Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-12-09 16:00:00 |
Qbot malware switched to stealthy new Windows autostart method (lien direct) |
A new Qbot malware version now activates its persistence mechanism right before infected Windows devices shutdown and it automatically removes any traces when the system restarts or wakes up from sleep. [...] |
Malware
|
|
|
|
2020-12-09 11:10:41 |
Russian hackers hide Zebrocy malware in virtual disk images (lien direct) |
Russian-speaking hackers behind Zebrocy malware have changed their technique for delivering malware to high-profile victims and started to pack the threats in Virtual Hard Drives (VHD) to avoid detection. [...] |
Malware
|
|
|
|
2020-12-08 11:35:00 |
Credit card stealing malware bundles backdoor for easy reinstall (lien direct) |
An almost impossible to remove malware set to automatically activate on Black Friday was deployed on multiple Magento-powered online stores by threat actors according to researchers at Dutch cyber-security company Sansec. [...] |
Malware
Threat
|
|
|
|
2020-12-05 15:33:14 |
Police arrest two in data theft cyberattack on Leonardo defense corp (lien direct) |
Italian police have arrested two people allegedly for using malware to steal 10 GB of confidental data and military secrets from defense company Leonardo S.p.A. [...] |
Malware
|
|
|
|
2020-12-03 14:59:42 |
Credit card stealing malware hides in social media sharing icons (lien direct) |
Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. [...] |
Malware
|
|
|
|
2020-12-03 11:57:08 |
Hacker-for-hire group develops new stealthy Windows backdoor (lien direct) |
Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker. [...] |
Malware
|
|
|
|
2020-12-02 05:30:00 |
Russian hacking group uses Dropbox to store malware-stolen data (lien direct) |
Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of European Union countries. [...] |
Malware
|
|
|
|
2020-12-01 11:30:24 |
Critical Oracle WebLogic flaw actively exploited by DarkIRC malware (lien direct) |
A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. [...] |
Malware
Vulnerability
|
|
|
|
2020-11-30 14:40:41 |
Gootkit malware returns to life alongside REvil ransomware (lien direct) |
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany. [...] |
Ransomware
Malware
|
|
|
|
2020-08-05 09:07:40 |
Hackers can abuse Microsoft Teams updater to install malware (lien direct) |
Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location. [...] |
Malware
|
|
|
|
2020-08-03 11:12:43 |
(Déjà vu) US govt exposes Chinese espionage malware secretly used since 2008 (lien direct) |
The U.S. government today released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. [...] |
Malware
|
|
|
|
2020-08-03 11:12:43 |
US govt exposes Chinese cyber espionage malware used since 2008 (lien direct) |
The U.S. government today released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. [...] |
Malware
|
|
|
|
2020-07-31 13:21:05 |
QNAP urges users to update Malware Remover after QSnatch alert (lien direct) |
QNAP urges its users to update the Malware Remover app and bolster their NAS devices' security following a QSnatch malware joint alert published earlier this week by UK's NCSC and the US CISA government cybersecurity agencies. [...] |
Malware
|
|
|
|
2020-07-31 00:38:38 |
(Déjà vu) Linux warning: TrickBot malware is now infecting your systems (lien direct) |
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...] |
Malware
|
|
|
|
2020-07-30 02:32:22 |
TrickBot\'s new Linux malware covertly infects Windows devices (lien direct) |
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...] |
Malware
|
|
|
|
2020-07-29 17:13:49 |
Sneaky Doki Linux malware infiltrates Docker cloud instances (lien direct) |
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. (6f4c434995edef0548165457c4d90ce3)[...] |
Malware
|
|
|
|
2020-07-29 13:00:00 |
BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows (lien direct) |
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...] |
Malware
Vulnerability
Threat
|
|
|
|
2020-07-28 15:21:40 |
Emotet malware now steals your email attachments to attack contacts (lien direct) |
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets' systems. [...] |
Spam
Malware
|
|
|
|
2020-07-28 03:33:33 |
Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux (lien direct) |
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. [...] |
Malware
Threat
|
|
|
|
2020-07-27 12:16:59 |
UK and US warn QNAP owners to upgrade firmware to block malware (lien direct) |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) today issued an alert about the risks of infection faced by QNAP NAS devices if QSnatch malware attacks restart. [...] |
Malware
|
|
|
|
2020-07-27 07:47:47 |
Cerberus Android malware source code offered for sale for $100,000 (lien direct) |
The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money. [...] |
Malware
|
|
|
|
2020-07-25 18:39:56 |
Linux-based malware analysis toolkit REMnux 7 released (lien direct) |
A new version of REMnux Linux distro is now available for malware researchers, packed with hundreds of tools to dissect malicious executables, documents, scripts, and ill-intended code. [...] |
Malware
|
|
|
|
2020-07-24 12:56:53 |
Emotet malware operation hacked to show memes to victims (lien direct) |
Someone is poking fun at Emotet botnet and heavily disrupting its operations at the same time as payloads hosted on some compromised sites have been replaced by memes and GIFs. [...] |
Malware
|
|
|
|
2020-07-22 14:49:59 |
Lazarus hackers deploy ransomware, steal data using MATA malware (lien direct) |
A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft. [...] |
Ransomware
Malware
|
APT 38
|
|
|
2020-07-21 13:25:00 |
Emotet botnet is now heavily spreading QakBot malware (lien direct) |
Researchers tracking Emotet botnet noticed that the malware started to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. [...] |
Malware
|
|
|
|
2020-07-20 15:52:08 |
Emotet-TrickBot malware duo is back infecting Windows machines (lien direct) |
After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers. [...] |
Spam
Malware
|
|
