What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-13 06:07:21 | Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (lien direct) | The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks | Threat Malware | ||
|
2022-04-13 03:57:21 | Russian Hackers Tried Attacking Ukraine\'s Power Grid with Industroyer2 Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated | Malware | ||
|
2022-04-11 20:37:10 | Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (lien direct) | A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report | Malware | ||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Threat Malware Vulnerability | ||
|
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-07 23:51:59 | New Octo Banking Trojan Spreading via Fake Apps on Google Play Store (lien direct) | A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm | Malware | ||
|
2022-04-07 08:29:56 | First Malware Targeting AWS Lambda Serverless Platform Discovered (lien direct) | A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said | Malware | ||
|
2022-04-07 04:33:24 | SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps (lien direct) | As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it | Malware | ||
|
2022-04-07 03:34:26 | Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (lien direct) | Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an | Malware | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Threat Malware | ★★★★ | |
|
2022-04-04 00:38:17 | Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (lien direct) | A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani | Malware | ||
|
2022-04-01 06:50:55 | Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems (lien direct) | The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against | Malware | ||
|
2022-03-30 07:05:57 | Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread (lien direct) | A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report | Malware | ||
|
2022-03-29 03:16:31 | New Malware Loader \'Verblecon\' Infects Hacked PCs with Cryptocurrency Miners (lien direct) | An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," | Threat Malware | ||
|
2022-03-29 03:07:06 | Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation (lien direct) | Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits | Malware | ||
|
2022-03-28 06:00:00 | Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware (lien direct) | A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with | Malware | ||
|
2022-03-28 02:14:38 | \'Purple Fox\' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks (lien direct) | The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on | Malware | ||
|
2022-03-24 06:16:14 | Chinese APT Hackers Targeting Betting Companies in Southeast Asia (lien direct) | A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately | Threat Malware | ||
|
2022-03-24 06:06:05 | How to Build a Custom Malware Analysis Sandbox (lien direct) | Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware | Malware | ||
|
2022-03-23 04:59:47 | Chinese \'Mustang Panda\' Hackers Spotted Deploying New \'Hodur\' Malware (lien direct) | A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. "Most | Threat Malware | ||
|
2022-03-23 03:03:39 | New Variant of Chinese Gimmick Malware Targeting macOS Users (lien direct) | Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud | Threat Malware | ||
|
2022-03-23 02:49:30 | Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware (lien direct) | Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same | Malware | ||
|
2022-03-17 21:52:58 | New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers (lien direct) | ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that | Malware | ||
|
2022-03-17 05:59:15 | DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (lien direct) | The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm | Malware | ||
|
2022-03-17 03:05:39 | TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers (lien direct) | Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds | Malware | ||
|
2022-03-15 02:38:46 | CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks (lien direct) | Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" | Malware | ||
|
2022-03-14 02:17:59 | Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (lien direct) | New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is | Malware | ||
|
2022-03-10 07:12:52 | Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (lien direct) | The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive | Threat Ransomware Malware | ||
|
2022-03-10 00:01:20 | Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States (lien direct) | Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ) to file charges of | Ransomware Malware | ★★ | |
|
2022-03-06 23:36:25 | SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store (lien direct) | The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing | Threat Malware | ||
|
2022-03-01 22:20:17 | TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps (lien direct) | An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and | Malware | ||
|
2022-03-01 08:46:53 | Second New \'IsaacWiper\' Data Wiper Targets Ukraine After Russian Invasion (lien direct) | A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper | Malware | ||
|
2022-03-01 06:03:02 | Conti Ransomware Gang\'s Internal Chats Leaked Online After Siding With Russia (lien direct) | Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated | Ransomware Malware | ||
|
2022-03-01 05:22:15 | Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (lien direct) | Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [ | Malware | ||
|
2022-03-01 01:18:08 | Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (lien direct) | Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new | Threat Malware | ||
|
2022-03-01 00:01:03 | China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (lien direct) | A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a | Threat Malware Tool | ||
|
2022-02-28 03:10:56 | Reborn of Emotet: New Features of the Botnet and How to Detect it (lien direct) | One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues | Malware | ||
|
2022-02-27 22:52:31 | Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (lien direct) | An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313, which it assesses with "moderate | Threat Malware | ||
|
2022-02-26 02:19:53 | Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (lien direct) | A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent | Malware | ||
|
2022-02-25 23:39:31 | Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (lien direct) | Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related | Malware | ||
|
2022-02-25 09:21:07 | New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors (lien direct) | Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the | Malware | ||
|
2022-02-25 06:08:03 | Iran\'s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks (lien direct) | Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies | Threat Malware | ||
|
2022-02-25 00:03:14 | Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure (lien direct) | The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's | Malware | ||
|
2022-02-24 05:28:40 | TrickBot Gang Likely Shifting Operations to Switch to New Malware (lien direct) | TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators | Threat Malware | ||
|
2022-02-24 03:57:49 | US, UK Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices (lien direct) | Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) | Malware | VPNFilter VPNFilter | |
|
2022-02-23 21:28:39 | New Wiper Malware Targeting Ukraine Amid Russia\'s Military Operation (lien direct) | Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper" (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that | Malware | ||
|
2022-02-23 05:01:46 | Dridex Malware Deploying Entropy Ransomware on Hacked Computers (lien direct) | Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), | Ransomware Malware | ||
|
2022-02-21 08:04:55 | New Android Banking Trojan Spreading via Google Play Store Targets Europeans (lien direct) | A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the | Malware | ||
|
2022-02-21 06:49:54 | Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware (lien direct) | An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt | Malware | ||
|
2022-02-18 03:57:05 | PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (lien direct) | Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center ( | Malware |
To see everything:
Our RSS (filtrered)
