What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-08 00:00:14 | Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook (lien direct) | Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting | Malware | ||
|
2022-08-06 21:29:52 | New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack (lien direct) | A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," | Malware | ||
|
2022-08-05 03:06:00 | A Growing Number of Malware Attacks Leveraging Dark Utilities \'C2-as-a-Service\' (lien direct) | A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared | Malware | ||
|
2022-08-04 05:55:40 | New Woody RAT Malware Being Used to Target Russian Organizations (lien direct) | An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190) | Threat Malware Tool Vulnerability | ★★★★★ | |
|
2022-08-03 05:36:55 | VirusTotal Reveals Most Impersonated Software in Malware Attacks (lien direct) | Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the | Threat Malware | CCleaner | |
|
2022-08-02 04:25:05 | What is ransomware and how can you defend your business from it? (lien direct) | Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat | Ransomware Malware | ||
|
2022-07-31 21:51:16 | Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (lien direct) | The operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week. The findings | Malware | ||
|
2022-07-30 02:53:43 | Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (lien direct) | Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates (aka SocGholish) malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via | Malware | ||
|
2022-07-29 21:20:43 | North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (lien direct) | A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name | Threat Malware | ||
|
2022-07-29 06:25:15 | Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (lien direct) | A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been | Malware | ||
|
2022-07-27 06:37:25 | These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware (lien direct) | As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web said in a Tuesday write-up. While masquerading as innocuous | Malware | ||
|
2022-07-27 03:28:48 | New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts (lien direct) | Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure | Threat Malware | ||
|
2022-07-26 00:18:41 | SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware (lien direct) | An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Security Emergency Response Center (ASEC) said in a report published last week. Amadey, a | Malware | ||
|
2022-07-25 01:52:13 | Racoon Stealer is Back - How to Protect Your Organization (lien direct) | The Racoon Stealer malware as a service platform gained notoriety several years ago for its ability to extract data that is stored within a Web browser. This data initially included passwords and cookies, which sometimes allow a recognized device to be authenticated without a password being entered. Racoon Stealer was also designed to steal auto-fill data, which can include a vast trove of | Malware | ||
|
2022-07-24 21:49:27 | Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (lien direct) | The mobile threat campaign tracked as Roaming Mantis has been linked to a new wave of compromises directed against French mobile phone users, months after it expanded its targeting to include European countries. No fewer than 70,000 Android devices are said to have been infected as part of the active malware operation, Sekoia said in a report published last week. Attack chains involving Roaming | Threat Malware | ||
|
2022-07-22 01:13:28 | Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists (lien direct) | The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed | Malware | ||
|
2022-07-21 06:23:20 | New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems (lien direct) | A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate frameworks developed for targeting Linux systems. "The framework has both passive and active | Malware | ||
|
2022-07-21 05:20:03 | Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms (lien direct) | The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade | Threat Malware | ||
|
2022-07-20 05:00:44 | New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems (lien direct) | Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption. "Both the Linux and ESXi | Ransomware Malware | ||
|
2022-07-19 22:58:36 | Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" (lien direct) | Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites. Google Threat Analysis Group (TAG) attributed the malware to Turla, an advanced persistent threat also known as Krypton, Venomous Bear, Waterbug, and Uroburos, and | Threat Malware | ||
|
2022-07-18 23:58:55 | Several New Play Store Apps Spotted Distributing Joker, Facestealer and Coper Malware (lien direct) | Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of | Malware | ||
|
2022-07-15 22:33:16 | Hackers Targeting VoIP Servers By Exploiting Digium Phone Software (lien direct) | VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo | Malware | ||
|
2022-07-14 04:29:54 | State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns (lien direct) | Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated | Malware | ||
|
2022-07-14 01:15:16 | Pakistani Hackers Targeting Indian Students in Latest Malware Campaign (lien direct) | The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. | Threat Malware | APT 36 | |
|
