What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-16 07:15:34 | Avast releases free BianLian ransomware decryptor (lien direct) | Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers. [...] | Ransomware Malware | ★★ | |
 |
2023-01-16 05:00:03 | Ransomware Diaries: Undercover with the Leader of Lockbit (lien direct) |  An unusual announcement appeared in Russian Dark Web forums in June of 2020. Amid the hundreds of ads offering stolen credit card numbers and batches of personally identifiable information there was a Call for Papers. “We're kicking off the summer PAPER CONTEST,” it read. “Accepted article topics include any methods for popuring shells, malware and [… |
Ransomware Malware Guideline | ★★★ | |
 |
2023-01-16 00:00:00 | Abusing a GitHub Codespaces Feature For Malware Delivery (lien direct) | Proof of Concept (POC): We investigate one of the GitHub Codespaces' real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server. | Malware | ★★★ | |
 |
2023-01-15 22:05:17 | AI Can Write Malware Now. Are We Doomed? (lien direct) | >Today’s AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now? | Malware Medical | ★★ | |
|
2023-01-14 17:28:34 | CircleCI\'s hack caused by malware stealing engineer\'s 2FA-backed session (lien direct) | Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems. [...] | Malware Hack | ★★★★ | |
 |
2023-01-14 14:11:00 | Malware Attack on CircleCI Engineer\'s Laptop Leads to Recent Security Incident (lien direct) | DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus | Malware Threat | ★★★ | |
|
2023-01-13 22:09:00 | Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (lien direct) | Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in | Malware | ★★★ | |
 |
2023-01-13 20:00:00 | Malware Comes Standard With This Android TV Box on Amazon (lien direct) | The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted. | Malware Prediction | ★★★★ | |
|
2023-01-13 16:56:00 | Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar (lien direct) | Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher | Malware Threat | ★★★ | |
 |
2023-01-13 14:43:00 | 2022 IoT Threat Review (lien direct) | FortiGuard Labs continuously monitors the IoT botnet threat landscape for new and emerging campaigns. Read our blog with insights into malware campaigns that have been actively targeting IoT devices for infection. | Malware Threat | ★★★★ | |
 |
2023-01-13 12:01:00 | Attackers deploy sophisticated Linux implant on Fortinet network security devices (lien direct) | In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw.Based on currently available information, the original zero-day attack was highly targeted to government-related entities. However, since the vulnerability has been known for over a month, all customers should patch it as soon as possible as more attackers could start using it.Remote code execution in FortiOS SSL-VPN The vulnerability, tracked as CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.To read this article in full, please click here | Malware Vulnerability | ★★★ | |
|
2023-01-13 11:00:40 | December 2022\'s Most Wanted Malware: Glupteba Entering Top Ten and Qbot in First Place (lien direct) | >Check Point Research reports that Glupteba has returned to the top ten list for the first time since July 2022. Qbot overtook Emotet as the most prevalent malware in December, while android malware Hiddad made a comeback Our latest Global Threat Index for December 2022 saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to… | Malware Threat | ★★ | |
 |
2023-01-13 04:32:36 | (Déjà vu) ASEC Weekly Malware Statistics (January 2nd, 2023 – January 8th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 2nd, 2023 (Monday) to January 8th, 2023 (Sunday). For the main category, downloader ranked top with 55.9%, followed by Infostealer with 21.3%, backdoor with 14.2%, ransomware with 7.9%, and CoinMiner with 0.8%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 32.3%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-01-13 00:52:34 | Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack (lien direct) | The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware... | Malware Tool Threat | ★★ | |
|
2023-01-12 22:20:00 | Researchers Find \'Digital Crime Haven\' While Investigating Magecart Activity (lien direct) | A security vendor's investigation of infrastructure associated with a new, crypto-focused Magecart skimmer leads to discovery of cryptoscam sites, malware distribution marketplace, Bitcoin mixers, and more. | Malware Guideline | ★★★ | |
|
2023-01-12 20:16:00 | IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (lien direct) | A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in | Malware Threat | ★★ | |
|
2023-01-12 19:11:00 | Critical Cisco SMB Router Flaw Allows Authentication Bypass, PoC Available (lien direct) | Unpatched Cisco bugs, tracked as CVE-2023-20025 and CVE-2023-20026, allow lateral movement, data theft, and malware infestations. | Malware | ★★ | |
