What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-04 10:11:22 | Android malware apps with 2 million installs spotted on Google Play (lien direct) | A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. [...] | Malware Mobile | ★★★ | |
|
2022-12-03 10:12:06 | Hackers use new, fake crypto app to breach networks, steal cryptocurrency (lien direct) | The North Korean 'Lazarus' hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets. [...] | Malware | APT 38 | ★★★ |
 |
2022-12-02 21:13:04 | Samsung\'s Android app-signing key has leaked, is being used to sign malware (lien direct) | The cryptographic key proves an update is legit, assuming your OEM doesn't lose it. | Malware | ★★★ | |
 |
2022-12-02 19:19:31 | Android Phone Makers\' Encryption Keys Stolen and Used in Malware (lien direct) | Device manufacturers use “platform certificates” to verify an app's authenticity, making them particularly dangerous in the wrong hands. | Malware | ★★ | |
 |
2022-12-02 16:00:00 | Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools (lien direct) | HP's latest report suggests 44% of malware was delivered via archive files in Q3 2022 | Malware | ★★★ | |
|
2022-12-02 12:29:48 | New CryWiper malware wipes data in attack against Russian org (lien direct) | A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery. [...] | Malware | ★★★ | |
 |
2022-12-02 12:00:49 | Les smartphones de Samsung et LG sont menacés par des malwares à cause d\'une fuite de certificats (lien direct) |  La fuite de plusieurs certificats de plate-forme Android appartenant à LG, Samsung et MediaTek peut permettre à des pirates de signer des applications malveillantes pour qu'elles soient acceptées par le système et disposent de privilèges élevés. |
Malware | ★★★ | |
 |
2022-12-02 09:30:51 | Mozilla, Microsoft drop TrustCor as root certificate authority (lien direct) | 'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz Mozilla and Microsoft have taken action against a certificate authority accused of having close ties to a US military contractor that allegedly paid software developers to embed data-harvesting malware in mobile apps.… | Malware | ★★★★★ | |
 |
2022-12-02 08:56:00 | Hackers Sign Android Malware Apps with Compromised Platform Certificates (lien direct) | Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the | Malware | ★★ | |
|
2022-12-02 06:09:00 | Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers (lien direct) | A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua. | Malware Vulnerability | ★★ | |
 |
2022-12-02 00:54:11 | (Déjà vu) ASEC Weekly Malware Statistics (November 21st, 2022 – November 27th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 21st, 2022 (Monday) to November 27th (Sunday). For the main category, downloader ranked top with 40.3%, followed by Infostealer with 35.8%, backdoor with 16.3%, ransomware with 7.2%, and CoinMiner with 0.4%. Top 1 – AgentTesla AgentTesla is an Infostealer that ranked first place with 17.3%. It leaks user credentials saved in web... | Ransomware Malware | ★★ | |
 |
2022-12-01 22:39:51 | New Go-based Redigo malware targets Redis servers (lien direct) | >Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) […] | Malware Threat | ★★★ | |
|
2022-12-01 21:43:44 | (Déjà vu) Samsung, LG, Mediatek certificates compromised to sign Android malware (lien direct) | Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware. [...] | Malware | ★★★★★ | |
|
2022-12-01 21:43:44 | Compromised OEM Android platform certificates used to sign malware (lien direct) | Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. [...] | Malware Threat | ★★★ | |
 |
2022-12-01 20:41:19 | ₿Uyer ₿eware: fausses applications de crypto-monnaie servant de front pour les logiciels malveillants d'Applejeus ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware (lien direct) |
> Au cours des derniers mois, la volexité a observé une nouvelle activité liée à un acteur de menace nord-coréen, IT suit largement le groupe Lazare.Cette activité implique notamment une campagne ciblant probablement les utilisateurs et les organisations de crypto-monnaie avec une variante du malware d'Applejeus par le biais de documents malveillants Microsoft Office.L'analyse de Volexity \\ de cette campagne a révélé un site Web en direct sur le thème de la crypto-monnaie avec le contenu volé à un autre site Web légitime.Une analyse technique supplémentaire du logiciel malveillant Applejeus déployé a révélé une nouvelle variation de chargement latérale DLL que la volexité n'a pas été documentée précédemment comme dans la nature.Ce blog décrit les nouvelles techniques utilisées par le groupe Lazare, analyse les récentes variantes de logiciels malveillants d'Applejeus, partage des indicateurs d'autres versions de ce malware, ainsi que des liens entre cette activité et les campagnes historiques.La fin de la publication comprend des possibilités de détection et d'atténuation pour les particuliers ou les organisations susceptibles d'être ciblées par [& # 8230;]
