What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-06 16:41:07 | TrickGate crypter discovered after 6 years of infections (lien direct) | >New research from Check Point Research exposes a crypter that stayed undetected for six years and is responsible for several major malware infections around the globe. | Malware | ★★★ | |
 |
2023-02-06 13:41:00 | FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (lien direct) | An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for terminating processes," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a | Malware | ★★ | |
 |
2023-02-06 12:21:32 | Album Stealer zielt auf Facebook-Nutzer ab, die nach pornografischen Inhalten suchen (lien direct) | Das Zscaler ThreatLabz-Team deckt regelmäßig neue Arten von Infostealer-Familien in verschiedenen Angriffskampagnen auf. Kürzlich stießen die Forscher auf den Infostealer namens „Album“. Die Malware ist als Fotoalbum getarnt, dass pornografische Inhalte als Köder verwendet, während im Hintergrund bösartige Aktivitäten ausgeführt werden. Dazu setzt die Malware auf eine Side-Loading-Technik, bei der legitime Anwendungen zur Ausführung bösartiger DLLs verwendet werden, um die Entdeckung zu vermeiden. Die eigentliche Aufgabe ist jedoch das Stehlen von Cookies und Anmeldeinformationen, die von den Opfern in ihren Webbrowsern gespeichert wurden. Darüber hinaus werden Informationen von Facebook Ads Manager, Facebook Business-Konten und Facebook API Graph-Seiten gestohlen. Die auf einem infizierten System gesammelten Informationen werden schließlich an einen Command-and-Control-Server geschickt. - Malware / cybersecurite_home_droite | Malware | ★ | |
 |
2023-02-06 09:04:22 | A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) | >By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...] | Ransomware Malware Vulnerability | ★★ | |
 |
2023-02-06 01:00:00 | Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations (lien direct) | Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or... | Malware Tool Vulnerability Threat | ★★ | |
 |
2023-02-05 10:15:32 | Linux version of Royal Ransomware targets VMware ESXi servers (lien direct) | Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. [...] | Ransomware Malware | ★★ | |
 |
2023-02-05 00:00:00 | Hunting Opaque Predicates with YARA (lien direct) |
Introduction Malware tends to obfuscate itself using many different techniques from opaque predicates, garbage code, control flow manipulation with the stack and more. These techniques definitely make analysis more challening for reverse engineers. However, from a detection and hunting standpoint to find interesting samples to reverse engineer we can leverage our knowlege of these techniques to hunt for obfuscated code. In our case today, we will be developing a yara signature to hunt for one specific technique of opaque predicates, there are many variations and situations where this does not match and should only serve as a hunting signatures as more heuristic and programitic approaches for this are better for detection. |
Malware | ★★★ | |
|
2023-02-04 19:09:00 | PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions (lien direct) | A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of 2023, is tracking it under the name PixPirate. "PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS ( | Malware | ★★★ | |
 |
2023-02-04 08:17:56 | Onenote Malware: Classification and Personal Notes (lien direct) | During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side – so nothing really relevant to write on – the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it […] | Malware | ★★★ | |
 |
2023-02-04 00:27:06 | HeadCrab bots pinch 1,000+ Redis servers to mine coins (lien direct) | We devoting full time to floating under /etc A sneaky botnet dubbed HeadCrab that uses bespoke malware to mine for Monero has infected at least 1,200 Redis servers in the last 18 months.… | Malware | ★★★ | |
|
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
|
2023-02-03 20:25:08 | Fast-evolving Prilex POS malware can block contactless payments (lien direct) | ... forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… | Malware | ★★ | |
 |
2023-02-03 16:00:00 | Scores of Redis Servers Infested by Sophisticated Custom-Built Malware (lien direct) | At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021. | Malware | ★ | |
 |
2023-02-03 16:00:00 | New Credential-Stealing Campaign By APT34 Targets Middle East Firms (lien direct) | The malware had additional exfiltration techniques compared to previously studied variants | Malware | APT 34 | ★★ |