|
2023-01-12 17:24:02 | RAT malware campaign tries to evade detection using polyglot files (lien direct) | Operators of the StrRAT and Ratty remote access trojans (RAT) are running a new campaign using polyglot MSI/JAR and CAB/JAR files to evade detection from security tools. [...] | Malware | ★★★ | |
|
2023-01-12 15:41:56 | Android TV box on Amazon came pre-installed with malware (lien direct) | A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. [...] | Malware | ★★★ | |
|
2023-01-12 09:58:00 | BrandPost: The Unrelenting Rise of Botnet Threats (lien direct) | As the world has moved to scalable online services for everything from video streaming to gaming to messaging, it's really no surprise that malware has followed close behind. Specifically, threats such as botnets are evolving and scaling at such speeds that it's more important than ever to proactively manage potential security threats. Botnets, a portmanteau or blend of the phrase robot networks, are collections of malware-infected computing resources that can be used to attack any connected target system. They're a growing risk for every organization, enabling cyber criminals to steal passwords and gain access to corporate systems, deploy disruptive attacks that shut down entire network, or even hijack corporate data with ransomware.To read this article in full, please click here | Malware | ★★★ | |
|
2023-01-11 23:05:00 | New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (lien direct) | A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is malware that has increasingly come under the radar for being used in attacks aimed at finance, | Malware Threat | ★★ | |
|
2023-01-11 19:54:00 | Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks (lien direct) | A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common keywords | Malware | ★★ | |
 |
2023-01-11 16:12:31 | Red Hat Announces General Availability of Malware Detection Service (lien direct) | Red Hat announced on Tuesday the general availability of a malware detection service for Red Hat Enterprise Linux (RHEL) systems. | Malware | ★★ | |
 |
2023-01-11 14:13:11 | Kinsing Malware Hits Kubernetes Clusters By Flawed PostgreSQL (lien direct) | As of late, Kubernetes clusters have been actively breached by the Kinsing malware, which exploits vulnerabilities in container images and misconfigured, exposed PostgreSQL containers. While not new, the Defender for Cloud team at Microsoft has noticed a spike in recent months, suggesting that the threat actors are increasingly focusing on narrow access points. Kinsing is […] | Malware Threat | Uber | ★★ |
 |
2023-01-11 14:11:14 | Analyse des Royal-Ransomware Exploits (lien direct) | Die Royal Ransomware wurde erstmals im Januar 2022 beobachtet und wurde unter anderem von den Bedrohungsakteuren DEV-0569 eingesetzt. Die Gruppe nutzt Google-Anzeigen, um Benutzer auf Foren, Beiträge und Blog-Kommentare umzuleiten, oder versendet Phishing-E-Mails, die Links zum Herunterladen der Malware enthalten. Bei einer anderen Kampagne wird der erste Zugang über „Callback“-Phishing-Angriffe erlangt. Bei dieser Art von Angriffen senden die Angreifer eine E-Mail mit der Aufforderung, ein Abonnement zu aktualisieren, und fordern das Opfer auf, die angegebene Nummer anzurufen. Wenn die Opfer den in der E-Mail erwähnten Anruf tätigen, - Sonderberichte | Ransomware Malware | ★★ | |
|
2023-01-11 12:24:19 | Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike (lien direct) | The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons. [...] | Malware | ★★ | |
|
2023-01-11 07:17:00 | Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd (lien direct) | Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our ongoing analysis. Read more. | Malware | ★★ | |
|
2023-01-11 02:00:00 | New Dark Pink APT group targets govt and military with custom malware (lien direct) | Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information. [...] | Malware Threat | ★★ | |
 |
2023-01-11 01:00:00 | A View Into Web(View) Attacks in Android (lien direct) | >James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware […] | Malware | ★★ | |
|
2023-01-10 22:10:00 | (Déjà vu) StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users (lien direct) | The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report. "The app is | Malware Threat | ★ | |
 |
2023-01-10 21:19:41 | Novel macOS malware strains with Chinese origins prevalent (lien direct) | SecurityWeek reports that many of the over 12 new macOS malware families identified in 2022, which is an increase from eight new malware families discovered in 2021, were associated with China. | Malware | ★★ | |
|
2023-01-10 21:14:26 | Kubernetes clusters compromised by Kinsing malware (lien direct) | BleepingComputer reports that Kubernetes clusters are being compromised by the Kinsing malware through container image vulnerabilities and misconfigured PostgreSQL containers. | Malware | Uber | ★★ |
