Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-06-02 12:36:52 |
Chinese LuoYu hackers deploy cyber-espionage malware via app updates (lien direct) |
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. [...] |
Malware
|
|
|
|
2022-06-02 08:08:11 |
Clipminer malware gang stole $1.7M by hijacking crypto payments (lien direct) |
Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. [...] |
Malware
Threat
|
|
|
|
2022-06-01 09:31:39 |
FluBot Android malware operation shutdown by law enforcement (lien direct) |
Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. [...] |
Malware
|
|
|
|
2022-05-31 11:45:04 |
New XLoader botnet uses probability theory to hide its servers (lien direct) |
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...] |
Malware
Threat
|
|
|
|
2022-05-29 12:39:55 |
(Déjà vu) EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws (lien direct) |
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...] |
Malware
|
|
|
|
2022-05-29 12:39:55 |
EnemyBot malware adds exploits for critical bugs in VMware, F5 BIG-IP (lien direct) |
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...] |
Malware
|
|
|
|
2022-05-29 11:15:22 |
Mobile trojan detections rise as malware distribution level declines (lien direct) |
Kaspersky's quarterly report on mobile malware distribution records a downward trend that started at the end of 2020, detecting one-third of the malicious installations reported in Q1 2021, and about 85% of those counted in Q4 2021. [...] |
Malware
|
|
|
|
2022-05-28 10:01:33 |
New Windows Subsystem for Linux malware steals browser auth cookies (lien direct) |
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [...] |
Malware
|
|
|
|
2022-05-26 03:16:08 |
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps (lien direct) |
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. [...] |
Malware
|
|
|
|
2022-05-25 13:00:00 |
New ChromeLoader malware surge threatens browsers worldwide (lien direct) |
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. [...] |
Malware
|
|
|
|
2022-05-25 07:21:30 |
BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) |
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] |
Malware
Vulnerability
Threat
|
|
|
|
2022-05-22 12:15:10 |
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware (lien direct) |
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...] |
Malware
Threat
|
|
|
|
2022-05-19 13:45:00 |
Microsoft detects massive surge in Linux XorDDoS malware activity (lien direct) |
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...] |
Malware
Hack
|
|
★★★★★
|
|
2022-05-16 14:05:30 |
Ukraine supporters in Germany targeted with PowerShell RAT malware (lien direct) |
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...] |
Malware
Threat
|
|
|
|
2022-05-15 12:34:09 |
Fake Pixelmon NFT site infects you with password-stealing malware (lien direct) |
A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets. [...] |
Malware
|
|
|
|
2022-05-13 16:58:23 |
The Week in Ransomware - May 13th 2022 - A National Emergency (lien direct) |
While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...] |
Ransomware
Malware
Threat
|
|
|
|
2022-05-13 13:48:24 |
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits (lien direct) |
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. [...] |
Malware
|
|
|
|
2022-05-13 12:24:40 |
Fake Binance NFT Mystery Box bots steal victim\'s crypto wallets (lien direct) |
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. [...] |
Malware
|
|
|
|
2022-05-12 15:18:45 |
Eternity malware kit offers stealer, miner, worm, ransomware tools (lien direct) |
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...] |
Ransomware
Malware
Threat
|
|
|
|
2022-05-12 13:07:33 |
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access (lien direct) |
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [...] |
Malware
|
|
|
|
2022-02-10 19:20:20 |
Microsoft fixes Defender flaw letting hackers bypass antivirus scans (lien direct) |
Microsoft has recently addressed a weakness in the Microsoft Defender Antivirus on Windows that allowed attackers to plant and execute malicious payloads without triggering Defender's malware detection engine. [...] |
Malware
|
|
|
|
2022-02-10 11:25:10 |
Qbot, Lokibot malware switch back to Windows Regsvr32 delivery (lien direct) |
Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe. [...] |
Malware
|
|
|
|
2022-02-09 10:26:31 |
Ransomware dev releases Egregor, Maze master decryption keys (lien direct) |
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. [...] |
Ransomware
Malware
|
|
|
|
2022-02-09 07:58:50 |
Fake Windows 11 upgrade installers infect you with RedLine malware (lien direct) |
Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. [...] |
Malware
Threat
|
|
|
|
2022-02-09 03:17:34 |
Molerats hackers deploy new malware in highly evasive campaign (lien direct) |
