What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-19 00:00:00 | A Sneak Peek into Kovrrâs Data SourcesA sneak peek into Kovrr\\\'s unique data sources used exclusively for modeling purposesRead More (lien direct) | Modeling impacts from cyber events requires extensive understanding of the cyber threat landscape. A core aspect of Kovrrâs cyber risk modeling data pipeline combines unique data sources to better inform the data points taken into account when building out the frequency and severity of cyber events. Access to these data sources is derived via partnerships reserved for Kovrrâs use exclusively for modeling purposes, developed among others with Israeli cybersecurity emerging vendors which continuously bring new exciting data and create a unique ecosystem. Hudson RockHudson Rock is a cybercrime intelligence startup with a database composed of millions of machines compromised in global malware spreading campaigns. The data is augmented monthly with tens of thousands, to hundreds of thousands of new compromised machines. Data includes Info Stealers, ransomware bots and other types of malware. Hudsonâs high-fidelity data help protect employees, partners, customers, and digital assets with unprecedented granularity of threat vectors including Ransomware, Business Espionage, Breaches & Network Overtakes.âHow Kovrr uses this dataâKovrr has extended capabilities to recognize ransomware trends and emerging techniques. This information is crucial for formulating accurate attack distributions. Kovrr leverages the data in order to enrich different parameters of its datasets. We can improve our understanding of the target audience profile by applying additional analytics on the data, Kovrr can deduct the entities who have suffered from the breach, this information may include location, job description and company. We also have extended information on the attack vector. Kovrr uses metadata regarding the attack to understand the attack vector used to install the malware, which is critical to understanding attack and exploitation patterns. Cynerio Medical and IoT devices in healthcare environments grow more numerous and vulnerable every day, and mitigating their risk is becoming more complex. The Cynerio platform uses a granular inventory classification taxonomy which tracks device types, functions, vendors, models, serial numbers, firmware/OS, MAC, and IP+ methods of medical devices. Drilldowns into VLANs, ports, kernels, HW, services, browsers, and FDA class, classification, and recalls are also provided. Cynerio then leverages this data to monitor, verify, and reduce the risk of IoT and IoMT device vulnerabilities through direct communication with vendors, third-party solution providers, and cybersecurity governance organizations.How Kovrr uses this dataKovrr has secured unique cyber information sources per industry to have more detailed data reflecting the cyber risk landscape. Kovrr receives aggregated data on compromised medical IoT devices and relevant vulnerabilities, corresponding to companiesâ geographic location, size and industry that shows instances of potential attack per type of device. For this specific source, Kovrrâs extended insights surrounding healthcare cybersecurity feeds into the industry exposure database. In turn this provides more accurate data on the frequency and severity of events affecting organizations in the healthcare industry and assists in better analysis of understanding a companyâs cyber resilience.Sedric.me Sedric integrates into all communication systems of organizations and provides cyber risk management teams with a solution to securely store company interactions with internal and external users. By monitoring a wide range of interactions, Sedric uses AI to detect intentions related to regulatory, compliance, and company misconduct without the need for explicit exact phrase or rule matches.  The platform securely cleans ,encrypts and stores data associated with GDPR, PCI, PHI, and other violations before it enters a companyâs system.âHow Kovrr uses this dataKovrr receives aggregated data of sensitive data records corresponding to companiesâ g | Ransomware Malware Vulnerability Threat Prediction Medical | ★★★ | |
 |
2021-10-18 23:11:57 | Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia (lien direct) | A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.
Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka |
Malware Threat | ||
 |
2021-10-18 16:23:21 | Twitter Suspends Accounts Used to Snare Security Researchers (lien direct) | The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. | Malware | ||
 |
2021-10-18 13:28:10 | State-backed hackers breach telcos with custom malware (lien direct) | A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. [...] | Malware | ||
 |
2021-10-18 11:43:08 | BlackByte ransomware decryptor released (lien direct) | The "odd" malware avoids systems based on Russian and ex-USSR languages. | Ransomware Malware | ||
 |
2021-10-16 23:02:42 | Trickbot spreads malware through new distribution channels (lien direct) | TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and […] | Malware | ||
|
2021-10-16 15:42:52 | Russia-Linked TA505 targets financial institutions in a new malspam campaign (lien direct) | Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware campaign, tracked as MirrorBlast, targeting financial institutions in multiple geographies. TA505 hacking group has been active since 2014 […] | Malware | ||
 |
2021-10-15 13:22:31 | Russia-Linked TA505 Back at Targeting Financial Institutions (lien direct) | Russia-linked threat actor TA505 has been observed using a lightweight Office file for malware distribution in a new campaign targeting financial institutions in multiple geographies. The attacks target organizations across multiple sectors in Canada, the United States, Hong Kong, Europe, and more, and have seen low detection rates in Google's VirusTotal scanning engine. | Malware Threat | ||
 |
2021-10-15 09:30:19 | Virus Bulletin: Old malware never dies – it just gets more targeted (lien direct) | Putting a precision payload on top of more generic malware makes perfect sense for malware operators | Malware | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
 |
2021-10-14 10:00:00 | New "Yanluowang" Ransomware Variant Discovered (lien direct) | Malware appears to still be under development, says Symantec | Ransomware Malware | ||
|
2021-10-14 09:30:34 | Google: We\'re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries (lien direct) | Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an |
Malware Threat | ||
 |
2021-10-13 14:13:47 | AT&T Cybersecurity Launches New Managed XDR Solution (lien direct) | AT&T Cybersecurity has launched a dedicated managed Extended Detection and Response (XDR) offering which is available immediately. The AT&T Managed XDR solution features a cloud-based security platform with security threat analytics, machine learning, and third-party connectors to protect endpoint, network, and cloud assets with automated and orchestrated malware prevention, threat detection, and response. At a time where there are increasing complexities, attack surfaces are […] | Malware Threat | ||
|
2021-10-13 12:20:12 | Apple Points to Android Malware Infections in Argument Against Sideloading on iOS (lien direct) | Apple Threat Analysis Report Highlights Risks Posed by Sideloading on iOS Apple on Wednesday published a 30-page threat analysis report in an effort to show why allowing sideloading on iOS would pose serious privacy and security risks to iPhone users. | Malware Threat | ||
 |
2021-10-13 10:00:00 | Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds (lien direct) | IBM X-Force has been tracking the activity of ITG23, a prominent cybercrime gang also known as the TrickBot Gang and Wizard Spider. Researchers are seeing an aggressive expansion of the gang’s malware distribution channels, infecting enterprise users with Trickbot and BazarLoader. This move is leading to more ransomware attacks — particularly ones using the Conti […] | Ransomware Malware Guideline | ||
|
2021-10-12 19:34:32 | Windows Zero-Day Actively Exploited in Widespread Espionage Campaign (lien direct) | The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. | Malware | ||
 |
2021-10-12 17:41:00 | Anomali Cyber Watch: Aerospace and Telecoms Targeted by Iranian MalKamak Group, Cozy Bear Refocuses on Cyberespionage, Wicked Panda is Traced by Malleable C2 Profiles, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Ransomware, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report
(published: October 7, 2021)
Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%).
Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions.
MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110
Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran
Ransomware in the CIS
(published: October 7, 2021)
Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto |
Ransomware Malware Tool Threat Guideline Prediction | APT 41 APT 41 APT 39 APT 29 APT 29 APT 28 | |
 |
2021-10-12 17:07:08 | MysterySnail attacks with Windows zero-day (lien direct) | We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail. | Malware | ||
|
2021-10-12 16:00:34 | SAS 2021: Learning to ChaCha with APT41 (lien direct) | John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor's attribution and the payload, including the infamous CobaltStrike. | Malware Threat Guideline | APT 41 | |
|
2021-10-12 13:00:31 | SAS 2021: Fireside chat with Chris Bing (lien direct) | How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each other in their work. | Malware | ||
|
2021-10-12 04:13:49 | Photo editor Android app STILL sitting on Google Play store is malware (lien direct) | An Android app sitting on the Google Play store touts itself to be a photo editor app. But, it contains code that steals the user's Facebook credentials to potentially run ad campaigns on the user's behalf, with their payment information. The app has scored over 5K installs, with similar spyware apps having 500K+ installs. [...] | Malware | ||
|
2021-10-11 10:44:41 | Huawei Cloud targeted by updated cryptomining malware (lien direct) | A new version of a 2020 crypto-mining malware that was previously targeting Docker containers has now been spotted focusing on new cloud service providers like the Huawei Cloud. [...] | Malware | ||
|
2021-10-11 09:53:45 | FontOnLake malware strikes Linux systems in targeted attacks (lien direct) | The malware is accompanied by a rootkit to sink its claws firmly into vulnerable machines. | Malware | ||
|
2021-10-10 13:16:30 | FontOnLake malware infects Linux systems via trojanized utilities (lien direct) | A newly discovered malware family has been infecting Linux systems concealed in legitimate binaries. Dubbed FontOnLake, the threat delivers backdoor and rootkit components. [...] | Malware Threat | ||
|
2021-10-10 13:07:19 | Security Affairs newsletter Round 335 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Previously undetected FontOnLake Linux malware used in targeted attacks Google addresses four high-severity flaws in Chrome Security […] | Malware | ||
|
2021-10-10 09:47:58 | Previously undetected FontOnLake Linux malware used in targeted attacks (lien direct) | ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. According to the experts, modules of this malware family are under development and continuously improved. […] | Malware | ||
 |
2021-10-08 16:15:08 | CVE-2021-41919 (lien direct) | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers. | Malware | ||
|
2021-10-08 14:26:39 | FontOnLake Linux Malware Used in Targeted Attacks (lien direct) | A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. | Malware | ||
|
2021-10-08 00:25:34 | Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems (lien direct) | Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.