|
2023-01-10 18:24:00 | Italian Users Warned of Malware Attack Targeting Sensitive Information (lien direct) | A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a report. | Malware | ★★ | |
|
2023-01-10 18:05:01 | Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (lien direct) | A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware. [...] | Malware | ★★★★ | |
 |
2023-01-10 16:30:00 | Anomali Cyber Watch: Turla Re-Registered Andromeda Domains, SpyNote Is More Popular after the Source Code Publication, Typosquatted Site Used to Leak Company\'s Data (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Artificial intelligence, Expired C2 domains, Data leak, Mobile, Phishing, Ransomware, and Typosquatting. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
OPWNAI : Cybercriminals Starting to Use ChatGPT
(published: January 6, 2023)
Check Point researchers have detected multiple underground forum threads outlining experimenting with and abusing ChatGPT (Generative Pre-trained Transformer), the revolutionary artificial intelligence (AI) chatbot tool capable of generating creative responses in a conversational manner. Several actors have built schemes to produce AI outputs (graphic art, books) and sell them as their own. Other actors experiment with instructions to write an AI-generated malicious code while avoiding ChatGPT guardrails that should prevent such abuse. Two actors shared samples allegedly created using ChatGPT: a basic Python-based stealer, a Java downloader that stealthily runs payloads using PowerShell, and a cryptographic tool.
Analyst Comment: ChatGPT and similar tools can be of great help to humans creating art, writing texts, and programming. At the same time, it can be a dangerous tool enabling even low-skill threat actors to create convincing social-engineering lures and even new malware.
MITRE ATT&CK: [MITRE ATT&CK] T1566 - Phishing | [MITRE ATT&CK] T1059.001: PowerShell | [MITRE ATT&CK] T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | [MITRE ATT&CK] T1560 - Archive Collected Data | [MITRE ATT&CK] T1005: Data from Local System
Tags: ChatGPT, Artificial intelligence, OpenAI, Phishing, Programming, Fraud, Chatbot, Python, Java, Cryptography, FTP
Turla: A Galaxy of Opportunity
(published: January 5, 2023)
Russia-sponsored group Turla re-registered expired domains for old Andromeda malware to select a Ukrainian target from the existing victims. Andromeda sample, known from 2013, infected the Ukrainian organization in December 2021 via user-activated LNK file on an infected USB drive. Turla re-registered the Andromeda C2 domain in January 2022, profiled and selected a single victim, and pushed its payloads in September 2022. First, the Kopiluwak profiling tool was downloaded for system reconnaissance, two days later, the Quietcanary backdoor was deployed to find and exfiltrate files created in 2021-2022.
Analyst Comment: Advanced groups are often utilizing commodity malware to blend their traffic with less sophisticated threats. Turla’s tactic of re-registering old but active C2 domains gives the group a way-in to the pool of existing targets. Organizations should be vigilant to all kinds of existing infections and clean them up, even if assessed as “less dangerous.” All known network and host-based indicators and hunting rules associated |
Ransomware Malware Tool Threat | ChatGPT APT-C-36 | ★★ |
|
2023-01-10 16:10:39 | The number of cloud apps delivering malware nearly tripled in 2022 (lien direct) | Netskope researchers point out that 30% of all cloud malware downloads last year originated from Microsoft OneDrive. | Malware | ★★ | |
|
2023-01-10 15:04:00 | Netskope Threat Research: Malware-Delivering Cloud Apps Nearly Tripled in 2022 (lien direct) | 401 distinct cloud apps shown to deliver malware; Microsoft OneDrive delivered 30% of all cloud malware downloads. | Malware Threat | ★★★ | |
|
2023-01-10 12:49:25 | PyPI Users Targeted With PoweRAT Malware (lien direct) | Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer. | Malware | ★★ | |
 |
2023-01-10 12:18:55 | ChatGPT-Written Malware (lien direct) | I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—some with little or no coding experience—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It's still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”... | Malware Tool Prediction | ChatGPT | ★★ |
 |
2023-01-09 21:15:11 | Python Package Index found stuffed with AWS keys and malware (lien direct) | British developer uses homegrown scanning tool to check for risks The Python Package Index, or PyPI, continues to surprise and not in a good way.… | Malware Tool | ★★ | |
|
2023-01-09 16:16:26 | Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (lien direct) | The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. [...] | Malware | Uber | ★★ |
 |
