What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-11 19:56:00 | Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs (lien direct) | Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's | Malware | ||
|
2022-11-11 11:44:00 | Microsoft Blames Russian Hackers for Prestige Ransomware Attacks on Ukraine and Poland (lien direct) | Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place | Ransomware Malware Threat | ||
|
2022-11-10 21:20:00 | Warning: New Massive Malicious Campaigns Targeting Top Indian Banks\' Customers (lien direct) | Cybersecurity researchers are warning of "massive phishing campaigns" that distribute five different malware targeting banking users in India. "The bank customers targeted include account subscribers of seven banks, including some of the most well-known banks located in the country and potentially affecting millions of customers," Trend Micro said in a report published this week. Some of the | Malware | ||
|
2022-11-09 18:36:00 | Several Cyber Attacks Observed Leveraging IPFS Decentralized Network (lien direct) | A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News. | Malware | ||
|
2022-11-09 16:31:00 | Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (lien direct) | The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject | Malware Threat | ||
|
2022-11-09 15:45:00 | New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide (lien direct) | An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to download and execute additional malware on breached hosts. This past June, Fortinet FortiGuard Labs said | Malware | ||
|
2022-11-08 20:22:00 | Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines (lien direct) | The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon," AhnLab Security Emergency Response Center (ASEC) said in a | Ransomware Malware | ||
|
2022-11-08 19:10:00 | New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader (lien direct) | Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in | Malware | ||
|
2022-11-05 14:05:00 | Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer (lien direct) | Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain | Malware | ★★ | |
|
2022-11-04 19:13:00 | Researchers Detail New Malware Campaign Targeting Indian Government Employees (lien direct) | The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh said | Malware Threat | APT 36 | |
|
2022-11-02 16:58:00 | Inside Raccoon Stealer V2 (lien direct) | Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware collected 50 million credentials. This article will give a quick guide to the latest info stealer's version | Malware | ||
|
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-10-28 16:31:00 | Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers (lien direct) | A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News. The dropper "is being used to install a new backdoor and other tools | Malware | ||
|
2022-10-28 15:48:00 | Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints (lien direct) | The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC | Malware Threat | ||
|
2022-10-27 19:49:00 | Researchers Expose Over 80 ShadowPad Malware C2 Servers (lien direct) | As many as 85 command-and-control (C2) servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit (TAU), which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications. ShadowPad, seen as a successor to PlugX, is a modular | Malware Threat | ||
|
2022-10-26 21:39:00 | U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service (lien direct) | A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon | Malware | ||
|
2022-10-26 21:20:00 | Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (lien direct) | The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy. "The FastFire malware is disguised as a Google security plugin, and the | Malware | ||
|
2022-10-25 17:03:00 | Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards (lien direct) | Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at | Malware Threat | ||
|
2022-10-24 11:55:00 | SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan (lien direct) | SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection | Malware | APT-C-17 | |
|
2022-10-21 22:17:00 | Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware (lien direct) | The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was found to contain a nested self-extracting (SFX) archive, the first archive acting as a conduit to launch | Malware | ||
|
2022-10-20 17:03:00 | Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens (lien direct) | The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said | Malware Threat | ||
|
2022-10-20 14:34:00 | These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times (lien direct) | As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, | Malware | ||
|
2022-10-20 14:09:00 | New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft (lien direct) | The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor | Ransomware Malware Threat | ||
|
2022-10-19 18:03:00 | Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware (lien direct) | An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of | Malware Threat | ||
|
2022-10-18 15:41:00 | Chinese \'Spyder Loader\' Malware Spotted Targeting Organizations in Hong Kong (lien direct) | The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly | Malware Threat Guideline | APT 41 | |
|
2022-10-14 15:42:00 | New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts (lien direct) | A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, | Malware | ||
|
2022-10-13 17:47:00 | New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems (lien direct) | A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run | Malware | ||
|
2022-10-13 13:09:00 | Modified WhatsApp App Caught Infecting Android Devices with Malware (lien direct) | An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." | Malware | ||
|
2022-10-12 20:32:00 | Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (lien direct) | Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as | Malware | ||
|
2022-10-11 22:11:00 | BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics (lien direct) | The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest | Malware | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-06 18:27:00 | Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals (lien direct) | The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding | Malware Threat | ||
|
2022-10-05 18:16:00 | Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices (lien direct) | A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with | Malware | ||
|
2022-10-03 20:05:00 | Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack (lien direct) | A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the | Malware Threat | ||
|
2022-09-30 20:12:00 | New Malware Families Found Targeting VMware ESXi Hypervisors (lien direct) | Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access | Malware Threat | ||
|
2022-09-30 17:22:00 | Cyber Attacks Against Middle East Governments Hide Malware in Windows logo (lien direct) | An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 | Malware Threat | ||
|
2022-09-30 15:50:00 | New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons (lien direct) | A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains | Malware | ||
|
2022-09-29 19:45:00 | Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware (lien direct) | A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep | Malware Threat | ||
|
2022-09-28 19:30:00 | Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems (lien direct) | A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through | Malware | ||
|
2022-09-28 18:06:00 | Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware (lien direct) | A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for € | Malware | ||
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-09-27 18:49:00 | New NullMixer Malware Campaign Stealing Users\' Payment Data and Credentials (lien direct) | Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety | Malware | ||
|
2022-09-26 16:03:00 | BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (lien direct) | The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec | Ransomware Malware | ||
|
2022-09-23 12:45:00 | (Déjà vu) Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware (lien direct) | An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to | Malware | ★★ | |
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat | ||
|
2022-09-19 18:12:00 | Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (lien direct) | The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, | Ransomware Malware Threat | ||
|
2022-09-16 19:47:00 | Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services (lien direct) | Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The | Malware Threat | ||
|
2022-09-15 20:00:00 | Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube (lien direct) | Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today. | Malware | ||
|
2022-09-15 17:55:00 | Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware (lien direct) | An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a | Malware |
To see everything:
Our RSS (filtrered)
