What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-09 08:00:24 | New Symbiote malware infects all running processes on Linux systems (lien direct) | Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access. [...] | Malware Threat | ★★ | |
|
2022-06-08 12:20:26 | Emotet malware now steals credit cards from Google Chrome users (lien direct) | The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. [...] | Malware | ||
|
2022-06-08 10:55:57 | Cuba ransomware returns to extorting victims with updated encryptor (lien direct) | The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. [...] | Ransomware Malware | ||
|
2022-06-08 09:52:37 | Poisoned CCleaner search results spread information-stealing malware (lien direct) | Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. [...] | Malware | CCleaner CCleaner | |
|
2022-06-07 18:24:11 | New SVCReady malware loads from Word doc properties (lien direct) | A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. [...] | Malware | ||
|
2022-06-07 18:03:35 | Qbot malware now uses Windows MSDT zero-day in phishing attacks (lien direct) | A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. [...] | Malware | ||
|
2022-06-06 17:01:20 | QBot now pushes Black Basta ransomware in bot-powered attacks (lien direct) | The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments. [...] | Ransomware Malware | ||
|
2022-06-04 10:08:04 | SMSFactory Android malware sneakily subscribes to premium services (lien direct) | Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services. [...] | Malware | ||
|
2022-06-02 12:36:52 | Chinese LuoYu hackers deploy cyber-espionage malware via app updates (lien direct) | A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. [...] | Malware | ||
|
2022-06-02 08:08:11 | Clipminer malware gang stole $1.7M by hijacking crypto payments (lien direct) | Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. [...] | Malware Threat | ||
|
2022-06-01 09:31:39 | FluBot Android malware operation shutdown by law enforcement (lien direct) | Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. [...] | Malware | ||
|
2022-05-31 11:45:04 | New XLoader botnet uses probability theory to hide its servers (lien direct) | Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...] | Malware Threat | ||
|
2022-05-29 12:39:55 | (Déjà vu) EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws (lien direct) | EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...] | Malware | ||
|
2022-05-29 12:39:55 | EnemyBot malware adds exploits for critical bugs in VMware, F5 BIG-IP (lien direct) | EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...] | Malware | ||
|
2022-05-29 11:15:22 | Mobile trojan detections rise as malware distribution level declines (lien direct) | Kaspersky's quarterly report on mobile malware distribution records a downward trend that started at the end of 2020, detecting one-third of the malicious installations reported in Q1 2021, and about 85% of those counted in Q4 2021. [...] | Malware | ||
|
2022-05-28 10:01:33 | New Windows Subsystem for Linux malware steals browser auth cookies (lien direct) | Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [...] | Malware | ||
|
2022-05-26 03:16:08 | New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps (lien direct) | The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. [...] | Malware | ||
|
2022-05-25 13:00:00 | New ChromeLoader malware surge threatens browsers worldwide (lien direct) | The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. [...] | Malware | ||
|
2022-05-25 07:21:30 | BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) | New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] | Malware Vulnerability Threat | ||
|
2022-05-22 12:15:10 | PDF smuggles Microsoft Word doc to drop Snake Keylogger malware (lien direct) | Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...] | Malware Threat | ||
|
2022-05-19 13:45:00 | Microsoft detects massive surge in Linux XorDDoS malware activity (lien direct) | A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...] | Malware Hack | ★★★★★ | |
|
2022-05-16 14:05:30 | Ukraine supporters in Germany targeted with PowerShell RAT malware (lien direct) | An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...] | Malware Threat | ||
|
2022-05-15 12:34:09 | Fake Pixelmon NFT site infects you with password-stealing malware (lien direct) | A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets. [...] | Malware | ||
|
2022-05-13 16:58:23 | The Week in Ransomware - May 13th 2022 - A National Emergency (lien direct) | While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...] | Ransomware Malware Threat | ||
|
2022-05-13 13:48:24 | Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits (lien direct) | Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. [...] | Malware | ||