>Over the last few months, Volexity has observed new activity tied to a North Korean threat actor it tracks that is widely referred to as the Lazarus Group. This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents. Volexity\'s analysis of this campaign uncovered a live cryptocurrency-themed website with contents stolen from another legitimate website. Further technical analysis of the deployed AppleJeus malware uncovered a new variation of DLL side-loading that Volexity has not seen previously documented as in the wild. This blog outlines new techniques used by the Lazarus Group, analyzes recent AppleJeus malware variants, shares indicators from other versions of this malware, as well as outlines links between this activity and historic campaigns. The end of the post includes detection and mitigation opportunities for individuals or organizations likely to be targeted by […] |
Malware Threat | APT 38 | ★★★ |
 |
2022-12-01 17:17:52 | Wipers Are Widening: Here\'s Why That Matters (lien direct) | In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven't stayed in one place – they're emerging globally, which underscores the fact that cybercrime knows no borders. | Malware | ★★★ | |
 |
2022-12-01 17:00:20 | Checklist 305: Dangers in the Latest Thing (lien direct) | >We look at Mastodon security and privacy; a TikTok malware scam; and why we still need to talk about passwords. | Malware | ★★ | |
|
2022-12-01 15:52:29 | Android malware infected 300,000 devices to steal Facebook accounts (lien direct) | An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices. [...] | Malware | ★★★ | |
|
2022-12-01 15:37:00 | Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users (lien direct) | More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them. The apps, which were available for download from the official Google Play Store, have now been | Malware Threat | ★★ | |
|
2022-12-01 13:45:32 | (Déjà vu) New Redigo malware drops stealthy backdoor on Redis servers (lien direct) | A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. [...] | Malware Threat | ★★★ | |
|
2022-12-01 11:19:46 | New DuckLogs malware service claims having thousands of \'customers\' (lien direct) | A new malware-as-a-service (MaaS) operation named 'DuckLogs' has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. [...] | Malware | ★★★ | |
 |
2022-12-01 09:29:27 | Over 95% of all new malware threats discovered in 2022 are aimed at Windows (lien direct) | Over 95% of all new malware threats discovered in 2022 are aimed at Windows Windows is the most popular operating system among desktop and laptop users. It occupies around 30% of the OS market share worldwide. This may be one of the reasons why it is also the most targeted by malware. - Special Reports | Malware | ★★★★ | |
|
2022-11-30 19:14:00 | Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection (lien direct) | New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for | Malware Vulnerability | ★★★ | |
|
2022-11-30 17:00:00 | China-Based Hackers Target Southeast Asia With USB-Based Malware (lien direct) | UNC4191 operations have affected several entities in Southeast Asia but also in the US, Europe and Asia Pacific Japan | Malware | ★★★ | |
|
2022-11-30 15:51:29 | New Windows malware scans victims\' mobile phones for data to steal (lien direct) | Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. [...] | Malware | ★★★ | |
|
2022-11-30 15:13:54 | Surfshark launches a browser extension upgrade with a CleanWeb 2.0 (lien direct) | Surfshark launches a browser extension upgrade with a CleanWeb 2.0 Cybersecurity company Surfshark released a significant browser extension upgrade. The new extension has its own dashboard, where users will find upgraded CleanWeb 2.0 with four essential features – ad blocker, pop-up blocker, data breach alert, and malware alert. - Product Reviews | Data Breach Malware | ★★★ | |
|
2022-11-30 13:59:28 | ESET Research : un groupe de pirates lié à la Corée du Nord vole des fichiers de valeur en s\'appuyant sur Google Drive (lien direct) | ESET Research : un groupe de pirates lié à la Corée du Nord vole des fichiers de valeur en s'appuyant sur Google Drive ● Les chercheurs d'ESET ont analysé Dolphin, une porte dérobée jusqu'à présent inconnue, utilisée par le groupe de pirates ScarCruft. ● Dolphin possède de nombreuses fonctionnalités d'espionnage, notamment de surveillance des lecteurs et des appareils portables, d'exfiltration de fichiers d'intérêt, d'enregistrement des frappes de clavier, de capture d'écran et de vol d'identifiants dans les navigateurs. ● Elle est uniquement déployée sur des cibles sélectionnées. Elle parcourt les lecteurs des systèmes compromis à la recherche de fichiers intéressants et les exfiltre vers Google Drive. ● ScarCruft, également connu sous le nom d'APT37 ou Reaper, est un groupe d'espionnage qui opère depuis au moins 2012. Il se concentre principalement sur la Corée du Sud. Les cibles de ScarCruft semblent être liées aux intérêts de la Corée