|
2023-02-03 15:26:22 | (Déjà vu) Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software (lien direct) | Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software - Malwares | Malware | ★ | |
|
2023-02-03 15:14:07 | Check Point Software Technologies Achieves... (lien direct) | Check Point Software Technologies Achieves Highest Ranking in Miercom Next Generation Firewall Benchmark Report Check Point achieves 99.7% malware block rate, 99.9% phishing prevention, and ultra-low 0.1% False Positive Detection rate - Business News | Malware | ★ | |
 |
2023-02-03 12:50:18 | Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine (lien direct) | >Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. The post Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine first appeared on UnderNews. | Malware | ★★★ | |
 |
2023-02-03 00:00:00 | TgToxic Malware\'s Automated Framework Targets Southeast Asia Android Users (lien direct) | We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users' credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. | Malware Threat | ★★ | |
|
2023-02-02 19:27:14 | Malvertising attacks are distributing .NET malware loaders (lien direct) | The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… | Malware | ★★ | |
|
2023-02-02 19:04:42 | Google ads push \'virtualized\' malware made for antivirus evasion (lien direct) | An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. [...] | Malware | ★★ | |
 |
2023-02-02 15:47:00 | Supply Chain Attack by New Malicious Python Package, “web3-essential” (lien direct) | FortiGuard Labs team discovers another 0-day attack in a malicious PyPI package called “web3-essential”. See how this malware avoids suspicion and other observations. | Malware | ★★★ | |
|
2023-02-02 15:35:41 | Prilex POS malware evolves to block contactless transactions (lien direct) | >A new version of the Prilex POS malware has found a novel way to steal your credit card information. | Malware | ★★ | |
|
2023-02-02 15:23:18 | Hackers weaponize Microsoft Visual Studio add-ins to push malware (lien direct) | Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. [...] | Malware | ★★★★★ | |
|
2023-02-02 12:59:06 | MalVirt | .NET virtualisation thrives in new malvertising attacks (lien direct) | While investigating recent malvertising (malicious advertising) attacks, SentinelLabs spotted a cluster of virtualised malware loaders that has joined the trend. Referred to as MalVirt, the loaders are implemented in .NET and use virtualisation, based on the KoiVM virtualising protector of .NET applications, in order to obfuscate their implementation and execution. Although virtualisation is popular for hacking tools and cracks, the use of KoiVM virtualisation is not often seen as an obfuscation method utilised by cybercrime threat actors. - Malware Update | Malware Threat | ★★ | |
 |
2023-02-02 12:37:34 | 1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations (lien direct) | A new malware has appeared on the frontlines, targeting online Redis servers. The malware, named... | Malware | ★★ | |
 |
2023-02-02 12:28:04 | HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining (lien direct) | >The sophisticated HeadCrab malware has infected at least 1,200 Redis servers and abused them for cryptomining. | Malware | ★★ | |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-02 12:07:55 | Cisco fixes bug allowing malware persistence between reboots (lien direct) | Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. [...] | Malware Vulnerability | ★★★ | |
|
2023-02-02 11:50:00 | (Déjà vu) HeadCrab Malware Infects 1,200 Redis servers to Mine Monero (lien direct) | Since September 2021, about a thousand Redis servers have been infected by new stealthy malware meant to hunt down unprotected Redis servers online and create a botnet that mines for the Monero cryptocurrency. The malware, nicknamed HeadCrab by Aqua Security experts Nitzan Yaakov and Asaf Eitani, has so far infected at least 1,200 of these servers, which […] | Malware | ★ | |
 |
2023-02-02 10:55:59 | Malvirt |La virtualisation .Net prospère dans les attaques de malvertisation MalVirt | .NET Virtualization Thrives in Malvertising Attacks (lien direct) |
Les chargeurs de logiciels malveillants .NET distribués par malvertising utilisent une virtualisation obscurcie pour l'anti-analyse et l'évasion dans une campagne en cours.