The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature "well-designed modules" that |
Malware | ||
|
2021-10-07 13:53:05 | FIN12 hits healthcare with quick and focused ransomware attacks (lien direct) | While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets. [...] | Ransomware Malware | ||
|
2021-10-07 09:30:16 | FontOnLake: Previously unknown malware family targeting Linux (lien direct) | ESET researchers discover a malware family with tools that show signs they're used in targeted attacks | Malware | ||
|
2021-10-07 07:53:47 | Operation GhostShell: MalKamak APT targets aerospace and telco firms (lien direct) | Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus and Incident Response Teams discovered a new threat actor that is targeting organizations in the aerospace and telecommunications sectors with the ShellClient malware as part […] | Malware Threat | ||
|
2021-10-06 19:06:00 | Inside TeamTNT\'s Impressive Arsenal: A Look Into A TeamTNT Server (lien direct) | Authored By: Tara Gould
Key Findings
Anomali Threat Research has discovered an open server to a directory listing that we attribute with high confidence to the German-speaking threat group, TeamTNT.
The server contains source code, scripts, binaries, and cryptominers targeting Cloud environments.
Other server contents include Amazon Web Services (AWS) Credentials stolen from TeamTNT stealers are also hosted on the server.
This inside view of TeamTNT infrastructure and tools in use can help security operations teams to improve detection capabilities for related attacks, whether coming directly from TeamTNT or other cybercrime groups leveraging their tools.
Overview
Anomali Threat Research has identified a TeamTNT server open to directory listing. The server was used to serve scripts and binaries that TeamTNT use in their attacks, and also for the IRC communications for their bot. The directory appears to have been in use since at least August 2021 and was in use as of October 5, 2021. The contents of the directory contain metadata, scripts, source code, and stolen credentials.
TeamTNT is a German-speaking, cryptojacking threat group that targets cloud environments. The group typically uses cryptojacking malware and have been active since at least April 2020.[1] TeamTNT activity throughout 2021 has targeted AWS, Docker, GCP, Linux, Kubernetes, and Windows, which corresponds to usual TeamTNT activity.[2]
Technical Analysis
Scripts (/cmd/)
Figure 1 - Overview of /cmd/
Contained on the server are approximately 50 scripts, most of which are already documented, located in the /cmd/ directory. The objective of the scripts vary and include the following:
AWS Credential Stealer
Diamorphine Rootkit
IP Scanners
Mountsploit
Scripts to set up utils
Scripts to setup miners
Scripts to remove previous miners
Figure 2 - Snippet of AWS Credential Stealer Script
Some notable scripts, for example, is the script that steals AWS EC2 credentials, shown above in Figure 2. The AWS access key, secret key, and token are piped into a text file that is uploaded to the Command and Control (C2) server.
Figure 3 - Chimaera_Kubernetes_root_PayLoad_2.sh
Another interesting script is shown in Figure 3 above, which checks the architecture of the system, and retrieves the XMRig miner version for that architecture from another open TeamTNT server, 85.214.149[.]236.
Binaries (/bin/)
Figure 4 - Overview of /bin
Within the /bin/ folder, shown in Figure 4 above, there is a collection of malicious binaries and utilities that TeamTNT use in their operations.
Among the files are well-known samples that are attributed to TeamTNT, including the Tsunami backdoor and a XMRig cryptominer. Some of the tools have the source code located on the server, such as TeamTNT Bot. The folder /a.t.b contains the source code for the TeamTNT bot, shown in Figures 5 and 6 below. In addition, the same binaries have been found on a TeamTNT Docker, noted in Appendix A.
