What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-16 00:29:29 | New AdLoad Variant Bypasses Apple\'s Security Defenses to Target macOS Systems (lien direct) | A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
"AdLoad," as the malware is known, is one of several |
Malware | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-09 06:00:46 | Beware! New Android Malware Hacks Thousands of Facebook Accounts (lien direct) | A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces.
Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as |
Malware | ||
|
2021-08-05 03:12:49 | A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service (lien direct) | Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.
Dubbed " |
Malware | ||
|
2021-08-04 13:30:39 | Several Malware Families Targeting IIS Web Servers With Malicious Modules (lien direct) | A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.
The findings were presented today by ESET malware researcher Zuzana Hromcova at the Black |
Malware | ||
|
2021-08-02 03:07:15 | Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild (lien direct) | Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar.
Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with |
Malware Threat | ||
|
2021-07-30 03:00:54 | Experts Uncover Several C&C Servers Linked to WellMess Malware (lien direct) | Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign.
More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said |
Malware Threat | APT 29 | |
|
2021-07-30 00:36:30 | A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System (lien direct) | A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."
The campaign - dubbed "MeteorExpress" - has not been linked to any previously identified threat group or to additional attacks, making it the first |
Malware Threat | ||
|
2021-07-29 23:13:31 | Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers (lien direct) | An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are |
Ransomware Malware | ||
|
2021-07-29 08:18:26 | Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs (lien direct) | An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
The backdoor is distributed via a decoy document named "Manifest.docx" that |
Malware Threat | ||
|
2021-07-29 01:46:50 | New Android Malware Uses VNC to Spy and Steal Passwords from Victims (lien direct) | A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud.
Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was |
Malware | ||
|
2021-07-28 05:53:40 | UBEL is the New Oscorp - Android Credential Stealing Malware Active in the Wild (lien direct) | An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021.
Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing |
Malware | ||
|
2021-07-28 03:06:58 | Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees (lien direct) | An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider |
Malware Threat | ||
|
2021-07-27 05:39:47 | Hackers Turning to \'Exotic\' Programming Languages for Malware Development (lien direct) | Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of |
Malware Threat | ||
|
2021-07-26 03:13:56 | Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems (lien direct) | An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
"LemonDuck, an actively updated and robust malware that's primarily known |
Malware | ||
|
2021-07-23 05:22:14 | Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software (lien direct) | A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics."
XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual |
Malware | ||
|
2021-07-22 03:38:52 | APT Hackers Distributed Android Trojan via Syrian e-Government Portal (lien direct) | An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
"To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu |
Malware Threat | ||
|
2021-07-21 03:12:55 | XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems (lien direct) | Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.
The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download |
Malware | ★★★★ | |
|
2021-07-20 01:48:34 | This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection (lien direct) | Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.
"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers |
Malware | ||
|
2021-07-13 00:06:59 | Trickbot Malware Returns with a new VNC Module to Spy on its Victims (lien direct) | Cybersecurity researchers have opened the lid on the continued resurgence of the insidious TrickBot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement.
"The new capabilities discovered are used to monitor and gather intelligence on victims, using |
Malware | ||
|
2021-07-12 21:52:02 | Critical RCE Flaw in ForgeRock Access Manager Under Active Attack (lien direct) | Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely.
"The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," |
Malware Vulnerability | ★★★ | |
|
2021-07-12 04:04:33 | Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites (lien direct) | Cybersecurity researchers are warning about a new malware that's striking online gambling companies in China via a watering hole attack to deploy either Cobalt Strike beacons or a previously undocumented Python-based backdoor called BIOPASS RAT that takes advantage of Open Broadcaster Software (OBS) Studio's live-streaming app to capture the screen of its victims to attackers.
The attack |
Malware | ||
|
2021-07-09 07:23:44 | Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration (lien direct) | Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.
"One tactic that some Magecart actors employ is the dumping of |
Malware | ||
|
2021-07-08 22:39:48 | Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files (lien direct) | While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain in the background, new findings indicate that macro security warnings can be disabled entirely without requiring any user interaction.
In yet another instance of malware authors continue to evolve their techniques to evade |
Malware | ||
|
2021-07-08 02:58:54 | Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America (lien direct) | Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims.
Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary targets of the threat actor are corporate networks in the South American country spanning across |
Malware Threat | ||
|
2021-07-08 02:31:04 | SideCopy Hackers Target Indian Government Officials With New Malware (lien direct) | A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations."
Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file |
Malware | ||
|
2021-07-07 06:18:33 | WildPressure APT Emerges With New Malware Targeting Windows and macOS (lien direct) | A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats.
Russian cybersecurity firm attributed the attacks to an advanced persistent threat (APT) it tracks as |
Malware Threat | ||
|
2021-07-06 01:41:59 | Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (lien direct) | Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
The two-year investigation, dubbed Operation Lyrebird by the international, |
Malware Threat | ★★★ | |
|
2021-06-28 00:56:30 | Hackers Trick Microsoft Into Signing Netfilter Driver Loaded With Rootkit Malware (lien direct) | Microsoft on Friday said it's investigating an incident wherein a driver signed by the company turned out to be a malicious Windows rootkit that was observed communicating with command-and-control (C2) servers located in China.
The driver, called "Netfilter," is said to target gaming environments, specifically in the East Asian country, with the Redmond-based firm noting that "the actor's goal |
Malware | ||
|
2021-06-25 03:16:12 | Crackonosh virus mined $2 million of Monero from 222,000 hacked computers (lien direct) | A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros ($2 million) in illegal profits.
Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to disable antivirus programs installed in the machine and install a coin miner package called XMRig |
Malware | ||
|
2021-06-21 03:05:00 | DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps (lien direct) | A new research published by a group of academics has found that anti-virus programs for Android continue to remain vulnerable against different permutations of malware, in what could pose a serious risk as malicious actors evolve their toolsets to better evade analysis.
"Malware writers use stealthy mutations (morphing/obfuscations) to continuously develop malware clones, thwarting detection by |
Malware | ||
|
2021-06-17 00:46:17 | Researchers Uncover \'Process Ghosting\' - A New Malware Evasion Technique (lien direct) | Cybersecurity researchers have disclosed a new executable image tampering attack dubbed "Process Ghosting" that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system.
"With this technique, an attacker can write a piece of malware to disk in such a way that it's difficult to scan or delete it - and where it then executes the |
Malware | ||
|
2021-06-16 05:25:25 | Malware Attack on South Korean Entities Was Work of Andariel Group (lien direct) | A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development.
"The way Windows commands and their options were used in this campaign is almost identical to previous Andariel |
Malware | APT 38 | |
|
2021-06-14 06:34:33 | NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers (lien direct) | A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year.
The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack dating back all the way to 2014 under the codename Operation TooHash based on malware payloads |
Malware | ||
|
2021-06-07 07:52:27 | Researchers Discover First Known Malware Targeting Windows Containers (lien direct) | Security researchers have discovered the first known malware, dubbed "Siloscope," targeting Windows Server containers to infect Kubernetes clusters in cloud environments.
"Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers," said Unit 42 researcher Daniel Prizmant. "Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in |
Malware | Uber | |
|
2021-06-07 00:00:58 | (Déjà vu) Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware (lien direct) | The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware.
The woman in question, Alla Witte, aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated |
Malware | ||
|
2021-06-05 06:56:02 | GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks (lien direct) | Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service.
"We explicitly permit dual-use security technologies and content related to research into vulnerabilities, malware, and exploits," the Microsoft-owned company said. "We understand that many security |
Malware | ||
|
2021-06-03 10:01:42 | Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities (lien direct) | New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection.
"Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control (C2) communications and the |
Malware | ||
|
2021-06-02 02:55:03 | Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites (lien direct) | Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has |
Malware Vulnerability Threat | ||
|
2021-06-01 23:29:25 | US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks (lien direct) | Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign.
The court-authorized domain seizure 1m took place on May |
Malware | ||
|
2021-06-01 08:06:28 | Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions (lien direct) | Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.
The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed |
Ransomware Malware | ||
|
2021-05-28 08:31:21 | Researchers Warn of Facefish Backdoor Spreading Linux Rootkits (lien direct) | Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems.
The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the |
Malware | ||
|
2021-05-26 08:30:57 | Data Wiper Malware Disguised As Ransomware Targets Israeli Entities (lien direct) | Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions.
Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius."
"An analysis of what at first |
Ransomware Malware | ||
|
2021-05-21 01:46:35 | Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware (lien direct) | Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.
"This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team said in a |
Ransomware Malware | ||
|
2021-05-18 03:04:29 | 70 European and South American Banks Under Attack By Bizarro Banking Malware (lien direct) | A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries.
Dubbed "Bizarro" by Kaspersky researchers, the Windows malware is "using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping [sic] with |
Malware |
To see everything:
Our RSS (filtrered)
