Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-08-25 09:00:00 |
FIN8 cybercrime gang backdoors US orgs with new Sardonic malware (lien direct) |
A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. [...] |
Malware
|
|
|
|
2021-08-24 13:12:34 |
Malicious WhatsApp mod infects Android devices with malware (lien direct) |
A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan. [...] |
Malware
|
|
|
|
2021-08-23 17:17:23 |
Phishing campaign uses UPS.com XSS vuln to distribute malware (lien direct) |
A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [...] |
Malware
Vulnerability
|
|
|
|
2021-08-17 11:00:22 |
Malware campaign uses clever \'captcha\' to bypass browser warning (lien direct) |
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif (aka Gozi) banking trojan. [...] |
Malware
|
|
|
|
2021-08-16 15:38:27 |
Malware dev infects own PC and data ends up on intel platform (lien direct) |
A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. [...] |
Malware
|
|
|
|
2021-08-16 09:06:46 |
Hackers behind Iranian wiper attacks linked to Syrian breaches (lien direct) |
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. [...] |
Malware
Threat
|
|
|
|
2021-08-11 09:00:00 |
New AdLoad malware variant slips through Apple\'s XProtect defenses (lien direct) |
A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs. [...] |
Malware
|
|
|
|
2021-08-09 17:43:03 |
FlyTrap malware hijacks thousands of Facebook accounts (lien direct) |
A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. [...] |
Malware
Threat
|
|
|
|
2021-08-09 09:12:17 |
Synology warns of malware infecting NAS devices with ransomware (lien direct) |
Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks. [...] |
Ransomware
Malware
|
|
|
|
2021-08-05 09:57:04 |
(Déjà vu) Prometheus TDS: The $250 service behind recent malware attacks (lien direct) |
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. [...] |
Ransomware
Malware
Guideline
|
|
|
|
2021-08-05 09:57:04 |
Prometheus: The $250 service behind recent malware attacks (lien direct) |
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. [...] |
Ransomware
Malware
Guideline
|
|
|
|
2021-07-29 12:46:55 |
New destructive Meteor wiper malware used in Iranian railway attack (lien direct) |
A new file wiping malware called Meteor was discovered used in the recent attacks against Iran's railway system. [...] |
Malware
|
|
|
|
2021-07-28 11:15:13 |
Google Play Protect fails Android security tests once more (lien direct) |
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. [...] |
Malware
|
|
|
|
2021-07-23 16:06:46 |
Fake Windows 11 installers now used to infect you with malware (lien direct) |
Scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools. [...] |
Malware
|
|
|
|
2021-07-23 15:29:55 |
MacOS malware steals Telegram accounts, Google Chrome data (lien direct) |
Security researchers have published details about the method used by a strain of macOS malware to steal login information from multiple apps, enabling its operators to steal accounts. [...] |
Malware
|
|
|
|
2021-07-21 14:42:16 |
CISA warns of stealthy malware found on hacked Pulse Secure devices (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...] |
Malware
|
|
|
|
2021-07-21 09:00:00 |
NPM package steals Chrome passwords on Windows via recovery tool (lien direct) |
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems. Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, including screen and camera access. [...] |
Malware
Tool
|
|
|
|
2021-07-21 06:20:41 |
XLoader malware steals logins from macOS and Windows systems (lien direct) |
A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems. [...] |
Malware
|
|
|
|
2021-07-20 04:00:00 |
New MosaicLoader malware targets software pirates via online ads (lien direct) |
An ongoing worldwide campaign is pushing new malware dubbed MosaicLoader advertising camouflaged as cracked software via search engine results to infect wannabe software pirates' systems. [...] |
Malware
|
|
|
|
2021-07-14 15:29:17 |
BazarBackdoor sneaks in through nested RAR and ZIP archives (lien direct) |
Security researchers caught a new phishing campaign that tried to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file. [...] |
Malware
|
|
|
|
2021-07-14 03:32:00 |
Trickbot updates its VNC module for high-value targets (lien direct) |
The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. [...] |
Ransomware
Malware
Threat
|
|
|
|
2021-07-13 03:29:00 |
New BIOPASS malware live streams victim\'s computer screen (lien direct) |
Hackers compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim's computer screen in real time by abusing popular live-streaming software. [...] |
Malware
|
|
|
|
2021-06-29 13:48:21 |
Russian hackers had months-long access to Denmark\'s central bank (lien direct) |
Russian state hackers compromised Denmark's central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. [...] |
Malware
|
|
★★★★
|
|
2021-06-26 05:16:04 |
Microsoft admits to signing rootkit malware in supply-chain fiasco (lien direct) |
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs. [...] |
Malware
|
|
|
|
2021-06-23 09:00:00 |
PYSA ransomware backdoors education orgs using ChaChi malware (lien direct) |
The PYSA ransomware gang has been using a remote access Trojan (RAT) dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes. [...] |
Ransomware
Malware
|
|
|
|
2021-06-17 11:58:44 |
Vigilante malware blocks victims from downloading pirated software (lien direct) |
A vigilante developer turns the tables on software pirates by distributing malware that prevents them from accessing pirated software sites in the future. [...] |
