What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-20 14:34:00 | These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times (lien direct) | As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, | Malware | ||
|
2022-10-20 14:09:00 | New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft (lien direct) | The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor | Ransomware Malware Threat | ||
|
2022-10-19 18:03:00 | Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware (lien direct) | An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of | Malware Threat | ||
|
2022-10-18 15:41:00 | Chinese \'Spyder Loader\' Malware Spotted Targeting Organizations in Hong Kong (lien direct) | The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti (aka APT41, Barium, Bronze Atlas, and Wicked Panda) is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly | Malware Threat Guideline | APT 41 | |
|
2022-10-14 15:42:00 | New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts (lien direct) | A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, | Malware | ||
|
2022-10-13 17:47:00 | New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems (lien direct) | A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run | Malware | ||
|
2022-10-13 13:09:00 | Modified WhatsApp App Caught Infecting Android Devices with Malware (lien direct) | An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account without the app," Kaspersky said in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." | Malware | ||
|
2022-10-12 20:32:00 | Hackers Using Vishing to Trick Victims into Installing Android Banking Malware (lien direct) | Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as | Malware | ||
|
2022-10-11 22:11:00 | BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics (lien direct) | The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest | Malware | ||
|
2022-10-10 20:46:00 | Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky (lien direct) | A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week | Malware Threat | ||
|
2022-10-10 18:40:00 | New Report Uncovers Emotet\'s Delivery and Evasion Techniques Used in Recent Attacks (lien direct) | Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that's capable of delivering | Malware Threat | ||
|
2022-10-06 18:27:00 | Eternity Group Hackers Offering New LilithBot Malware as a Service to Cybercriminals (lien direct) | The threat actor behind the malware-as-a-service (MaaS) called Eternity has been linked to new piece of malware called LilithBot. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. "The group has been continuously enhancing the malware, adding | Malware Threat | ||
|
2022-10-05 18:16:00 | Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices (lien direct) | A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with | Malware | ||
|
2022-10-03 20:05:00 | Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack (lien direct) | A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the | Malware Threat | ||
|
2022-09-30 20:12:00 | New Malware Families Found Targeting VMware ESXi Hypervisors (lien direct) | Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access | Malware Threat | ||
|
2022-09-30 17:22:00 | Cyber Attacks Against Middle East Governments Hide Malware in Windows logo (lien direct) | An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 | Malware Threat | ||
|
2022-09-30 15:50:00 | New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons (lien direct) | A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains | Malware | ||
|
2022-09-29 19:45:00 | Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware (lien direct) | A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep | Malware Threat | ||
|
2022-09-28 19:30:00 | Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems (lien direct) | A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet. "Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through | Malware | ||
|
2022-09-28 18:06:00 | Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware (lien direct) | A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for € | Malware | ||
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-09-27 18:49:00 | New NullMixer Malware Campaign Stealing Users\' Payment Data and Credentials (lien direct) | Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety | Malware | ||
|
2022-09-26 16:03:00 | BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal (lien direct) | The BlackCat ransomware crew has been spotted fine-tuning their malware arsenal to fly under the radar and expand their reach. "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software," researchers from Symantec | Ransomware Malware | ||
|
2022-09-23 12:45:00 | (Déjà vu) Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware (lien direct) | An SMS-based phishing campaign is targeting customers of Indian banks with information-stealing malware that masquerades as a rewards application. The Microsoft 365 Defender Research Team said that the messages contain links that redirect users to a sketchy website that triggers the download of the fake banking rewards app for ICICI Bank. "The malware's RAT capabilities allow the attacker to | Malware | ★★ | |
|
2022-09-20 18:26:00 | Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware (lien direct) | A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The | Malware Threat | ||
|
2022-09-19 18:12:00 | Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (lien direct) | The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year. Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, | Ransomware Malware Threat | ||
|
2022-09-16 19:47:00 | Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services (lien direct) | Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI service dubbed ruzki. "The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021," SEKOIA said. The | Malware Threat | ||