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign. |
Malware | ★★★ | |
 |
2023-02-02 10:15:09 | CVE-2022-43665 (lien direct) | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | Malware Vulnerability Guideline | ||
|
2023-02-02 00:02:43 | (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-02-02 00:00:00 | New APT34 Malware Targets The Middle East (lien direct) | We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. | Malware | APT 34 | ★★ |
 |
2023-02-01 21:34:45 | Using Artificial Intelligence and Machine Learning to Combat Hands-on-Keyboard Cybersecurity Attacks (lien direct) | Malware gets the headlines, but the bigger threat is hands-on-keyboard adversary activity which can evade traditional security solutions and present detection challenges Machine learning (ML) can predict and proactively protect against emerging threats by using behavioral event data. CrowdStrike's artificial intelligence (AI)-powered indicators of attack (IOAs) use ML to detect and predict adversarial patterns in […] | Malware Threat Prediction | ★★★ | |
 |
2023-02-01 20:59:46 | Russia-backed hacker group Gamaredon attacking Ukraine with info-stealing malware (lien direct) |  The Russian-sponsored hacker group known as Gamaredon continues to attack Ukrainian organizations and remains one of the “key cyber threats” for Ukraine's cyberspace, according to a report the Ukrainian government published Wednesday. Ukraine claims that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information [… |
Malware | ★★★ | |
|
2023-02-01 20:03:54 | OneNote documents spread malware in several countries (lien direct) | >A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. | Malware | ★★★ | |
|
2023-02-01 18:56:02 | New HeadCrab malware infects 1,200 Redis servers to mine Monero (lien direct) | New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. [...] | Malware | ★★★ | |
|
2023-02-01 15:55:00 | Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards (lien direct) | The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its | Malware Threat | ★ | |
|
2023-02-01 12:32:01 | Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data (lien direct) | >The Prilex point-of-sale (PoS) malware has been modified to block contactless transactions to force the insertion of credit cards and steal their information. | Malware | ★★★★ | |
 |
2023-02-01 11:00:21 | The Rise of the Code Package Threat (lien direct) | >Highlights: Check Point details two recent attacks detected and blocked by our Threat Prevention engines, aiming to distribute malware The malicious code packages, Python-drgn and Bloxflip, distributed by Threat actors leveraging package repositories as a reliable and scalable malware distribution channel Due to significant rise in supply chain attacks Check Point provides recommendations for developers… | Malware Threat | ★★ | |
 |
2023-02-01 11:00:00 | The top 8 Cybersecurity threats facing the automotive industry heading into 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Most, if not all, industries are evolving on a digital level heading into 2023 as we take the journey to edge computing. But the automotive industry is experiencing technological innovation on another level. A rise in the production of connected vehicles, new autonomous features, and software that enables cars to self-park and self-drive are great examples of the digital evolution taking the automotive industry by storm. According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organizations plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. And for a good reason. These automotive features and advancements have offered cybercriminals an array of new opportunities when it comes to cyberattacks. There are several ways that threat actors are targeting the automotive industry, including tried and true methods and new attack vectors. In this article, you’ll learn about the top 8 cybersecurity threats facing the automotive industry heading into 2023 and what the industry can do to prevent threats. Automotive Cybersecurity threats As autos increasingly come with connectivity features, remote threats are more likely. A recent report revealed that 82% of attacks against the automotive industry (including consumer vehicles, manufacturers, and dealerships) were carried out remotely. Plus, half of all vehicle thefts involved keyless entry. Automakers, dealers, and consumers play a role in automotive cybersecurity. But as the industry continues to adopt connected technologies, it will become increasingly important that organizations take a proactive approach to cybersecurity. When it comes to automotive threats, there are countless methods that hackers use to steal vehicles and driver information and cause problems with the vehicle’s functioning. Let’s explore the top 8 cybersecurity threats facing the automotive industry this year. Keyless car theft As one of the most prominent threats, keyless car theft is a major concern for the automotive industry. Key fobs today give car owners the ability to lock and unlock their doors by standing near their vehicle and even start their car without the need for a physical key. Autos enabled with keyless start and keyless entry are prone to man-in-the-middle attacks that can intercept the data connection between the car and the key fob itself. Hackers take advantage of these systems to bypass authentication protocols by tricking the components into thinking they are in proximity. Then the attacker can open the door and start the vehicle without triggering any alarms. EV charging station exploitation Electric vehicles are becoming more popular as the globe transitions to environmental technologies. Charging stations allow EV owners to charge their vehicles in convenient locations such as public parking lots, parks, and even their own garages. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This data chain presents many ways threat actors can exploit an EV charging station. Malware, fraud, remote manipulation, and even disabling charging stations are all examples of ways hackers take advantage of EV infrastructure. Infotainment system attacks Modern cars require | Ransomware Malware Vulnerability Threat | ★★★ | |
|
2023-02-01 10:44:01 | Malvertising campaigns mimicking popular software downloads to infect users and steal credentials, HP Wolf Security reports (lien direct) | The HP Wolf Security Threat Research Team has just released detailed analysis of several major malvertising campaigns, which use legitimate advertisements on search engines to direct users to highly convincing spoof websites for well-known software – including Audacity, Teams, discord and adobe – tricking users into downloading malware onto their PCs. - Malware Update | Malware Threat | ★★★ | |
|
2023-02-01 09:45:52 | Hackers use new IceBreaker malware to breach gaming companies (lien direct) | A previously unknown threat group has been targeting the customer service platforms of online gaming and gambling companies using social engineering to drop its custom implant. [...] | Malware Threat | ★★★ | |
 |
2023-02-01 07:00:00 | Malware variant can block contactless payments (lien direct) | Pas de details / No more details | Malware | ★ | |
|
2023-02-01 02:05:00 | How Can Disrupting DNS Communications Thwart a Malware Attack? (lien direct) | Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage. | Malware | ★★★ | |
 |
2023-01-31 20:04:16 | Microsoft OneNote Attachments Become the Latest Method to Spread Malware (lien direct) |
|
Malware | ★★ | |
 |
2023-01-31 17:27:00 | Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cryptocurrency, Data leak, Iran, North Korea, Phishing, Ransomware, and USB malware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Chinese PlugX Malware Hidden in Your USB Devices?