|
Malware Tool Threat | Uber APT 32 | |
|
2021-10-06 18:11:58 | ESPecter Bootkit Malware Haunts Victims with Persistent Espionage (lien direct) | The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager. | Malware | ||
|
2021-10-06 15:42:54 | Hackers use stealthy ShellClient malware on aerospace, telco firms (lien direct) | Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018. [...] | Malware Threat | ||
|
2021-10-06 09:30:56 | To the moon and hack: Fake SafeMoon app drops malware to spy on you (lien direct) | Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze | Malware | ||
 |
2021-10-06 08:14:10 | This Android malware lures in victims with fake vaccine appointments (lien direct) | Pas de details / No more details | Malware | ||
|
2021-10-05 18:28:00 | Anomali Cyber Watch: New APT ChamelGang, FoggyWeb, VMWare Vulnerability Exploited and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, FoggyWeb, Google Chrome Bugs, Hydra Malware, NOBELIUM and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google Just Patched These Two Chrome Zero-day Bugs That Are Under Attack Right Now
(published: October 1, 2021)
Google has warned users of Google Chrome to update to version 94.0.4606.71, due to two new zero-days that are currently being exploited in the wild. This marks the second update in a month due to actively exploited zero-day flaws. The first of these common vulnerabilities and exposures (CVEs), CVE-2021-37975, is a high severity flaw in the V8 JavaScript engine, which has been notoriously difficult to protect and could allow attackers to create malware that is resistant to hardware mitigations.
Analyst Comment: Users and organizations are recommended to regularly check for and apply updates to the software applications they use, especially web browsers that are increasingly used for a variety of tasks. Organizations can leverage the capabilities of Anomali Threatstream to rapidly get information about new CVEs that need to be mitigated through their vulnerability management program.
Tags: CVE-2021-37975, CVE-2021-37976, chrome, zero-day
Hydra Malware Targets Customers of Germany's Second Largest Bank
(published: October 1, 2021)
A new campaign leveraging the Hydra banking trojan has been discovered by researchers. The malware containing an Android application impersonates the legitimate application for Germany's largest bank, Commerzbank. While Hydra has been seen for a number of years, this new campaign incorporates many new features, including abuse of the android accessibility features and permissions which give the application the ability to stay running and hidden with basically full administrator privileges over a victim's phone. It appears to be initially spread via a website that imitates the official Commerzbank website. Once installed it can spread via bulk SMS messages to a user's contacts.
Analyst Comment: Applications, particularly banking applications, should only be installed from trusted and verified sources and reviewed for suspicious permissions they request. Similarly, emails and websites should be verified before using.
Tags: Banking and Finance, EU, Hydra, trojan
New APT ChamelGang Targets Russian Energy, Aviation Orgs
(published: October 1, 2021)
A new Advanced Persistent Threat (APT) group dubbed “ChamelGang” has been identified to be targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at Positive Technologies have been tracking the group since March 2017, and have observed that they have attacked targets in 10 countries so far. The group has been able to hi |
Ransomware Malware Tool Vulnerability Threat Guideline | Solardwinds Solardwinds APT 27 | |
|
2021-10-05 06:16:08 | New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (lien direct) | Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.
"The image we uncovered was that of a state-sponsored campaign that plays on |
Malware Guideline | APT 41 | |
|
2021-10-04 20:31:06 | Encrypted & Fileless Malware Sees Big Growth (lien direct) | An analysis of second-quarter malware trends shows that threats are becoming stealthier. | Malware | ||
|
2021-10-03 19:38:53 | TA544 group behind a spike in Ursnif malware campaigns targeting Italy (lien direct) | Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns distributing hundreds of thousands of malicious […] | Malware Threat | ||
|
2021-10-02 14:17:02 | Flubot Android banking Trojan spreads via fake security updates (lien direct) | The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the […] | Malware Threat | ||
|
2021-10-01 15:27:01 | Flubot Malware Targets Androids With Fake Security Updates (lien direct) | The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. | Malware | ||
|
2021-10-01 14:46:22 | Hydra Android trojan campaign targets customers of European banks (lien direct) | Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan. According to malware researchers from the MalwareHunterTeam and Cyble, the new campaign mainly impacted the customers of Commerzbank, Germany's […] | Malware | ||
|
2021-10-01 13:34:12 | BloodyStealer trojan targets most major gaming platforms (lien direct) | Kaspersky has this week released the findings of their research on the malware dubbed BloodyStealer. According to its creators, the malware can steal passwords, cookies, bank card details, browser autofill data, screenshots and more, and it is advertised on underground forums. It looks like the criminals behind BloodyStealer are targeting gamers, as they are selling […] | Malware | ||
|
2021-10-01 12:36:25 | New APT ChamelGang Targets Russian Energy, Aviation Orgs (lien direct) | First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. | Malware | ||
|
2021-10-01 09:19:20 | Flubot Android malware now spreads via fake security updates (lien direct) | The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. [...] | Malware | ||
|
2021-10-01 08:18:18 | Hydra malware targets customers of Germany\'s second largest bank (lien direct) | The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany's second-largest financial institution. [...] | Malware | ||
 |
2021-10-01 06:51:00 | Amnesty International exploited in malware campaign (lien direct) | Pas de details / No more details | Malware | ||
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat |
To see everything:
Our RSS (filtrered)