|
|
2020-07-16 12:42:17 |
New Android malware steals your dating and social accounts (lien direct) |
A new Android banking trojan dubbed BlackRock steals credentials and credit card information from a list of 337 apps many of them used for many non-financial purposes. [...] |
Malware
|
|
|
|
2020-07-16 11:04:33 |
Russian hackers target COVID-19 vaccine research with custom malware (lien direct) |
Hackers likely working for Russian intelligence services have been attacking organizations involved in the research and development of a vaccine against the new coronavirus. [...] |
Malware
|
|
|
|
2020-07-14 09:00:00 |
New GoldenHelper malware found in official Chinese tax software (lien direct) |
A new backdoor dubbed GoldenHelper was discovered by Trustwave embedded within Golden Tax Invoicing Software, part of the Chinese government' Golden Tax Project and required for issuing invoices and paying value-add tax (VAT) taxes. [...] |
Malware
|
|
|
|
2020-07-12 13:39:09 |
(Déjà vu) Malware adds online sandbox detection to evade analysis (lien direct) |
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. [...] |
Malware
|
|
|
|
2020-07-12 13:39:09 |
Malware adds Any.Run sandbox detection to evade analysis (lien direct) |
Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers. [...] |
Malware
|
|
★★★★★
|
|
2020-07-11 14:12:32 |
TrickBot malware mistakenly warns victims that they are infected (lien direct) |
The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator. [...] |
Malware
|
|
|
|
2020-07-09 14:56:28 |
(Déjà vu) Conti ransomware shows signs of being Ryuk\'s successor (lien direct) |
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing. [...] |
Ransomware
Malware
Threat
|
|
|
|
2020-07-09 14:56:28 |
Conti ransomware shows signs of being a Ryuk successor (lien direct) |
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing. [...] |
Ransomware
Malware
Threat
|
|
|
|
2020-07-09 08:43:59 |
Evilnum hackers use the same malware supplier as FIN6, Cobalt (lien direct) |
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters for big fintech threat actors. [...] |
Malware
Threat
|
|
|
|
2020-07-09 06:03:39 |
Joker Android malware keeps evading Google Play Store defenses (lien direct) |
The threat actor behind the Joker Android malware has once again succeeded to successfully slip spyware infected apps onto the Play Store, Google's official Android app store. [...] |
Malware
Threat
|
|
|
|
2020-07-08 12:34:10 |
First look: Microsoft\'s Project Freta detects Linux malware for free (lien direct) |
Microsoft Research has announced a cloud-based malware detection service called Project Freta to detect rootkits, cryptominers, and previously undetected malware strains lurking in your Linux cloud VM images. [...] |
Malware
|
|
|
|
2020-07-05 12:30:50 |
.NET Core vulnerability lets attackers evade malware detection (lien direct) |
A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software. [...] |
Malware
Vulnerability
|
|
|
|
2020-07-03 14:26:25 |
The Week in Ransomware - July 3rd 2020 - Yes, Macs need antivirus (lien direct) |
Many macOS users, including my family and friends, have been under the impression that Macs are not affected by malware and thus do not need security software. After this week, I hope the point is clear; that assumption is wrong, and Macs need antivirus software. [...] |
Ransomware
Malware
|
|
|
|
2020-07-02 17:48:08 |
Malwarebytes AdwCleaner now removes malware from the command line (lien direct) |
The popular AdwCleaner tool from Malwarebytes is about to get even more popular as it now can be used entirely from the command line. [...] |
Malware
Tool
|
|
|
|
2020-07-02 15:23:00 |
Windows 10 background image tool can be abused to download malware (lien direct) |
A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system without raising the alarm. [...] |
Malware
Tool
|
|
|
|
2020-07-01 17:29:24 |
TrickBot malware now checks screen resolution to evade analysis (lien direct) |
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. [...] |
Malware
|
|
|
|
2020-07-01 15:38:19 |
Windows POS malware uses DNS to smuggle stolen credit cards (lien direct) |
A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker's control. [...] |
Malware
|
|
|
|
2020-06-28 09:30:00 |
Chinese malware used in attacks against Australian orgs (lien direct) |
The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. [...] |
Malware
|
|
|
|
2020-06-25 12:46:08 |
New Lucifer DDoS malware creates a legion of Windows minions (lien direct) |
A new botnet identified in the wild leverages close to a dozen exploits for high and critical-severity vulnerabilities against Windows systems to turn them into cryptomining clients and sources for distributed denial-of-service (DDoS) attacks. [...] |
Malware
|
|
|
|
2020-06-15 09:00:00 |
Intel adds CPU-level malware protection to Tiger Lake processors (lien direct) |
Intel today announced a new CPU-level security capability known as Control-Flow Enforcement Technology (Intel CET) that offers protection against malware using control-flow hijacking attack methods on devices with Intel's future Tiger Lake mobile processors. [...] |
Malware
|
|
|
|
2020-06-11 06:28:38 |
Gamaredon hackers use Outlook macros to spread malware to contacts (lien direct) |
New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim's contacts. [...] |
Malware
|
|
|
|
2020-06-10 19:18:01 |
Fake Black Lives Matter voting campaign spreads Trickbot malware (lien direct) |
A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. [...] |
Malware
|
|
|
|
2020-06-09 12:00:00 |
Valak malware gets new plugin to steal Outlook login credentials (lien direct) |
Authors of the Valak information stealer are focusing more and more on stealing email credentials as researchers find a new module specifically built for this purpose. [...] |
Malware
|
|
|
|
2020-06-08 14:45:00 |
US energy providers hit with new malware in targeted attacks (lien direct) |
Several U.S. energy providers were targeted by spear-phishing campaigns delivering a new remote access trojan (RAT) capable of providing attackers with full control over infected systems. [...] |
Malware
|
|
|