(published: January 26, 2023)
Palo Alto researchers analyzed a PlugX malware variant (KilllSomeOne) that spreads via USB devices such as floppy, thumb, or flash drives. The variant is used by a technically-skilled group, possibly by the Black Basta ransomware. The actors use special shortcuts, folder icons and settings to make folders impersonating disks and a recycle bin directory. They also name certain folders with the 00A0 (no-break space) Unicode character thus hindering Windows Explorer and the command shell from displaying the folder and all the files inside it.
Analyst Comment: Several behavior detections could be used to spot similar PlugX malware variants: DLL side loading, adding registry persistence, and payload execution with rundll32.exe. Incidents responders can check USB devices for the presence of no-break space as a folder name.
MITRE ATT&CK: [MITRE ATT&CK] T1091 - Replication Through Removable Media | [MITRE ATT&CK] T1559.001 - Inter-Process Communication: Component Object Model | [MITRE ATT&CK] T1547.009 - Boot or Logon Autostart Execution: Shortcut Modification | [MITRE ATT&CK] T1574.002 - Hijack Execution Flow: Dll Side-Loading | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1564.001: Hidden Files and Directories | [MITRE ATT&CK] T1105 - Ingress Tool Transfer
Tags: detection:PlugX, detection:KilllSomeOne, USB, No-break space, file-type:DAT, file-type:EXE, file-type:DLL, actor:Black Basta, Windows
Abraham's Ax Likely Linked to Moses Staff
(published: January 26, 2023)
Cobalt Sapling is an Iran-based threat actor active in hacking, leaking, and sabotage since at least November 2020. Since October 2021, Cobalt Sapling has been operating under a persona called Moses Staff to leak data from Israeli businesses and government entities. In November 2022, an additional fake identity was created, Abraham's Ax, to target government ministries in Saudi Arabia. Cobalt Sapling uses their custom PyDCrypt loader, the StrifeWater remote access trojan, and the DCSrv wiper styled as ransomware.
Analyst Comment: A defense-in-depth approach can assist in creating a proactive stance against threat actors attempting to destroy data. Critical systems should be segregated from each other to minimize potential damage, with an |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
|
2023-01-31 16:38:00 | New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector (lien direct) | The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker | Malware | ★★★ | |
|
2023-01-31 16:09:00 | Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years (lien direct) | A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically | Malware Threat | ★★★ | |
|
2023-01-31 15:48:20 | Enquête Check Point Research : Un service logiciel permet aux acteurs de la menace de contourner la protection des " EDR " Et de déployer Emotet, REvil, Maze entre autres (lien direct) | Enquête Check Point Research : Un service logiciel permet aux acteurs de la menace de contourner la protection des " EDR " Et de déployer Emotet, REvil, Maze entre autresCheck Point Research (CPR) a repéré un service logiciel actif qui permet aux acteurs de la menace de contourner la protection des " EDR " (Endpoint Detection & Response) actif depuis plus de six ans. Les clients du service, nommé TrickGate, comptent des acteurs connus tels que Emotet, REvil, Maze et bien d'autres. CPR répertorie des centaines d'attaques par semaine rien qu'au cours de ces deux dernières années. TrickGate est évolutif et change régulièrement, et a ainsi pu passer inaperçu pendant des années. Grâce à TrickGate, les acteurs malveillants sont à même de diffuser leurs malwares plus facilement et avec moins de répercussions. • Entre 40 et 650 attaques par semaine au cours des deux dernières années • Parmi les secteurs ciblés figurent la production, l'éducation, la santé, la finance et les entreprises commerciales. • Le type de malware le plus utilisé au cours des deux derniers mois est Formbook, représentant 42 % du total des malwares détectés. - Investigations | Malware | ★★ |
To see everything:
Our RSS (filtrered)
