What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-03 20:33:00 | Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware (lien direct) | In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook. | Malware Threat | ★★ | |
 |
2023-02-03 20:25:08 | Fast-evolving Prilex POS malware can block contactless payments (lien direct) | ... forcing users to insert their cards into less-secure PIN systems The reasons businesses and consumers like contactless payment transactions – high security and speed – are what make those systems bad for cybercriminals.… | Malware | ★★ | |
 |
2023-02-03 16:00:00 | Scores of Redis Servers Infested by Sophisticated Custom-Built Malware (lien direct) | At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021. | Malware | ★ | |
 |
2023-02-03 16:00:00 | New Credential-Stealing Campaign By APT34 Targets Middle East Firms (lien direct) | The malware had additional exfiltration techniques compared to previously studied variants | Malware | APT 34 | ★★ |
 |
2023-02-03 15:26:22 | (Déjà vu) Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software (lien direct) | Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine le Commentaire de Quest Software - Malwares | Malware | ★ | |
|
2023-02-03 15:14:07 | Check Point Software Technologies Achieves... (lien direct) | Check Point Software Technologies Achieves Highest Ranking in Miercom Next Generation Firewall Benchmark Report Check Point achieves 99.7% malware block rate, 99.9% phishing prevention, and ultra-low 0.1% False Positive Detection rate - Business News | Malware | ★ | |
 |
2023-02-03 12:50:18 | Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine (lien direct) | >Le 25 janvier, le groupe de recherche ESET a découvert une nouvelle cyberattaque en Ukraine. Les attaquants du groupe Sandworm ont déployé un nouveau malware nommé SwiftSlicer, qui vise à détruire l'Active Directory. The post Nouveau malware SwiftSlicer déployé dans une cyberattaque contre Ukraine first appeared on UnderNews. | Malware | ★★★ | |
 |
2023-02-03 00:00:00 | TgToxic Malware\'s Automated Framework Targets Southeast Asia Android Users (lien direct) | We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users' credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the automated features of the malware, we found that the threat actor abused legitimate test framework Easyclick to write a Javascript-based automation script for functions such as clicks and gestures. | Malware Threat | ★★ | |
|
2023-02-02 19:27:14 | Malvertising attacks are distributing .NET malware loaders (lien direct) | The campaign illustrates another option for miscreants who had relied on Microsoft macros Malvertising attacks are being used to distribute virtualized .NET loaders that are highly obfuscated and dropping info-stealer malware.… | Malware | ★★ | |
 |
2023-02-02 19:04:42 | Google ads push \'virtualized\' malware made for antivirus evasion (lien direct) | An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. [...] | Malware | ★★ | |
 |
2023-02-02 15:47:00 | Supply Chain Attack by New Malicious Python Package, “web3-essential” (lien direct) | FortiGuard Labs team discovers another 0-day attack in a malicious PyPI package called “web3-essential”. See how this malware avoids suspicion and other observations. | Malware | ★★★ | |
 |
2023-02-02 15:35:41 | Prilex POS malware evolves to block contactless transactions (lien direct) | >A new version of the Prilex POS malware has found a novel way to steal your credit card information. | Malware | ★★ | |
|
2023-02-02 15:23:18 | Hackers weaponize Microsoft Visual Studio add-ins to push malware (lien direct) | Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. [...] | Malware | ★★★★★ | |
|
2023-02-02 12:59:06 | MalVirt | .NET virtualisation thrives in new malvertising attacks (lien direct) | While investigating recent malvertising (malicious advertising) attacks, SentinelLabs spotted a cluster of virtualised malware loaders that has joined the trend. Referred to as MalVirt, the loaders are implemented in .NET and use virtualisation, based on the KoiVM virtualising protector of .NET applications, in order to obfuscate their implementation and execution. Although virtualisation is popular for hacking tools and cracks, the use of KoiVM virtualisation is not often seen as an obfuscation method utilised by cybercrime threat actors. - Malware Update | Malware Threat | ★★ | |
 |
2023-02-02 12:37:34 | 1,200 Redis Servers Infected by New HeadCrab Malware for Cryptomining Operations (lien direct) | A new malware has appeared on the frontlines, targeting online Redis servers. The malware, named... | Malware | ★★ | |
 |
2023-02-02 12:28:04 | HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining (lien direct) | >The sophisticated HeadCrab malware has infected at least 1,200 Redis servers and abused them for cryptomining. | Malware | ★★ | |