2023-01-09 11:00:00 | Understanding Malware-as-a-Service (MaaS): The future Of cyber attack accessibility (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the explosive growth of technology, businesses are more vulnerable than ever to malicious cyber attacks. And as cybercriminals become more sophisticated, new methods of attack are popping up left and right. To add fuel to the fire, the average cost of a data breach increased from $3.86 million to $4.24 million in 2021. That's costly enough to put most SMBs into the red. Not to mention the reputational damage it can cause for your brand. Avoid this dreaded fate by protecting yourself against the latest cybersecurity developments — like Malware-as-a-Service (MaaS) — to protect your networks, data, systems, and business reputation. If you've never heard of Malware-as-a-Service (MaaS) before, don't fret. This article is for you. We'll teach you everything you need to know about Malware-as-a-Service and wrap it up by sharing some best practices for protecting your proprietary company data from potential threats. Let's dive in. What is Malware-as-a-Service (Maas)? Malware-as-a-Service (MaaS) is a type of cyber attack in which criminals offer malware and deployment services to other hackers or malicious actors on the internet. These services typically are available on the dark web. When purchased, a bad actor can carry out various malicious activities, such as stealing sensitive information, disrupting computer systems, or encrypting data and demanding a ransom to unlock it. Some of the most common types of malware include the following: Viruses: Programs that can replicate themselves and spread to other computers. They can cause various problems, such as disrupting computer operations, stealing information, or damaging files. Trojan horses: These programs masquerade themselves as legitimate software but can carry out malicious activities, such as stealing data or giving attackers unauthorized access to a computer. Worms: A self-replicating program that can spread across networks, disrupting computer operations and consuming network resources. Adware: Software that displays unwanted advertisements on a computer. It can be intrusive and annoying and sometimes track a user's online activities. Ransomware: Encryption of a victim's data with the demand for a ransom payment to unlock it. It can devastate businesses, resulting in losing important data and files. Spyware: Software designed to collect information about a user's online activities without their knowledge or consent to steal sensitive information (like financial statements and passwords). Bots: Often used in conjunction with other types of malware, such as viruses or worms. For example, a virus could infect a computer and then download and install a bot, which could carry out malicious activities on that computer or other computers on the network. MaaS makes it easier for cybercriminals to launch attacks, as they can purchase and use pre-made malware without developing it themselves. This distinction can make it harder for law enforcement, cybersecurity experts, and IT teams to track down the people responsible for the attacks. And sadly, cyber-attacks are industry agnostic. For example, in the transportation industry, cybercriminals exploit vulnerabilities of electronic logging devices and steal valuable information from cloud-connected trucks. MaaS is also a significant threat to online job boards like | Ransomware Data Breach Malware Threat | ★★★ | |
 |
2023-01-09 10:00:00 | Threat Actors Spread RAT Via Pokemon NFT Card Site (lien direct) | Phishing page lures unsuspecting users into installing remote access malware | Malware Threat | ★★ | |
|
2023-01-08 11:45:00 | Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors (lien direct) | The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called | Malware | ★★★★★ | |
|
2023-01-07 10:12:06 | Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (lien direct) | Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. [...] | Malware | ★★ | |
 |
2023-01-06 22:05:06 | ChatGPT is enabling script kiddies to write functional malware (lien direct) | For a beta, ChatGPT isn't all that bad at writing fairly decent malware. | Malware | ChatGPT | ★★★ |
|
2023-01-06 19:45:00 | Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS (lien direct) | Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these | Ransomware Malware Threat | ★★★ | |
|
2023-01-06 19:16:00 | Dridex Malware Now Attacking macOS Systems with Novel Infection Method (lien direct) | A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel | Malware Prediction | ★★★ | |
|
2023-01-06 18:46:00 | PurpleUrchin Gang Embraces DevOps In Massive Cloud Malware Campaign (lien direct) | The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial resources for cryptomining, but the threat could get larger. | Malware Threat | ★★★ | |
|
2023-01-06 15:44:09 | Many of 13 New Mac Malware Families Discovered in 2022 Linked to China (lien direct) | More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China. | Malware | ★★★★ |
To see everything:
