What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-03-30 07:05:57 | Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread (lien direct) | A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report | Malware | ||
|
2022-03-29 03:16:31 | New Malware Loader \'Verblecon\' Infects Hacked PCs with Cryptocurrency Miners (lien direct) | An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," | Malware Threat | ||
|
2022-03-29 03:07:06 | Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation (lien direct) | Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits | Malware | ||
|
2022-03-28 06:00:00 | Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware (lien direct) | A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with | Malware | ||
|
2022-03-28 02:14:38 | \'Purple Fox\' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks (lien direct) | The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on | Malware | ||
|
2022-03-24 06:16:14 | Chinese APT Hackers Targeting Betting Companies in Southeast Asia (lien direct) | A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately | Malware Threat | ||
|
2022-03-24 06:06:05 | How to Build a Custom Malware Analysis Sandbox (lien direct) | Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware | Malware | ||
|
2022-03-23 04:59:47 | Chinese \'Mustang Panda\' Hackers Spotted Deploying New \'Hodur\' Malware (lien direct) | A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. "Most | Malware Threat | ||
|
2022-03-23 03:03:39 | New Variant of Chinese Gimmick Malware Targeting macOS Users (lien direct) | Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud | Malware Threat | ||
|
2022-03-23 02:49:30 | Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware (lien direct) | Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same | Malware | ||
|
2022-03-17 21:52:58 | New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers (lien direct) | ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that | Malware | ||
|
2022-03-17 05:59:15 | DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (lien direct) | The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm | Malware | ||
|
2022-03-17 03:05:39 | TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers (lien direct) | Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds | Malware | ||
|
2022-03-15 02:38:46 | CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks (lien direct) | Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" | Malware | ||
|
2022-03-14 02:17:59 | Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (lien direct) | New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is | Malware | ||
|
2022-03-10 07:12:52 | Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (lien direct) | The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive | Ransomware Malware Threat | ||
|
2022-03-10 00:01:20 | Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States (lien direct) | Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ) to file charges of | Ransomware Malware | ★★ | |
|
2022-03-06 23:36:25 | SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store (lien direct) | The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing | Malware Threat | ||
|
2022-03-01 22:20:17 | TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps (lien direct) | An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and | Malware | ||
|
2022-03-01 08:46:53 | Second New \'IsaacWiper\' Data Wiper Targets Ukraine After Russian Invasion (lien direct) | A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper | Malware | ||
|
2022-03-01 06:03:02 | Conti Ransomware Gang\'s Internal Chats Leaked Online After Siding With Russia (lien direct) | Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated | Ransomware Malware | ||
|
2022-03-01 05:22:15 | Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (lien direct) | Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [ | Malware | ||
|
2022-03-01 01:18:08 | Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (lien direct) | Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new | Malware Threat | ||
|
2022-03-01 00:01:03 | China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (lien direct) | A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a | Malware Tool Threat | ||
|
2022-02-28 03:10:56 | Reborn of Emotet: New Features of the Botnet and How to Detect it (lien direct) | One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues | Malware | ||
|
2022-02-27 22:52:31 | Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (lien direct) | An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313, which it assesses with "moderate | Malware Threat | ||
|
2022-02-26 02:19:53 | Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (lien direct) | A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent | Malware | ||
|
2022-02-25 23:39:31 | Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (lien direct) | Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related | Malware | ||
|
2022-02-25 09:21:07 | New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors (lien direct) | Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the | Malware | ||
|
2022-02-25 06:08:03 | Iran\'s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks (lien direct) | Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies | Malware Threat | ||
|
2022-02-25 00:03:14 | Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure (lien direct) | The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's | Malware | ||
|