|
2023-02-02 12:17:00 | New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (lien direct) | At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani | Malware Threat | ★ | |
|
2023-02-02 12:07:55 | Cisco fixes bug allowing malware persistence between reboots (lien direct) | Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. [...] | Malware Vulnerability | ★★★ | |
 |
2023-02-02 11:50:00 | (Déjà vu) HeadCrab Malware Infects 1,200 Redis servers to Mine Monero (lien direct) | Since September 2021, about a thousand Redis servers have been infected by new stealthy malware meant to hunt down unprotected Redis servers online and create a botnet that mines for the Monero cryptocurrency. The malware, nicknamed HeadCrab by Aqua Security experts Nitzan Yaakov and Asaf Eitani, has so far infected at least 1,200 of these servers, which […] | Malware | ★ | |
 |
2023-02-02 10:55:59 | Malvirt |La virtualisation .Net prospère dans les attaques de malvertisation MalVirt | .NET Virtualization Thrives in Malvertising Attacks (lien direct) |
Les chargeurs de logiciels malveillants .NET distribués par malvertising utilisent une virtualisation obscurcie pour l'anti-analyse et l'évasion dans une campagne en cours.
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign. |
Malware | ★★★ | |
 |
2023-02-02 10:15:09 | CVE-2022-43665 (lien direct) | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | Malware Vulnerability Guideline | ||
 |
2023-02-02 00:02:43 | (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-02-02 00:00:00 | New APT34 Malware Targets The Middle East (lien direct) | We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. | Malware | APT 34 | ★★ |
 |
2023-02-01 21:34:45 | Using Artificial Intelligence and Machine Learning to Combat Hands-on-Keyboard Cybersecurity Attacks (lien direct) | Malware gets the headlines, but the bigger threat is hands-on-keyboard adversary activity which can evade traditional security solutions and present detection challenges Machine learning (ML) can predict and proactively protect against emerging threats by using behavioral event data. CrowdStrike's artificial intelligence (AI)-powered indicators of attack (IOAs) use ML to detect and predict adversarial patterns in […] | Malware Threat Prediction | ★★★ | |
 |
2023-02-01 20:59:46 | Russia-backed hacker group Gamaredon attacking Ukraine with info-stealing malware (lien direct) |  The Russian-sponsored hacker group known as Gamaredon continues to attack Ukrainian organizations and remains one of the “key cyber threats” for Ukraine's cyberspace, according to a report the Ukrainian government published Wednesday. Ukraine claims that Gamaredon operates from the city of Sevastopol in Russia-occupied Crimea, but acts on orders from the FSB Center for Information [… |
Malware | ★★★ | |
|
2023-02-01 20:03:54 | OneNote documents spread malware in several countries (lien direct) | >A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. | Malware | ★★★ | |
|
2023-02-01 18:56:02 | New HeadCrab malware infects 1,200 Redis servers to mine Monero (lien direct) | New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. [...] | Malware | ★★★ | |
|
2023-02-01 15:55:00 | Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards (lien direct) | The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking its | Malware Threat | ★ | |
|
2023-02-01 12:32:01 | Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data (lien direct) | >The Prilex point-of-sale (PoS) malware has been modified to block contactless transactions to force the insertion of credit cards and steal their information. | Malware | ★★★★ | |
 |
2023-02-01 11:00:21 | The Rise of the Code Package Threat (lien direct) | >Highlights: Check Point details two recent attacks detected and blocked by our Threat Prevention engines, aiming to distribute malware The malicious code packages, Python-drgn and Bloxflip, distributed by Threat actors leveraging package repositories as a reliable and scalable malware distribution channel Due to significant rise in supply chain attacks Check Point provides recommendations for developers… | Malware Threat | ★★ | |
 |