2022-07-13 00:51:34 | Researchers Uncover New Variants of the ChromeLoader Browser Hijacking Malware (lien direct) | Cybersecurity researchers have uncovered new variants of the ChromeLoader information-stealing malware, highlighting its evolving feature set in a short span of time. Primarily used for hijacking victims' browser searches and presenting advertisements, ChromeLoader came to light in January 2022 and has been distributed in the form of ISO or DMG file downloads advertised via QR codes on Twitter | Malware | ||
|
2022-07-12 22:04:21 | Researchers Uncover New Attempts by Qakbot Malware to Evade Detection (lien direct) | The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz | Threat Malware | ||
|
2022-07-09 00:49:23 | Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (lien direct) | A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the | Malware Vulnerability | ||
|
2022-07-08 10:53:03 | Researchers Warn of Raspberry Robin\'s Worm Targeting Windows Users (lien direct) | Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims in Europe. The infections involve a worm that propagates over removable USB devices containing | Threat Malware | ||
|
2022-07-08 02:50:19 | Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign (lien direct) | A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security | Malware | ||
|
2022-07-07 21:15:45 | TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (lien direct) | In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such | Malware | ||
|
2022-07-06 22:50:27 | Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow (lien direct) | Cybersecurity researchers have taken the wraps off a new and entirely undetected Linux threat dubbed OrBit, signally a growing trend of malware attacks geared towards the popular operating system. The malware gets its name from one of the filenames that's utilized to temporarily store the output of executed commands ("/tmp/.orbit"), according to cybersecurity firm Intezer. "It can be installed | Threat Malware | ||
|
2022-07-06 01:51:17 | Bitter APT Hackers Continue to Target Bangladesh Military Entities (lien direct) | Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans," cybersecurity firm SECUINFRA said in a new write-up published on July 5. The findings from the | Threat Malware | ||
|
2022-07-01 08:18:59 | Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps (lien direct) | Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent | Malware | ||
|
2022-07-01 02:03:44 | New \'SessionManager\' Backdoor Targeting Microsoft IIS Servers in the Wild (lien direct) | A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services (IIS), a web server software for Windows systems, after | Malware Tool | ||
|
2022-06-30 21:36:23 | Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (lien direct) | A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads | Threat Malware | ||
|
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
|
2022-06-28 07:38:24 | ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks (lien direct) | A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," | Malware | ★★ | |
|
2022-06-27 23:56:46 | New Android Banking Trojan \'Revive\' Targeting Users of Spanish Financial Services (lien direct) | A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the | Malware | ||
|
2022-06-27 02:00:33 | Researchers Warn of \'Matanbuchus\' Malware Campaign Dropping Cobalt Strike Beacons (lien direct) | A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected | Malware | ||
|
2022-06-24 03:40:50 | Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (lien direct) | A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat | Malware Cloud | APT 37 | |
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Threat Malware Tool | APT 23 | |
|
2022-06-21 21:41:58 | RIG Exploit Kit Now Infects Victims\' PCs With Dridex Instead of Raccoon Stealer (lien direct) | The operators behind the Rig Exploit Kit have swapped the Raccoon Stealer malware for the Dridex financial trojan as part of an ongoing campaign that commenced in January 2022. The switch in modus operandi, spotted by Romanian company Bitdefender, comes in the wake of Raccoon Stealer temporarily closing the project after one of its team members responsible for critical operations passed away in | Malware | ||
|
2022-06-19 22:18:13 | BRATA Android Malware Gains Advanced Mobile Threat Capabilities (lien direct) | The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which | Threat Malware | ||
|
2022-06-16 03:05:49 | A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage (lien direct) | A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable | Ransomware Malware | ||
|
2022-06-15 20:00:55 | MaliBot: A New Android Banking Trojan Spotted in the Wild (lien direct) | A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot. The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor | Malware | ||
|
2022-06-15 05:05:43 | Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers (lien direct) | A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed | Malware | ||
|
2022-06-14 00:02:08 | Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware (lien direct) | Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont | Malware | ||
|
2022-06-13 05:26:13 | Chinese \'Gallium\' Hackers Using New PingPull Malware in Cyberespionage Attacks (lien direct) | A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, | Threat Malware | ||
|
2022-06-13 02:49:51 | Quick and Simple: BPFDoor Explained (lien direct) | BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit | Threat Malware |
To see everything:
Our RSS (filtrered)
