Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-01-12 05:09:28 |
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware (lien direct) |
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems.
The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, |
Malware
|
|
|
|
2022-01-12 02:54:38 |
New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users (lien direct) |
A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021.
"SysJoker masquerades as a system update and generates its [command-and-control server] by decoding a string retrieved from a text file hosted on |
Malware
|
|
|
|
2022-01-09 22:05:18 |
BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks (lien direct) |
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government entities and individuals with a research focus on molecular medicine and biological science.
"Ironically, all the information we gathered was possible thanks to the |
Malware
|
|
|
|
2022-01-06 02:45:40 |
(Déjà vu) New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly (lien direct) |
Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise.
The discovery - dubbed "NoReboot" - comes courtesy of mobile security firm ZecOps, which found that it's possible to block and then simulate an iOS rebooting operation, |
Malware
|
|
|
|
2022-01-05 03:01:48 |
New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification (lien direct) |
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and Microsoft's digital signature verification to siphon user credentials and sensitive information.
Israeli cybersecurity company Check Point Research, which has been tracking the sophisticated infection chain since November 2021, attributed it to a cybercriminal group dubbed Malsmoke, citing similarities |
Malware
|
|
|
|
2022-01-04 21:13:47 |
Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities (lien direct) |
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems.
"Exploitation attempts and testing have remained high during the last weeks of December," Microsoft Threat Intelligence Center (MSTIC) said in revised guidance |
Malware
Threat
|
|
|
|
2022-01-03 22:59:15 |
Beware of Fake Telegram Messenger App Hacking PCs with Purple Fox Malware (lien direct) |
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems.
That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads.
"This threat actor was able to leave most parts of |
Malware
Threat
|
|
|
|
2022-01-03 03:51:38 |
Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanations (lien direct) |
Cybersecurity researchers have proposed a novel approach that leverages electromagnetic field emanations from the Internet of Things (IoT) devices as a side-channel to glean precise knowledge about the different kinds of malware targeting the embedded systems, even in scenarios where obfuscation techniques have been applied to hinder analysis.
With the rapid adoption of IoT appliances presenting |
Malware
|
|
|
|
2021-12-30 02:22:06 |
New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks (lien direct) |
A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out (iLO) server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems.
The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity |
Malware
|
|
|
|
2021-12-29 06:27:53 |
Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics (lien direct) |
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed.
Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from |
Malware
Threat
|
|
|
|
2021-12-28 01:47:25 |
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers (lien direct) |
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.
DanderSpritz came to light on April 14, 2017, when a hacking group known as the Shadow Brokers leaked the exploit tool, among |
Malware
Tool
|
|
|
|
2021-12-27 03:32:03 |
\'Spider-Man: No Way Home\' Pirated Downloads Contain Crypto-Mining Malware (lien direct) |
Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie.
As perhaps the most talked-about movie for |
Malware
Guideline
|
|
|
|
2021-12-27 00:07:05 |
New Android Malware Targeting Brazil\'s Itaú Unibanco Bank Customers (lien direct) |
Researchers have discovered a new Android banking malware that targets Brazil's Itaú Unibanco with the help of lookalike Google Play Store pages to carry out fraudulent financial transactions on victim devices without their knowledge.
“This application has a similar icon and name that could trick users into thinking it is a legitimate app related to Itaú Unibanco,” Cyble researchers said in a |
Malware
|
|
|
|
2021-12-24 05:07:16 |
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security (lien direct) |
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code.
Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the issue relates |
Malware
Vulnerability
Threat
|
|
|
|
2021-12-24 03:32:57 |
New Ransomware Variants Flourish Amid Law Enforcement Actions (lien direct) |
Ransomware groups continue to evolve their tactics and techniques to deploy file-encrypting malware on compromised systems, notwithstanding law enforcement's disruptive actions against the cybercrime gangs to prevent them from victimizing additional companies.
"Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS [ransomware-as-a-service] |
Ransomware
Malware
|
|
|
|
2021-12-24 00:57:00 |
New BLISTER Malware Using Code Signing Certificates to Evade Detection (lien direct) |
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems.
The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware samples having |
Malware
|
|
|
|
2021-12-21 23:45:57 |
New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw (lien direct) |
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.
"The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always |
Malware
Vulnerability
|
|
|
|
2021-12-19 23:47:27 |
Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store (lien direct) |
A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge.
The latest Joker malware was found in a messaging-focused app named Color Message ("com.guo.smscolor.amessage"), |
Malware
|
|
|
|
2021-12-17 03:05:10 |
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 (lien direct) |
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone.
The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group's attack toolset, Kaspersky |
Malware
|
APT 38
|
|
|
2021-12-16 02:19:19 |
New Fileless Malware Uses Windows Registry as Storage to Evade Detection (lien direct) |
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis.
Dubbed DarkWatchman by researchers from Prevailion's Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify |
Malware
|
|
|
|
2021-12-14 23:14:45 |
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware (lien direct) |
Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads.
The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company this year to 887, according to |
Malware
|
|
|
|
2021-12-13 00:10:11 |
Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan (lien direct) |
Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively.
The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize |
Malware
Threat
|
|
|
|
2021-12-10 06:25:41 |
BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild (lien direct) |
Details have emerged about what's the first Rust-language-based ransomware strain spotted in the wild that has already amassed "some victims from different countries" since its launch last month.