Malware
|
|
|
|
2021-06-16 12:22:19 |
US convicts Russian national behind Kelihos botnet crypting service (lien direct) |
Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypter service used by the Kelihos botnet to obfuscate malware payloads and evade detection. [...] |
Malware
|
|
|
|
2021-06-15 08:00:28 |
Google Workspace adds new phishing protection, client-side encryption (lien direct) |
Google Workspace (formerly G Suite) has been updated with client-side encryption and new Google Drive phishing and malware content protection. [...] |
Malware
|
|
|
|
2021-06-14 12:30:18 |
Microsoft: SEO poisoning used to backdoor targets with malware (lien direct) |
Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan (RAT) capable of stealing the victims' sensitive info and backdooring their systems. [...] |
Malware
|
|
|
|
2021-06-07 06:51:59 |
New Kubernetes malware backdoors clusters via Windows containers (lien direct) |
New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. [...] |
Malware
|
Uber
|
|
|
2021-06-05 12:56:17 |
GitHub\'s new policies allow removal of PoC exploits used in attacks (lien direct) |
GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service. [...] |
Malware
|
|
|
|
2021-06-04 17:28:07 |
US charges Latvian for helping develop the Trickbot malware (lien direct) |
The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. [...] |
Malware
|
|
|
|
2021-06-04 09:03:59 |
FreakOut malware worms its way into vulnerable VMware servers (lien direct) |
A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. [...] |
Malware
|
|
|
|
2021-06-03 11:19:32 |
New SkinnyBoy malware used by Russian hackers to breach sensitive orgs (lien direct) |
Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. [...] |
Malware
|
APT 28
|
|
|
2021-06-01 16:56:57 |
US seizes domains used by APT29 in recent USAID phishing attacks (lien direct) |
The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks. [...] |
Malware
|
APT 29
|
★★★
|
|
2021-05-29 13:49:01 |
Microsoft: Russian hackers used 4 new malware in USAID phishing (lien direct) |
Microsoft states that a Russian hacking group used four new malware families in recent phishing attacks impersonating the United States Agency for International Development (USAID). [...] |
Malware
|
|
|
|
2021-05-28 12:12:21 |
Chinese cyberspies are targeting US, EU orgs with new malware (lien direct) |
Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. [...] |
Malware
Threat
|
|
|
|
2021-05-27 13:37:01 |
(Déjà vu) New BazaFlix attack pushes BazarLoader malware via fake movie site (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-27 13:37:01 |
New BazaFlix phishing delivers BazarLoader malware via call center (lien direct) |
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. [...] |
Malware
Threat
|
|
|
|
2021-05-24 15:40:31 |
(Déjà vu) Apple fixes three zero-days, one abused by XCSSET macOS malware (lien direct) |
Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. [...] |
Malware
|
|
|
|
2021-05-22 11:02:22 |
(Déjà vu) Bizarro banking malware targets 70 banks in Europe and South America (lien direct) |
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. [...] |
Malware
|
|
|
|
2021-05-20 13:13:08 |
Microsoft: Massive malware campaign delivers fake ransomware (lien direct) |
A massive malware campaign pushed the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks. [...] |
Ransomware
Malware
|
|
|
|
2021-05-17 18:13:53 |
Conti ransomware also targeted Ireland\'s Department of Health (lien direct) |
The Conti ransomware gang failed to encrypt the systems of Ireland's Department of Health (DoH) despite breaching its network and dropping Cobalt Strike beacons to deploy their malware across the network. [...] |
Ransomware
Malware
|
|
|
|
2021-05-17 15:01:35 |
FBI spots spear-phishing posing as Truist Bank bank to deliver malware (lien direct) |
Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware. [...] |
Malware
Threat
|
|
|
|
2021-05-13 13:00:00 |
(Déjà vu) Microsoft build tool abused to deliver password-stealing malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-13 13:00:00 |
Attackers abuse Microsoft dev tool to deploy Windows malware (lien direct) |
Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools and information-stealing malware filelessly as part of an ongoing campaign. [...] |
Malware
Tool
Threat
|
|
|
|
2021-05-12 12:49:16 |
Microsoft: Threat actors target aviation orgs with new malware (lien direct) |
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using a new and stealthy malware loader. [...] |
Malware
Threat
|
|
|
|
2021-05-07 05:00:00 |
Cuba Ransomware partners with Hancitor for spam-fueled attacks (lien direct) |
The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. [...] |
Ransomware
Spam
Malware
|
|
|
|
2021-05-04 10:00:00 |
Worldwide phishing attacks deliver three new malware strains (lien direct) |
A global-scale phishing campaign targeted worldwide organizations across a large array of industries with never-before-seen malware strains delivered via specially-tailored lures. [...] |
Malware
|
|
|
|
2021-05-04 09:00:00 |
New Windows \'Pingback\' malware uses ICMP for covert communication (lien direct) |
Today, Trustwave researchers have disclosed their findings on a novel Windows malware sample that uses Internet Control Message Protocol (ICMP) for its command-and-control (C2) activities. Dubbed "Pingback," this malware targets Windows 64-bit systems, and uses DLL Hijacking to gain persistence. [...] |
Malware
|
|
|