The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. [...] |
Malware
|
|
|
|
2022-02-08 15:35:47 |
Kimsuki hackers use commodity RATs with custom Gold Dragon malware (lien direct) |
South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. [...] |
Malware
|
APT 43
|
|
|
2022-02-08 03:12:24 |
Qbot needs only 30 minutes to steal your credentials, emails (lien direct) |
The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. [...] |
Malware
|
|
|
|
2022-02-07 13:35:05 |
(Déjà vu) Microsoft plans to kill malware delivery via Office macros (lien direct) |
Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. [...] |
Malware
|
|
|
|
2022-02-07 12:05:03 |
Google Cloud hypervisor modified to detect cryptominers without agents (lien direct) |
Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. [...] |
Malware
Threat
|
|
|
|
2022-02-07 11:38:44 |
Medusa malware ramps up Android SMS phishing attacks (lien direct) |
The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud. [...] |
Malware
|
|
|
|
2022-02-07 09:47:54 |
Roaming Mantis Android malware campaign sets sights on Europe (lien direct) |
The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages. [...] |
Malware
|
|
|
|
2022-02-04 19:10:06 |
Microsoft disables MSIX protocol handler abused in Emotet attacks (lien direct) |
Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability. [...] |
Malware
|
|
|
|
2022-02-03 10:38:37 |
State hackers\' new malware helped them stay undetected for 250 days (lien direct) |
A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies. [...] |
Malware
|
|
|
|
2022-02-02 09:46:34 |
SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers (lien direct) |
A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. [...] |
Malware
Tool
|
|
|
|
2022-02-01 16:59:18 |
Malicious CSV text files used to install BazarBackdoor malware (lien direct) |
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...] |
Malware
|
|
|
|
2022-02-01 14:00:00 |
Cyberspies linked to Memento ransomware use new PowerShell malware (lien direct) |
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...] |
Ransomware
Malware
Conference
|
APT 35
APT 35
|
|
|
2022-02-01 13:41:04 |
Powerful new Oski variant \'Mars Stealer\' grabbing 2FAs and crypto (lien direct) |
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...] |
Malware
|
|
|
|
2022-01-31 11:14:28 |
Russian \'Gamaredon\' hackers use 8 new malware payloads in attacks (lien direct) |
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...] |
Malware
|
|
|
|
2022-01-27 13:31:40 |
Lazarus hackers use Windows Update to deploy malware (lien direct) |
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems. [...] |
Malware
|
APT 38
|
|
|
2022-01-27 09:23:25 |
Russian APT29 hackers\' stealthy malware undetected for years (lien direct) |
Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. [...] |
Malware
|
APT 29
|
|
|
2022-01-26 09:19:25 |
New FluBot and TeaBot campaigns target Android devices worldwide (lien direct) |
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. [...] |
Malware
|
|
|
|
2022-01-25 15:06:27 |
TrickBot now crashes researchers\' browsers to block malware analysis (lien direct) |
The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts. [...] |
Malware
|
|
|
|
2022-01-25 13:26:47 |
New DazzleSpy malware targets macOS users in watering hole attack (lien direct) |
A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware [...] |
Malware
|
|
|
|
2022-01-25 11:31:34 |
Google Drive now warns you of suspicious phishing, malware docs (lien direct) |
Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. [...] |
Malware
Threat
|
|
|
|
2022-01-24 12:55:28 |
Android malware BRATA wipes your device after stealing data (lien direct) |
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity. [...] |
Malware
|
|
|
|
2022-01-21 12:54:28 |
Phishing impersonates shipping giant Maersk to push STRRAT malware (lien direct) |
A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices. [...] |
Malware
|
|
★★★★★
|
|
2022-01-21 10:56:21 |
Microsoft disables Excel 4.0 macros by default to block malware (lien direct) |
Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents. [...] |
Malware
|
|
|
|
2022-01-20 13:37:25 |
FBI links Diavol ransomware to the TrickBot cybercrime group (lien direct) |
The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. [...] |
Ransomware
Malware
|
|
|
|
2022-01-20 07:55:29 |
New MoonBounce UEFI malware used by APT41 in targeted attacks (lien direct) |
Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found so far in the wild, to the Chinese-speaking APT41 hacker group (also known as Winnti). [...] |
Malware
Guideline
|
APT 41
|
|
|
2022-01-19 10:15:45 |
New BHUNT malware targets your crypto wallets and passwords (lien direct) |
A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. [...] |
Malware
|
|
|