2022-02-24 05:28:40 | TrickBot Gang Likely Shifting Operations to Switch to New Malware (lien direct) | TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators | Malware Threat | ||
|
2022-02-24 03:57:49 | US, UK Agencies Warn of New Russian Botnet Built from Hacked Firewall Devices (lien direct) | Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) | Malware | VPNFilter VPNFilter | |
|
2022-02-23 21:28:39 | New Wiper Malware Targeting Ukraine Amid Russia\'s Military Operation (lien direct) | Cybersecurity firms ESET and Broadcom's Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country. The Slovak company dubbed the wiper "HermeticWiper" (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that | Malware | ||
|
2022-02-23 05:01:46 | Dridex Malware Deploying Entropy Ransomware on Hacked Computers (lien direct) | Similarities have been unearthed between the Dridex general-purpose malware and a little-known ransomware strain called Entropy, suggesting that the operators are continuing to rebrand their extortion operations under a different name. "The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), | Ransomware Malware | ||
|
2022-02-21 08:04:55 | New Android Banking Trojan Spreading via Google Play Store Targets Europeans (lien direct) | A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the | Malware | ||
|
2022-02-21 06:49:54 | Iranian State Broadcaster IRIB Hit by Destructive Wiper Malware (lien direct) | An investigation into the cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants, as the country's national infrastructure continues to face a wave of attacks aimed at inflicting serious damage. "This indicates that the attackers' aim was also to disrupt | Malware | ||
|
2022-02-18 03:57:05 | PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans (lien direct) | Numerous Windows machines located in South Korea have been targeted by a botnet tracked as PseudoManuscrypt since at least May 2021 by employing the same delivery tactics of another malware called CryptBot. "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot, and is being distributed," South Korean cybersecurity company AhnLab Security Emergency Response Center ( | Malware | ||
|
2022-02-16 06:03:58 | Trickbot Malware Targeted Customers of 60 High-Profile Companies Since 2020 (lien direct) | The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand," Check Point researchers Aliaksandr | Malware | ||
|
2022-02-15 06:06:28 | Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA (lien direct) | Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is decrypted in memory using a custom decryption algorithm," researchers from Secureworks said in a report | Malware Threat | ★★★★ | |
|
2022-02-15 02:12:14 | Experts Warn of Hacking Group Targeting Aviation and Defense Sectors (lien direct) | Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm | Malware Threat | ||
|
2022-02-15 00:52:33 | New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin (lien direct) | A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other | Malware | ||
|
2022-02-09 03:25:23 | Iranian Hackers Using New Marlin Backdoor in \'Out to Sea\' Espionage Campaign (lien direct) | An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks - code named Out to Sea - to a threat actor called OilRig (aka APT34), while also conclusively connecting its activities to a second | Malware Threat | APT 34 | |
|
2022-02-08 04:42:17 | Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (lien direct) | A detailed examination of a Pay-per-install (PPI) malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading additional executables onto the infected machine. With PPI malware services such as PrivateLoader, | Malware | ||
|
2022-02-08 04:16:19 | \'Roaming Mantis\' Android Malware Targeting Europeans via Smishing Campaigns (lien direct) | A financially motivated campaign that targets Android devices and spreads mobile malware via SMS phishing techniques since at least 2018 has spread its tentacles to strike victims located in France and Germany for the first time. Dubbed Roaming Mantis, the latest spate of activities observed in 2021 involve sending fake shipping-related texts containing a URL to a landing page from where Android | Malware | ||
|
2022-02-07 20:38:37 | Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks (lien direct) | Microsoft on Monday said it's taking steps to disable Visual Basic for Applications (VBA) macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, | Malware | ||
|
2022-02-07 19:37:09 | Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse (lien direct) | Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows | Malware Vulnerability Threat | ||
|
2022-02-07 05:34:15 | New CapraRAT Android Malware Targets Indian Government and Military Personnel (lien direct) | A politically motivated advanced persistent threat (APT) group has expanded its malware arsenal to include a new remote access trojan (RAT) in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth | Malware Threat | ||
|
2022-02-03 02:49:41 | New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software (lien direct) | An ongoing search engine optimization (SEO) poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software development tools installation' themes as SEO keywords to lure victims to a compromised website and to | Malware Threat | ||
|
2022-02-03 01:24:44 | New Variant of UpdateAgent Malware Infects Mac Computers with Adware (lien direct) | Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has underwent several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones | Malware Threat |
To see everything:
Our RSS (filtrered)