du Nord. ● La porte dérobée est le malware final d'une attaque menée en plusieurs étapes au début de l'année 2021, qui se compose d'une attaque dite de " point d'eau " sur un journal en ligne sud-coréen, l'exploitation d'une vulnérabilité d'Internet Explorer, et une autre porte dérobée de ScarCruft appelée BLUELIGHT. ● Depuis la découverte initiale de Dolphin en avril 2021, les chercheurs d'ESET ont observé de multiples versions et améliorations de cette porte dérobée, dont l'ajout de techniques pour échapper à sa détection. ● La possibilité de modifier les paramètres des comptes Google et Gmail connectés des victimes afin d'en réduire la sécurité est une caractéristique notable des versions antérieures de Dolphin. - Malwares | Malware Cloud | APT 37 | ★★★ |
|
2022-11-30 11:07:46 | Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives (lien direct) | A China-linked cyberespionage group tracked as UNC4191 has been observed using self-replicating malware on USB drives to infect targets, and the technique could allow them to steal data from air-gapped systems, Google-owned Mandiant reports. | Malware | ★★★ | |
 |
2022-11-30 02:00:00 | What is Ransom Cartel? A ransomware gang focused on reputational damage (lien direct) | Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil.To read this article in full, please click here | Ransomware Malware | ★★ | |
|
2022-11-29 20:00:12 | Criminals use trending TikTok challenge to make data-stealing malware invisible (lien direct) | PSA: Don't download unknown apps even if they promise naked people Malware-slinging miscreants are taking advantage of a trending TikTok challenge - and viewers' dirty minds - to spread data-stealing malware via a phony app that's had more than one million views so far.… | Malware | ★★ | |
 |
2022-11-29 17:58:21 | TikTok “Invisible Challenge” porn malware puts us all at risk (lien direct) | An injury to one is an injury to all. Especially if the other people are part of your social network. | Malware | ★★★ | |
|
2022-11-29 17:29:00 | Hackers Using Trending TikTok \'Invisible Challenge\' to Spread Malware (lien direct) | Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, called Invisible Challenge, involves applying a filter called Invisible Body that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a | Malware Threat | ★★★★ | |
 |
2022-11-29 16:00:00 | Anomali Cyber Watch: Caller-ID Spoofing Actors Arrested, Fast-Moving Qakbot Infection Deploys Black Basta Ransomware, New YARA Rules to Detect Cobalt Strike, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Caller-ID spoofing, False-flag, Phishing, Ransomware, Russia, the UK, and Ukraine. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Voice-Scamming Site “iSpoof” Seized, 100s Arrested in Massive Crackdown
(published: November 25, 2022)
iSpoof was a threat group offering spoofing for caller phone numbers (also known as Caller ID, Calling Line Identification). iSpoof core group operated out of the UK with presence in other countries. In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof. On November 24, 2022, Europol announced a joint operation involving Australia, Canada, France, Germany, Ireland, Lithuania, Netherlands, Ukraine, the UK, and the USA, that led to the arrest of 142 suspects and seizure of iSpoof websites.
Analyst Comment: Threat actors can spoof Caller ID (Calling Line Identification) similar to spoofing the “From:” header in an email. If contacted by an organization you should not confirm any details about yourself, take the caller’s details, disconnect and initiate a call back to the organization yourself using a trusted number. Legitimate organizations understand scams and fraud and do not engage in unsolicited calling.
Tags: iSpoof, Teejai Fletcher, United Kingdom, source-country:UK, Caller ID, Calling Line Identification, Voice-scamming, Social engineering
New Ransomware Attacks in Ukraine Linked to Russian Sandworm Hackers
(published: November 25, 2022)
On November 21, 2022, multiple organizations in Ukraine were targeted with new ransomware written in .NET. It was dubbed RansomBoggs by ESET researchers who attributed it to the Russia-sponsored Sandworm Team (aka Iridium, BlackEnergy). Sandworm distributed RansomBoggs from the domain controller using the same PowerShell script (PowerGap) that was seen in its previous attacks. RansomBoggs encrypts files using AES-256 in CBC mode using a randomly generated key. The key is RSA encrypted prior to storage and the encrypted files are appended with a .chsch extension.
Analyst Comment: Ransomware remains one of the most dangerous types of malware threats and even some government-sponsored groups are using it. Sandworm is a very competent actor group specializing in these forms of attack. Organizations with exposure to the military conflict in Ukraine, or considered by the Russian state to be providing support relating to the conflict, should prepare offline backups to minimize the effects of a potential data-availability-denial attack.