2023-02-01 11:00:00 | The top 8 Cybersecurity threats facing the automotive industry heading into 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Most, if not all, industries are evolving on a digital level heading into 2023 as we take the journey to edge computing. But the automotive industry is experiencing technological innovation on another level. A rise in the production of connected vehicles, new autonomous features, and software that enables cars to self-park and self-drive are great examples of the digital evolution taking the automotive industry by storm. According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organizations plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. And for a good reason. These automotive features and advancements have offered cybercriminals an array of new opportunities when it comes to cyberattacks. There are several ways that threat actors are targeting the automotive industry, including tried and true methods and new attack vectors. In this article, you’ll learn about the top 8 cybersecurity threats facing the automotive industry heading into 2023 and what the industry can do to prevent threats. Automotive Cybersecurity threats As autos increasingly come with connectivity features, remote threats are more likely. A recent report revealed that 82% of attacks against the automotive industry (including consumer vehicles, manufacturers, and dealerships) were carried out remotely. Plus, half of all vehicle thefts involved keyless entry. Automakers, dealers, and consumers play a role in automotive cybersecurity. But as the industry continues to adopt connected technologies, it will become increasingly important that organizations take a proactive approach to cybersecurity. When it comes to automotive threats, there are countless methods that hackers use to steal vehicles and driver information and cause problems with the vehicle’s functioning. Let’s explore the top 8 cybersecurity threats facing the automotive industry this year. Keyless car theft As one of the most prominent threats, keyless car theft is a major concern for the automotive industry. Key fobs today give car owners the ability to lock and unlock their doors by standing near their vehicle and even start their car without the need for a physical key. Autos enabled with keyless start and keyless entry are prone to man-in-the-middle attacks that can intercept the data connection between the car and the key fob itself. Hackers take advantage of these systems to bypass authentication protocols by tricking the components into thinking they are in proximity. Then the attacker can open the door and start the vehicle without triggering any alarms. EV charging station exploitation Electric vehicles are becoming more popular as the globe transitions to environmental technologies. Charging stations allow EV owners to charge their vehicles in convenient locations such as public parking lots, parks, and even their own garages. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This data chain presents many ways threat actors can exploit an EV charging station. Malware, fraud, remote manipulation, and even disabling charging stations are all examples of ways hackers take advantage of EV infrastructure. Infotainment system attacks Modern cars require | Ransomware Malware Vulnerability Threat | ★★★ | |
|
2023-02-01 10:44:01 | Malvertising campaigns mimicking popular software downloads to infect users and steal credentials, HP Wolf Security reports (lien direct) | The HP Wolf Security Threat Research Team has just released detailed analysis of several major malvertising campaigns, which use legitimate advertisements on search engines to direct users to highly convincing spoof websites for well-known software – including Audacity, Teams, discord and adobe – tricking users into downloading malware onto their PCs. - Malware Update | Malware Threat | ★★★ | |
|
2023-02-01 09:45:52 | Hackers use new IceBreaker malware to breach gaming companies (lien direct) | A previously unknown threat group has been targeting the customer service platforms of online gaming and gambling companies using social engineering to drop its custom implant. [...] | Malware Threat | ★★★ | |
 |
2023-02-01 07:00:00 | Malware variant can block contactless payments (lien direct) | Pas de details / No more details | Malware | ★ | |
|
2023-02-01 02:05:00 | How Can Disrupting DNS Communications Thwart a Malware Attack? (lien direct) | Malware eventually has to exfiltrate the data it accessed. By watching DNS traffic for suspicious activity, organizations can halt the damage. | Malware | ★★★ | |
 |
2023-01-31 20:04:16 | Microsoft OneNote Attachments Become the Latest Method to Spread Malware (lien direct) |
|
Malware | ★★ | |
 |
2023-01-31 17:27:00 | Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cryptocurrency, Data leak, Iran, North Korea, Phishing, Ransomware, and USB malware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Chinese PlugX Malware Hidden in Your USB Devices?
(published: January 26, 2023)
Palo Alto researchers analyzed a PlugX malware variant (KilllSomeOne) that spreads via USB devices such as floppy, thumb, or flash drives. The variant is used by a technically-skilled group, possibly by the Black Basta ransomware. The actors use special shortcuts, folder icons and settings to make folders impersonating disks and a recycle bin directory. They also name certain folders with the 00A0 (no-break space) Unicode character thus hindering Windows Explorer and the command shell from displaying the folder and all the files inside it.