|
2022-05-13 12:24:40 | Fake Binance NFT Mystery Box bots steal victim\'s crypto wallets (lien direct) | A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. [...] | Malware | ||
|
2022-05-12 15:18:45 | Eternity malware kit offers stealer, miner, worm, ransomware tools (lien direct) | Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...] | Ransomware Malware Threat | ||
|
2022-05-12 13:07:33 | BPFdoor: Stealthy Linux malware bypasses firewalls for remote access (lien direct) | A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [...] | Malware | ||
|
2022-02-10 19:20:20 | Microsoft fixes Defender flaw letting hackers bypass antivirus scans (lien direct) | Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. [...] | Malware | ||
|
2022-02-10 11:25:10 | Qbot, Lokibot malware switch back to Windows Regsvr32 delivery (lien direct) | Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe. [...] | Malware | ||
|
2022-02-09 10:26:31 | Ransomware dev releases Egregor, Maze master decryption keys (lien direct) | The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. [...] | Ransomware Malware | ||
|
2022-02-09 07:58:50 | Fake Windows 11 upgrade installers infect you with RedLine malware (lien direct) | Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. [...] | Malware Threat | ||
|
2022-02-09 03:17:34 | Molerats hackers deploy new malware in highly evasive campaign (lien direct) | The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. [...] | Malware | ||
|
2022-02-08 15:35:47 | Kimsuki hackers use commodity RATs with custom Gold Dragon malware (lien direct) | South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. [...] | Malware | APT 43 | |
|
2022-02-08 03:12:24 | Qbot needs only 30 minutes to steal your credentials, emails (lien direct) | The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. [...] | Malware | ||
|
2022-02-07 13:35:05 | (Déjà vu) Microsoft plans to kill malware delivery via Office macros (lien direct) | Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. [...] | Malware | ||
|
2022-02-07 12:05:03 | Google Cloud hypervisor modified to detect cryptominers without agents (lien direct) | Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. [...] | Malware Threat | ||
|
2022-02-07 11:38:44 | Medusa malware ramps up Android SMS phishing attacks (lien direct) | The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud. [...] | Malware | ||
|
2022-02-07 09:47:54 | Roaming Mantis Android malware campaign sets sights on Europe (lien direct) | The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages. [...] | Malware | ||
|
2022-02-04 19:10:06 | Microsoft disables MSIX protocol handler abused in Emotet attacks (lien direct) | Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability. [...] | Malware | ||
|
2022-02-03 10:38:37 | State hackers\' new malware helped them stay undetected for 250 days (lien direct) | A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies. [...] | Malware | ||
|
2022-02-02 09:46:34 | SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers (lien direct) | A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. [...] | Malware Tool | ||
|
2022-02-01 16:59:18 | Malicious CSV text files used to install BazarBackdoor malware (lien direct) | A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...] | Malware | ||
|
2022-02-01 14:00:00 | Cyberspies linked to Memento ransomware use new PowerShell malware (lien direct) | An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...] | Ransomware Malware Conference | APT 35 APT 35 | |
|
2022-02-01 13:41:04 | Powerful new Oski variant \'Mars Stealer\' grabbing 2FAs and crypto (lien direct) | A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...] | Malware | ||
|
2022-01-31 11:14:28 | Russian \'Gamaredon\' hackers use 8 new malware payloads in attacks (lien direct) | The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...] | Malware | ||
|
2022-01-27 13:31:40 | Lazarus hackers use Windows Update to deploy malware (lien direct) | North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems. [...] | Malware | APT 38 | |
|
2022-01-27 09:23:25 | Russian APT29 hackers\' stealthy malware undetected for years (lien direct) | Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. [...] | Malware | APT 29 | |
|
2022-01-26 09:19:25 | New FluBot and TeaBot campaigns target Android devices worldwide (lien direct) | New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. [...] | Malware | ||
|
2022-01-25 15:06:27 | TrickBot now crashes researchers\' browsers to block malware analysis (lien direct) | The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts. [...] | Malware |
To see everything:
Our RSS (filtrered)
