledger, Trezor, or Coldcard, which provide offline storage and enhanced security.

If you prefer a mobile or desktop wallet, stick to reputable providers such as MetaMask, Trust Wallet, or Exodus. However, before downloading any wallet, always verify the source; ensure it’s from the official website or developer page to avoid fake apps.

****2\. Enable Multi-Factor Authentication (MFA)****

Adding an extra layer of security with Multi-Factor Authentication (MFA) can protect your exchange and wallet accounts. Use Google Authenticator, YubiKey, or similar tools to prevent unauthorized access.

Avoid using SMS-based 2FA, as it’s vulnerable to SIM swap attacks, where hackers hijack your phone number to gain control of your accounts.

****3\. Beware of Phishing Attacks****

Phishing remains one of the most common tactics used by cybercriminals. Hackers often impersonate wallet providers or exchanges, tricking users into entering their credentials on fake websites or downloading malware-infected software.

To stay safe, always type the official website URL yourself instead of clicking on links sent via email or messages. If an offer or security alert seems suspicious, double-check with the official source before taking any action.

****4\. Keep Private Keys & Seed Phrases Offline****

Your private keys and seed phrases are the most critical elements of your crypto security. Never store them digitally or on cloud storage, as they can be easily compromised. Instead, write them down on paper and keep them in a secure location.

For even greater security, consider using metal backup storage instead of paper. This protects your seed phrase from damage due to fire, water, or physical deterioration.

****5\. Regularly Update Your Security Software****

Keeping your wallet software, antivirus, and operating system updated is crucial for patching security vulnerabilities. Cybercriminals exploit outdated software to gain access to systems, so regular updates help keep your assets safe.

Additionally, consider using privacy tools like VPNs and hardware firewalls to enhance your online security. These tools help protect against tracking, phishing attempts, and potential malware attacks targeting crypto users.

The Bybit hack and the rise of malicious crypto wallets show that crypto security is more critical than ever. If you own crypto, you’re a target, but with the right precautions, you can keep your funds safe.

Remember: Not your keys, not your crypto. Invest in a secure, reliable wallet, stay cautious with online downloads, and always double-check security measures before making transactions.

_**Editor’s Note:** This article is for informational purposes only and does not constitute investment or financial advice. Always do your own research before making financial decisions._

Crypto and Cybersecurity: The Rising Threats and Why Reliable Wallets Matter

Kaspersky’s Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…

Kaspersky’s Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate open-source projects, GitVenom steals credentials, cryptocurrency, and more.

In modern software development, open-source code is crucial as it offers a vast library of projects for developers to avoid redundant work and accelerate project completion. However, this widespread availability has attracted malicious actors, including state-sponsored groups and cybercriminals, who exploit the model to distribute malware.

A recent campaign, dubbed GitVenom, targeting GitHub users with deceptive projects exemplifies this trend, as detailed in Kaspersky’s Securelist latest research authored by Georgy Kucherin and Joao Godinho.

GitVenom involves the creation of numerous fake repositories on GitHub, masked as legitimate projects. These repositories contain malicious code disguised within seemingly useful tools, such as Instagram automation software, a Telegram Bitcoin wallet bot, and a Valorant hacking tool. 

Researchers observed that the perpetrators have invested significant effort in making these repositories appear genuine. They utilize well-crafted README.md files, potentially generated with AI assistance, providing project descriptions and compilation instructions.  Furthermore, they employ tactics like adding numerous tags and artificially inflating commit counts through timestamp manipulation to enhance the illusion of authenticity.

Excerpts from README.md pages describing fake projects (Source: Kaspersky’s Securelist)

Interestingly, the malicious code within these projects varies depending on the programming language used, which includes Python, JavaScript, C, C++, and C#.  While the projects promise specific functionalities, they ultimately perform meaningless actions and harbour hidden malware.

In Python projects, for example, malicious code is concealed within lengthy lines of tab characters (around 2000), which then decrypt and execute a secondary Python script.  JavaScript projects feature malicious functions invoked from the main file, while C, C++, and C# projects embed malicious batch scripts within Visual Studio project files, configured to run during the build process.

Despite the diverse implementation, the payloads share a common objective: to download additional components from a designated attacker-controlled GitHub repository.  These components include a Node.js information stealer designed to harvest sensitive data like passwords, banking details, credentials, cryptocurrency wallet information, and browsing history.  This data is then compressed and exfiltrated to the attackers via Telegram. 

Additionally, the downloaded components often include remote administration tools like AsyncRAT and Quasar RAT, enabling attackers to seize control of compromised systems.  A clipboard hijacker is also deployed, designed to replace cryptocurrency wallet addresses copied to the clipboard with attacker-controlled addresses, redirecting funds to the perpetrators.  One such Bitcoin wallet associated with this activity received about 5 BTC (485,000 USD) in November 2024.

The GitVenom campaign has been active for at least two years, and its effectiveness is evident in the global reach of infection attempts, with a concentration in Russia, Brazil, and Turkey. Given the popularity of code-sharing platforms like GitHub, malicious actors will continue to exploit this avenue. 

Therefore, exercising caution with third-party code is crucial. Thoroughly examining the actions performed by any code before execution or integration is essential for identifying fake projects and preventing compromise.

Source

HackRead