Analyst Comment: Several behavior detections could be used to spot similar PlugX malware variants: DLL side loading, adding registry persistence, and payload execution with rundll32.exe. Incidents responders can check USB devices for the presence of no-break space as a folder name.
MITRE ATT&CK: [MITRE ATT&CK] T1091 - Replication Through Removable Media | [MITRE ATT&CK] T1559.001 - Inter-Process Communication: Component Object Model | [MITRE ATT&CK] T1547.009 - Boot or Logon Autostart Execution: Shortcut Modification | [MITRE ATT&CK] T1574.002 - Hijack Execution Flow: Dll Side-Loading | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1564.001: Hidden Files and Directories | [MITRE ATT&CK] T1105 - Ingress Tool Transfer
Tags: detection:PlugX, detection:KilllSomeOne, USB, No-break space, file-type:DAT, file-type:EXE, file-type:DLL, actor:Black Basta, Windows
Abraham's Ax Likely Linked to Moses Staff
(published: January 26, 2023)
Cobalt Sapling is an Iran-based threat actor active in hacking, leaking, and sabotage since at least November 2020. Since October 2021, Cobalt Sapling has been operating under a persona called Moses Staff to leak data from Israeli businesses and government entities. In November 2022, an additional fake identity was created, Abraham's Ax, to target government ministries in Saudi Arabia. Cobalt Sapling uses their custom PyDCrypt loader, the StrifeWater remote access trojan, and the DCSrv wiper styled as ransomware.
Analyst Comment: A defense-in-depth approach can assist in creating a proactive stance against threat actors attempting to destroy data. Critical systems should be segregated from each other to minimize potential damage, with an |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
|
2023-01-31 16:38:00 | New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector (lien direct) | The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The Hacker | Malware | ★★★ | |
|
2023-01-31 16:09:00 | Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years (lien direct) | A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically | Malware Threat | ★★★ | |
|
2023-01-31 15:48:20 | Enquête Check Point Research : Un service logiciel permet aux acteurs de la menace de contourner la protection des " EDR " Et de déployer Emotet, REvil, Maze entre autres (lien direct) | Enquête Check Point Research : Un service logiciel permet aux acteurs de la menace de contourner la protection des " EDR " Et de déployer Emotet, REvil, Maze entre autresCheck Point Research (CPR) a repéré un service logiciel actif qui permet aux acteurs de la menace de contourner la protection des " EDR " (Endpoint Detection & Response) actif depuis plus de six ans. Les clients du service, nommé TrickGate, comptent des acteurs connus tels que Emotet, REvil, Maze et bien d'autres. CPR répertorie des centaines d'attaques par semaine rien qu'au cours de ces deux dernières années. TrickGate est évolutif et change régulièrement, et a ainsi pu passer inaperçu pendant des années. Grâce à TrickGate, les acteurs malveillants sont à même de diffuser leurs malwares plus facilement et avec moins de répercussions. • Entre 40 et 650 attaques par semaine au cours des deux dernières années • Parmi les secteurs ciblés figurent la production, l'éducation, la santé, la finance et les entreprises commerciales. • Le type de malware le plus utilisé au cours des deux derniers mois est Formbook, représentant 42 % du total des malwares détectés. - Investigations | Malware | ★★ | |
|
2023-01-31 13:48:32 | PoS malware can block contactless payments to steal credit cards (lien direct) | New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. [...] | Malware | ★ | |
|
2023-01-31 12:20:00 | Analyzing Malware Code that Cryptojacks System to Mine for Monero Crypto (lien direct) | FortiGuard Labs analyzes malicious code found in captured excel documents that cryptojacks a victim's system to mine for Monero cryptocurrency. See how the malicious software is delivered, executed, and the techniques it uses to gain persistence on a device. | Malware | ★★★ | |
|
2023-01-31 11:00:00 | Stories from the SOC - RapperBot, Mirai Botnet - C2, CDIR Drop over SSH (lien direct) | Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.
Executive summary
Since mid-June 2022, AT&T Managed Extended Detection and Response (MXDR) Security Operations Center (SOC) observed an enormous number of attacks from Mirai botnet-C2 attempting to gain access to SSH servers instead of Telnet.
Due to the various tactics, techniques, and procedures (TTP) observed, this attack has been associated with RapperBot botnet (Mirai variants.) RapperBot’s goal is still undefined.