|
2022-09-15 20:00:00 | Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube (lien direct) | Gamers looking for cheats on YouTube are being targeted with links to malicious password-protected archive files designed to install the RedLine Stealer malware and crypto miners on compromised machines. "The videos advertise cheats and cracks and provide instructions on hacking popular games and software," Kaspersky security researcher Oleg Kupreev said in a new report published today. | Malware | ||
|
2022-09-15 17:55:00 | Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware (lien direct) | An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine," Cisco Talos researchers Asheer Malhotra and Guilherme Venere said in a | Malware | ||
|
2022-09-14 15:50:00 | SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor (lien direct) | A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state actor dubbed SparklingGoblin. The unnamed university is said to have been already targeted by the | Malware | ||
|
2022-09-14 15:40:00 | How to Do Malware Analysis? (lien direct) | According to the 2022 Malwarebytes Threat review, 40M Windows business computers' threats were detected in 2021. And malware analysis is necessary to combat and avoid this kind of attack. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis? Malware analysis is a process of studying a malicious | Malware Threat | ||
|
2022-09-14 14:21:00 | Researchers Detail OriginLogger RAT - Successor to Agent Tesla Malware (lien direct) | Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan (RAT) known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted | Malware Threat | ||
|
2022-09-13 16:04:00 | (Déjà vu) Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks (lien direct) | Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as | Malware | ||
|
2022-09-08 16:32:00 | Chinese Hackers Target Government Officials in Europe, South America and Middle East (lien direct) | A Chinese hacking group has been attributed to a new campaign aimed at infecting government officials in Europe, the Middle East, and South America with a modular malware known as PlugX. Cybersecurity firm Secureworks said it identified the intrusions in June and July 2022, once again demonstrating the adversary's continued focus on espionage against governments around the world. "PlugX is | Malware | ||
|
2022-09-07 18:08:00 | New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices (lien direct) | A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a | Malware | ||
|
2022-09-07 17:40:00 | North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (lien direct) | The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being | Malware Medical | APT 38 | |
|
2022-09-06 15:27:00 | TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks (lien direct) | Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order | Malware Threat | ||
|
2022-09-06 10:48:00 | Researchers Find New Android Spyware Campaign Targeting Uyghur Community (lien direct) | A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled "The China Freedom Trap," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the | Malware Guideline | ||
|
2022-09-02 12:30:00 | New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers (lien direct) | Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson | Malware | ||
|
2022-08-31 14:22:00 | Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope (lien direct) | A persistent Golang-based malware campaign dubbed GO#WEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope (JWST) as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among threat actors, given the programming language's cross-platform support, effectively allowing the | Malware Threat | ||
|
2022-08-31 07:23:00 | Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks (lien direct) | A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a | Malware | ||
|
2022-08-25 18:54:00 | Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (lien direct) | The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech | Malware Threat | ||
|
2022-08-25 15:55:00 | Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats (lien direct) | The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web | Malware Guideline | ||
|
2022-08-24 05:12:00 | Hackers Using Fake DDoS Protection Pages to Distribute Malware (lien direct) | WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week | Malware Guideline | ||
|
2022-08-23 07:50:00 | Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts (lien direct) | The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known | Malware Tool Threat Conference | Yahoo APT 35 | |
|
2022-08-23 06:46:00 | XCSSET Malware Updates with Python 3 to Target macOS Monterey Users (lien direct) | The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers | Malware | ||
|
2022-08-22 05:32:00 | Meet Borat RAT, a New Unique Triple Threat (lien direct) | Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen? RAT malware typically helps cybercriminals gain complete control of a victim's system, permitting them to access network resources, files, and power to toggle the mouse and | Malware Threat | ||
|
2022-08-20 09:33:00 | New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers (lien direct) | Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan. "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute ' | Malware Threat | ||
|
2022-08-19 07:04:21 | DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (lien direct) | The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previously undocumented components to the modular framework, Morphisec researchers Hido Cohen and Arnold | Malware Threat | ||
|
2022-08-19 06:35:28 | Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations (lien direct) | A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018, | Malware Threat |
To see everything:
Our RSS (filtrered)