MITRE ATT&CK: [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: detection:RansomBoggs, detection:Filecoder.Sullivan, malware-type:Ransomware, AES-256, PowerShell, detection:PowerGap, mitre-group:Sandworm Team, actor:Iridium, Russia |
Ransomware Malware Tool Threat Guideline | ★★★★ | |
 |
2022-11-29 15:43:00 | 5 DNS services to provide a layer of internet security (lien direct) | Having thorough IT security usually means having a layered approach. Basic antivirus, for instance, might catch PC-based malware once a user downloads it, but you could try to block it before it ever reaches the user device, or at least have another security mechanism in place that might catch it if the basic antivirus doesn't. DNS-based filtering can do this! It can help stop users from browsing to malware and phishing sites, block intrusive advertising to them, and serve as adult content filters.First, a quick primer for those who are unfamiliar with DNS: You utilize the Domain Name System (DNS) every time you surf the Web. Each time you type a site name into the browser, DNS is queried for the IP address corresponding to that particular domain, so the browser can contact the Web server to get the content. The process of converting the domain name to its IP address is called domain-name resolution.To read this article in full, please click here | Malware | ★★ | |
 |
2022-11-29 14:00:00 | How IoT Botnets Evade Detection and Analysis – Part 2 (lien direct) | >Nozomi Networks Labs analyzed 728 malware samples, collected from our Internet of Things (IoT) honeypots over the course of 15 days, to discover new modification techniques malware authors are using to evade detection. | Malware | ★★★ | |
 |
2022-11-28 22:08:21 | U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer (lien direct) | A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. | Malware | ★★ | |
 |
2022-11-28 17:53:22 | Intelligence Insights: November 2022 (lien direct) | Qbot's campaign takes center stage while stealer malware attempts to swipe more than just the spotlight in this month's Intelligence Insights | Malware | ★★★ | |
 |
2022-11-28 14:00:00 | Worms of Wisdom: How WannaCry Shapes Cybersecurity Today (lien direct) | >WannaCry wasn’t a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry “ransomworm” hit networks in 2017, it expanded […] | Ransomware Malware | Wannacry Wannacry | ★★ |
|
2022-11-28 13:40:42 | TikTok \'Invisible Body\' challenge exploited to push malware (lien direct) | Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. [...] | Malware | ★★★ | |
|
2022-11-26 17:19:00 | All You Need to Know About Emotet in 2022 (lien direct) | For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. | Malware | ★★★ | |
 |
2022-11-26 13:49:47 | 7 Email Security Risks And How To Tackle Them (lien direct) | Email is one of the top two distribution mechanisms for harmful payloads, with the average company receiving over 75% of its malware over email, according to Verizon’s 2022 Data Breach Investigations Report. Even if just a small percentage of employees actively click on phishing emails, the overall numbers are still high enough to make this […] | Data Breach Malware | ★★ | |
|
2022-11-26 09:58:00 | Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations (lien direct) | Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is | Ransomware Malware | ★★ | |
 |
2022-11-25 17:00:00 | "Dans la boîte" - Marketplace de webinjects de logiciels malveillants mobiles "In The Box" - Mobile Malware Webinjects Marketplace (lien direct) |
Pas de details / No more details | Malware | ★★ | |
|
2022-11-25 05:05:00 | Cybercriminals are increasingly using info-stealing malware to target victims (lien direct) | Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model.Info stealer malware collects users' credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers, and sends the data to the malware operator. This data is then sold or used for fraud on the dark web. To read this article in full, please click here | Malware | ||
|
2022-11-25 00:51:25 | (Déjà vu) ASEC Weekly Malware Statistics (November 14th, 2022 – November 20th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 14th, 2022 (Monday) to November 20th (Sunday). For the main category, downloader ranked top with 53.2%, followed by backdoor with 24.1%, Infostealer with 21.1%, ransomware with 1.0%, CoinMiner with 0.4%, and banking malware with 0.2%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 30.5%. The malware is... | Ransomware Malware | ★★ | |
|
2022-11-25 00:29:36 | Word Documents Disguised as Normal MS Office URLs Being Distributed (lien direct) | Recently, there has been a case of malware disguised as a Word document being distributed through certain paths (e.g. KakaoTalk group chats). The ASEC analysis team has discovered during our additional monitoring process that the URL used in the fake Word document is becoming very cleverly disguised to closely resemble the normal URL, and we wish to advise caution on the part of users. The currently identified filenames of the malicious Word documents are as follows.The real names of Koreans found... | Malware | ||
|
2022-11-24 15:00:00 | SharkBot Malware Found in Android File Manager Apps With Thousands of Downloads (lien direct) | The apps are no longer available on the Play Store, but can be found in third-party stores | Malware | ||
|
2022-11-24 11:49:00 | This Android File Manager App Infected Thousands of Devices with Sharkbot Malware (lien direct) | The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week. SharkBot, first discovered towards | Malware | ||
|
2022-11-24 11:36:00 | Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware (lien direct) | Companies based in the U.S. have been at the receiving end of an "aggressive" Qakbot malware campaign that leads to Black Basta ransomware infections on compromised networks. "In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and | Ransomware Malware Guideline | ||
|
2022-11-24 09:59:26 | An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware (lien direct) | >Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] | Ransomware Malware Guideline |
To see everything:
Our RSS (filtrered)