According to the analysis that was published by FortiGuard Labs, while the majority of Mirai variants can naturally brute force Telnet servers that use default or weak passwords, RapperBot in particular scans and attempts to brute force SSH servers that are designed to require password authentication.
A large part of the malware is executing an SSH 2.0 client which is able to connect and brute force any SSH server using Diffie-Hellman key exchange with 768-bit or 2048-bit keys and data encryption using AES128-CTR. A unique characteristic of brute forcing in RapperBot is the use of SSH-2.0-HELLOWORLD in order to identify itself to the targeted SSH server during the SSH Protocol Exchange phase.
One of the malicious Mirai botnet IP addresses had allowed network traffic with an asset in an organization over SSH port 22. After some data transferring, the session closed with the client-reset action. The MXDR SOC team quickly identified and recommended mitigation steps to prevent lateral movement and the attacker going further.
Investigation
Initial alarm review
Indicators of Compromise (IOC)
The alarm initiated with the multiple Open Threat Exchange (OTX) pulses (Miraibotnet-C2- CDIR Drop List) and an OTX indicator of a known malicious IP. There was network traffic between the known malicious IP and a public IP of an internal asset in an organization. The network traffic was over SSH port 22, and the security system (firewall) action was a deny. The security system (firewall) deny action was evidence of the auto-mitigation. In this case, auto-mitigation means the attack is prevented by firewall rules and threat intelligence by denying the connection from malicious IP.
However, further analysis of the events showed that the traffic was allowed from the malicious IP to another internal asset. In addition to this, there were signs of data transfer from source IP with “sentbyte=1560, rcvdbyte=2773, sentpkt=15, rcvdpkt=13”
** Risk mitigation in Cybersecurity is the reduction of the overall risk/impact of cyber-attacks. Detection, prevention, and remediation are three components of risk mitigation in cybersecurity.
Expanded investigation
Events search
After checking events associated with the alarm, the team always checks the environmental security to see if the malware had further penetrated the environment or attempted any lateral movement.
The team searched events by pivoting on the indicator IP, filtering the past 90 days of e |
Malware Threat | ★★★★ | |
 |
2023-01-31 09:30:03 | Alerte malware sur le Play Store : ces 20 apps Android sont frauduleuses (lien direct) |  Une vague de malwares s'est propagée sur le Play Store. Dans le code de 20 applications Android, des chercheurs ont découvert des virus capables de siphonner les données personnelles et l'argent des utilisateurs. |
Malware | ★ | |
 |
2023-01-31 08:00:41 | Prilex modification now targeting contactless credit card transactions (lien direct) | Kaspersky discovers three new variants of the Prilex PoS malware capable of blocking contactless NFC transactions on an infected device. | Malware | ★ | |
|
2023-01-31 00:32:00 | Attack Cases of CoinMiners Mining Ethereum Classic Coins (lien direct) | The ASEC analysis team is monitoring CoinMiners that are targeting Korean and overseas users. We have covered cases of various types of CoinMiner attacks over multiple blog posts in the past. This post aims to introduce the recently discovered malware that mine Ethereum Classic coins. 0. Overview CoinMiners are installed without user awareness and use the system’s resources to mine cryptocurrency, leading to low system performance. Threat actors that distribute CoinMiners tend to mine coins that guarantee anonymity, such as... | Malware Threat Guideline | ★★ | |
 |
2023-01-31 00:00:00 | Vidar Info-Stealer Malware Distributed via Malvertising on Google (lien direct) | This blog post highlights the recent malvertising campaigns targeting Google searches that deploy info-stealer malware. It covers the attackers' techniques and provides a list of indicators of compromise. Recommendations for the general public are also included to help mitigate the risk of falling victim to such attacks. | Malware | ★★★ | |
|
2023-01-30 21:15:12 | CVE-2022-4794 (lien direct) | The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. | Malware | ||
|
2023-01-30 19:45:11 | Gootloader malware updated with PowerShell, sneaky JavaScript (lien direct) | Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.… | Malware | ★★ | |
|
2023-01-30 17:00:00 | Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware (lien direct) | Threat actors used TrickGate to conduct between 40 and 650 attacks per week in the last two years | Malware Threat | ★★ |
To see everything:
