What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-17 04:19:27 | Experts Warn About Ongoing AutoHotkey-Based Malware Attacks (lien direct) | Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey (AHK) scripting language to deliver multiple remote access trojans (RAT) such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems.
At least four different versions of the campaign have been spotted starting February 2021, according to researchers from Morphisec Labs |
Malware | ||
|
2021-05-14 09:01:06 | Hackers Using Microsoft Build Engine to Deliver Malware Filelessly (lien direct) | Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.
The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding the malicious build files came embedded with encoded executables and shellcode that deploy backdoors, |
Malware Threat | ||
|
2021-05-14 05:04:00 | Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal (lien direct) | Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research.
The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking |
Malware | APT 36 | |
|
2021-05-11 02:50:04 | Experts warn of a new Android banking trojan stealing users\' credentials (lien direct) | Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands.
Called "TeaBot" (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, |
Malware | ||
|
2021-05-09 23:17:59 | Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting (lien direct) | Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S.
The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr |
Malware Guideline | ||
|
2021-05-07 01:58:18 | New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations (lien direct) | An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for |
Malware Threat | ||
|
2021-05-04 06:02:35 | New Pingback Malware Using ICMP Tunneling to Evade C&C Detection (lien direct) | Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.
Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback |
Malware | ||
|
2021-05-03 06:03:10 | A New Buer Malware Variant Has Been Written In Rust Programming (lien direct) | Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called 'Buer' written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis.
Dubbed "RustyBuer," the malware is distributed via emails masquerading as shipping notices from DHL Support, and is said to have affected no fewer than 200 |
Malware | ||
|
2021-05-03 00:43:49 | New Chinese Malware Targeted Russia\'s Largest Nuclear Submarine Designer (lien direct) | A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous "Royal Road" Rich Text Format (RTF) |
Malware Threat | ||
|
2021-04-29 02:02:21 | Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years (lien direct) | A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind to harvest and exfiltrate sensitive information from infected systems.
Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "the family uses rotate |
Malware Threat | ||
|
2021-04-28 06:43:39 | Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware (lien direct) | Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.
The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.
"The biggest risk for the targeted |
Malware Threat | ||
|
2021-04-28 00:59:10 | Attention! FluBot Android Banking Malware Spreads Quickly Across Europe (lien direct) | Attention, Android users! A banking malware capable of stealing sensitive information is "spreading rapidly" across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been |
Malware Threat | ||
|
2021-04-26 02:50:01 | Emotet Malware Destroys Itself From All Infected Computers (lien direct) | Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware |
Ransomware Spam Malware | ||
|
2021-04-24 01:09:49 | Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs (lien direct) | Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack.
The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers.
The breach is said to have occurred |
Malware | ||
|
2021-04-23 00:42:28 | Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers (lien direct) | Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.
"Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm |
Malware | ||
|
2021-04-22 22:52:36 | Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device.
"The threat actor connected to the entity's network via a Pulse Secure virtual private network ( |
Malware Threat | ||
|
2021-04-22 03:00:15 | Cybercriminals Using Telegram Messenger to Control ToxicEye Malware (lien direct) | Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.
"Even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app," said researchers from cybersecurity |
Malware | ||
|
2021-04-19 22:33:45 | Lazarus APT Hackers are now using BMP images to hide RAT malware (lien direct) | A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap (.BMP) image file to drop a remote access trojan (RAT) capable of stealing sensitive information.
Attributing the attack to the Lazarus Group based on similarities to prior tactics adopted by the adversary, researchers from Malwarebytes |
Malware Threat Medical | APT 38 | |
|
2021-04-19 03:21:26 | Malware Spreads Via Xcode Projects Now Targeting Apple\'s M1-based Macs (lien direct) | A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps.
XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload |
Malware | ||
|
2021-04-15 03:27:19 | Malware Variants: More Sophisticated, Prevalent and Evolving in 2021 (lien direct) | A malicious program intended to cause havoc with IT systems-malware-is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity.
While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts.
The evolution |
Malware | ||
|
2021-04-13 04:51:30 | Hackers Using Website\'s Contact Forms to Deliver IcedID Malware (lien direct) | Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.
"The emails instruct recipients to click a link to review |
Malware | ||
|
2021-04-12 23:52:10 | BRATA Malware Poses as Android Security Scanners on Google Play Store (lien direct) | A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information.
"These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm |
Malware | ||
|
2021-04-09 23:50:38 | Hackers Tampered With APKPure Store to Distribute Malware Apps (lien direct) | APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.
In an incident that's similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users |
Malware Threat | ||
|
2021-04-09 07:59:41 | Alert - There\'s A New Malware Out There Snatching Users\' Passwords (lien direct) | A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads.
Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development.
"Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was |
Malware | ||
|
2021-04-09 00:45:17 | Gigaset Android Update Server Hacked to Install Malware on Users\' Devices (lien direct) | Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider.
Impacting older smartphone models - GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series - the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update |
Malware | ||
|
2021-04-08 06:37:05 | Researchers uncover a new Iranian malware used in recent cyberattacks (lien direct) | An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
APT34 (aka OilRig) is |
Malware Threat | APT 34 | |
|
2021-04-07 03:36:31 | WhatsApp-based wormable Android malware spotted on the Google Play Store (lien direct) | Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages.
Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a |
Malware | ||
|
2021-04-07 00:16:29 | Pre-Installed Malware Dropper Found On German Gigaset Android Phones (lien direct) | In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app.
"The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not |
Malware | ||
|
2021-04-06 22:38:07 | Experts uncover a new Banking Trojan targeting Latin American users (lien direct) | Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.
Dubbed "Janeleiro" by Slovak cybersecurity firm ESET, the malware aims to disguise its true intent via lookalike pop-up windows that are designed to resemble |
Malware | ||
|
2021-04-06 00:04:02 | Hackers Targeting professionals With \'more_eggs\' Malware via LinkedIn Job Offers (lien direct) | A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."
To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.
"For example, if the |
Malware | ||
|
2021-03-31 23:58:40 | Hackers Set Up a Fake Cybersecurity Firm to Target Real Security Experts (lien direct) | A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack.
In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and |
Malware Threat | ||
|
2021-03-31 01:42:43 | Hackers are implanting multiple backdoors at industrial targets in Japan (lien direct) | Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan.
Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 (aka Stone Panda or Cicada) using previously undocumented malware to deliver |
Malware | APT 10 APT 10 | |
|
2021-03-27 02:14:40 | Watch Out! That Android System Update May Contain A Powerful Spyware (lien direct) | Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls.
While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app |
Malware | ||
|
2021-03-25 05:05:29 | Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers (lien direct) | More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities.
The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit |
Ransomware Malware | ||
|
2021-03-23 23:36:20 | Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers (lien direct) | Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities.
The ongoing campaign makes use of a "novel spreading technique via indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes," according to |
Malware | ||
|
2021-03-19 04:34:08 | Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud (lien direct) | The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks-a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company.
A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday |
Ransomware Malware | ★★★ | |
|
2021-03-18 06:03:41 | How to Successfully Pursue a Career in Malware Analysis (lien direct) | Are you looking to becoming a malware analyst? Then continue reading to discover how to gain the training you need and start a career in malware analysis career.Did you know that new malware is released every seven seconds?
As more and more systems become reliant on the internet, the proliferation of malware becomes increasingly destructive. Once upon a time, a computer virus might cause |
Malware | ||
|
2021-03-16 03:32:22 | New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild (lien direct) | Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy Mirai variants on compromised systems.
"Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 Threat |
Malware | ||
|
2021-03-12 01:53:41 | Researchers Spotted Malware Written in Nim Programming Language (lien direct) | Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.
Dubbed "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.
"Malware developers may choose to use a rare programming language |
Malware Threat | ||
|
2021-03-10 08:31:56 | Researchers Unveil New Linux Malware Linked to Chinese Hackers (lien direct) | Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
Dubbed "RedXOR" by Intezer, the backdoor masquerades as a polkit daemon, with similarities found between the malware and those previously associated with the Winnti Umbrella (or Axiom) threat group such as PWNLNX, |
Malware Threat | APT 17 | |
|
2021-03-10 01:24:29 | FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (lien direct) | Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies.
One such group is FIN8, a financially motivated threat actor that's back in action after a year-and-a-half hiatus with a powerful version of a backdoor with |
Malware Threat | ||
|
2021-03-09 03:13:45 | 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware (lien direct) | Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices.
"This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect |
Malware | ||
|
2021-03-05 01:20:07 | Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (lien direct) | FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques.
Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of |
Malware Threat | ||
|
2021-03-03 04:56:56 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection (lien direct) | Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious |
Malware Threat | ||
|
2021-03-01 06:18:35 | Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites (lien direct) | A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads.
"The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Sophos researchers Gabor Szappanos and Andrew Brandt said in a write-up published today.
"In recent years |
Ransomware Malware | ||
|
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2021-02-25 01:13:03 | Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack (lien direct) | Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
"The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most |
Malware | ||
|
2021-02-24 07:29:47 | Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks (lien direct) | New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The |
Malware Threat | ||
|
2021-02-22 03:15:17 | Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online (lien direct) | On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA).
Although the group has since signed off following the unprecedented disclosures, new "conclusive" |
Malware Tool Threat | ||
|
2021-02-21 23:47:09 | New \'Silver Sparrow\' Malware Infected Nearly 30,000 Apple Macs (lien direct) | Days after the first malware targeting Apple M1 chips were discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that has already infected 29,139 Macs running Intel x86_64 and the iPhone maker's M1 processors.
However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload |
Malware |
To see everything:
Our RSS (filtrered)