The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. "Victims can pay with Bitcoin or Monero," the researchers said in a series of tweets detailing the file-encrypting malware. "Also |
Ransomware
Malware
|
|
|
|
2021-12-08 03:00:26 |
140,000 Reasons Why Emotet is Piggybacking on TrickBot in its Return from the Dead (lien direct) |
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure, even as the malware is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.
Most of the victims detected since November 1, 2020, are from Portugal (18%), the U.S. (14%), and India ( |
Malware
|
|
|
|
2021-12-07 22:33:02 |
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices (lien direct) |
Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect.
"A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the |
Malware
Cloud
|
APT 37
|
|
|
2021-12-06 04:51:23 |
Malicious KMSPico Windows Activator Stealing Users\' Cryptocurrency Wallets (lien direct) |
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets.
The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing |
Malware
|
|
|
|
2021-12-03 00:06:17 |
New Payment Data Sealing Malware Hides in Nginx Process on Linux Servers (lien direct) |
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions.
"This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report. "The parasite is used to steal data from |
Malware
Threat
|
|
|
|
2021-12-01 23:55:27 |
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns (lien direct) |
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts.
Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge |
Malware
|
|
|
|
2021-12-01 21:34:59 |
Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals (lien direct) |
A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence.
34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other |
Malware
|
|
|
|
2021-12-01 02:59:48 |
Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks (lien direct) |
Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems.
"RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to |
Malware
Threat
|
|
|
|
2021-11-30 00:31:27 |
WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East (lien direct) |
Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents.
Russian cybersecurity company Kaspersky attributed the attacks with high confidence to a threat actor named WIRTE, adding the |
Malware
Threat
|
|
|
|
2021-11-29 07:05:52 |
4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 (lien direct) |
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices.
Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric said the malware |
Malware
|
|
|
|
2021-11-29 04:48:25 |
CleanMyMac X: Performance and Security Software for Macbook (lien direct) |
We use Internet-enabled devices in every aspect of our lives today-to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us.
Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is a myth. Malware |
Malware
|
|
|
|
2021-11-26 05:20:56 |
Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware (lien direct) |
An advanced persistent threat (APT) has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade."
That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) this week, which noted that the malware is actively spreading across the sector with the likely goal of |
Malware
Threat
|
|
|
|
2021-11-26 02:32:10 |
Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable (lien direct) |
A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks.
"[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware, |
Malware
|
|
|
|
2021-11-26 00:08:34 |
CronRAT: A New Linux Malware That\'s Scheduled to Run on February 31st (lien direct) |
Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day.
Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said |
Malware
Threat
|
|
|
|
2021-11-25 03:57:05 |
This New Stealthy JavaScript Loader Infecting Computers with Malware (lien direct) |
Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers.
HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware |
Malware
Threat
|
|
|
|
2021-11-25 03:33:42 |
Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware (lien direct) |
A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines.
"[T]he stealer is a PowerShell script, short with powerful collection capabilities - in only ~150 lines, it provides the |
Malware
Threat
|
|
|
|
2021-11-25 01:24:46 |
If You\'re Not Using Antivirus Software, You\'re Not Paying Attention (lien direct) |
Stop tempting fate and take a look at our picks for the best antivirus programs on the market today.
Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy.
Need help |
Malware
|
|
|
|
2021-11-25 00:10:45 |
Warning - Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild (lien direct) |
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit.
Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this |
Malware
Vulnerability
|
|
|
|
2021-11-23 23:40:13 |
Over 9 Million Android Phones Running Malware Apps from Huawei\'s AppGallery (lien direct) |
At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers.
The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the |
Malware
|
|
|
|
2021-11-23 02:58:04 |
More Stealthier Version of BrazKing Android Malware Spotted in the Wild (lien direct) |
Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan (RAT) that's capable of carrying out financial fraud attacks by stealing two-factor authentication (2FA) codes and initiating rogue transactions from infected devices to transfer money from victims' accounts to an account operated by the threat actor.
IBM X-Force dubbed the |
Malware
Threat
|
|
|
|
2021-11-22 04:10:31 |
New Golang-based Linux Malware Targeting eCommerce Websites (lien direct) |
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites.
"The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a |
Malware
Threat
|
|
|
|
2021-11-22 03:47:12 |
Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns (lien direct) |
Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems.
The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a |
Spam
Malware
|
|
|
|
2021-11-20 07:26:20 |
North Korean Hackers Found Behind a Range of Credential Theft Campaigns (lien direct) |
A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering.
Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the |
Malware
Threat
|
|
|
|
2021-11-16 01:22:15 |
Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware (lien direct) |
The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021.
According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously |
Malware
|
|
|
|
2021-11-15 21:38:51 |
SharkBot - A New Android Trojan Stealing Banking and Cryptocurrency Accounts (lien direct) |
Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on the devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S.
Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets - counting 22 unnamed international banks in Italy and the U.K. as well as five |
Malware
|
|
|
|
2021-11-12 07:32:30 |
Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks (lien direct) |
Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.
Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing the |
Ransomware
Malware
Threat
|
|
★★★
|
|
2021-11-12 07:15:52 |
Abcbot - A New Evolving Wormable Botnet Malware Targeting Linux (lien direct) |
Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets.
While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 |
Malware
|
|
|
|
2021-11-10 06:04:42 |
Researchers Discover PhoneSpy Malware Spying on South Korean Citizens (lien direct) |
An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices.
"With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium |
Malware
|
|
|