What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-19 22:18:13 | BRATA Android Malware Gains Advanced Mobile Threat Capabilities (lien direct) | The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy. "In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which | Malware Threat | ||
|
2022-06-16 03:05:49 | A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage (lien direct) | A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack makes it possible to launch file-encrypting malware to "encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable | Ransomware Malware | ||
|
2022-06-15 20:00:55 | MaliBot: A New Android Banking Trojan Spotted in the Wild (lien direct) | A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot. The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor | Malware | ||
|
2022-06-15 05:05:43 | Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers (lien direct) | A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." The feature-packed | Malware | ||
|
2022-06-14 00:02:08 | Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware (lien direct) | Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans (RATs) and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption, and obfuscation to evade antivirus software products," Zscaler's Romain Dumont | Malware | ||
|
2022-06-13 05:26:13 | Chinese \'Gallium\' Hackers Using New PingPull Malware in Cyberespionage Attacks (lien direct) | A Chinese advanced persistent threat (APT) known as Gallium has been observed using a previously undocumented remote access trojan in its espionage attacks targeting companies operating in Southeast Asia, Europe, and Africa. Called PingPull, the "difficult-to-detect" backdoor is notable for its use of the Internet Control Message Protocol (ICMP) for command-and-control (C2) communications, | Malware Threat | ||
|
2022-06-13 02:49:51 | Quick and Simple: BPFDoor Explained (lien direct) | BPFDoor isn't new to the cyberattack game - in fact, it's gone undetected for years - but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented. What's BPFDoor? BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit | Malware Threat | ||
|
2022-06-12 19:39:36 | Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks (lien direct) | The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. " | Malware Tool Threat | ||
|
2022-06-09 04:08:48 | Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector (lien direct) | Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim's resources like a parasite. | Malware Threat | ||
|
2022-06-08 22:38:48 | New Emotet Variant Stealing Users\' Credit Card Information from Google Chrome (lien direct) | Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, which | Malware | ||
|
2022-06-07 01:14:19 | Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware (lien direct) | A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the | Spam Malware Threat | ||
|
2022-06-03 02:58:38 | Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network (lien direct) | The Parrot traffic direction system (TDS) that came to light earlier this year has had a larger impact than previously thought, according to new research. Sucuri, which has been tracking the same campaign since February 2019 under the name "NDSW/NDSX," said that "the malware was one of the top infections" detected in 2021, accounting for more than 61,000 websites. Parrot TDS was documented in | Malware | ★★★ | |
|
2022-06-02 01:38:51 | SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities (lien direct) | The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities. "Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang," Singapore-headquartered cybersecurity | Malware Tool Threat | APT-C-17 | |
|
2022-06-01 05:36:29 | FluBot Android Spyware Taken Down by Global Law Enforcement Operation (lien direct) | An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement. The "complex | Malware Threat | ||
|
2022-06-01 02:16:04 | New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers (lien direct) | An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company | Malware | ||
|
2022-05-31 04:42:50 | Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise (lien direct) | An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. "The most | Malware Threat | ||
|
2022-05-30 02:30:19 | EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities (lien direct) | A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services | Malware | ||
|
2022-05-26 03:24:57 | Experts Warn of Rise in ChromeLoader Malware Hijacking Users\' Browsers (lien direct) | A malvertising threat is witnessing a new surge in activity since its emergence earlier this year. Dubbed ChromeLoader, the malware is a "pervasive and persistent browser hijacker that modifies its victims' browser settings and redirects user traffic to advertisement websites," Aedan Russell of Red Canary said in a new report. ChromeLoader is a rogue Chrome browser extension and is typically | Malware Threat | ||
|
2022-05-25 02:39:51 | Researchers Find New Malware Attacks Targeting Russian Government Entities (lien direct) | An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a | Malware Threat | ||
|
2022-05-24 03:06:47 | Malware Analysis: Trickbot (lien direct) | In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticated software apps taking over different jobs along the attack-chain from initial compromise to | Malware | ||
|
2022-05-20 03:18:28 | Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices (lien direct) | A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is known to have been active since at least 2014. "XorDdos' modular | Malware | ||
|
2022-05-19 22:30:01 | Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware (lien direct) | Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware. "The spoofed sites were created to distribute malicious ISO files which lead to a Vidar info-stealer infection on the endpoint," Zscaler said in a report. "These variants of Vidar malware | Malware Guideline | ||
|
2022-05-18 06:24:30 | How to Protect Your Data When Ransomware Strikes (lien direct) | Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are available on the dark web for anyone to purchase and deploy and attackers have an infinite | Ransomware Malware | ★★ | |
|
2022-05-18 00:31:24 | Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets (lien direct) | Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet. "Cryware are information stealers that | Malware Threat | ||
|
2022-05-17 05:38:40 | UpdateAgent Returns with New macOS Malware Dropper Written in Swift (lien direct) | A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat | Malware | ||
|
2022-05-16 02:58:57 | Researchers Find Way to Run Malware on iPhone Even When It\'s OFF (lien direct) | A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate | Malware | ||
|
2022-05-16 01:55:30 | Researchers Warn of "Eternity Project" Malware Service Being Sold via Telegram (lien direct) | An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to communicate updates about the | Malware Threat | ||
|
2022-05-13 21:17:11 | (Déjà vu) Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K. (lien direct) | A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly | Malware | ||
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-05-11 03:27:50 | Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K (lien direct) | A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started on April 26, 2022. "The newly | Malware | ★★★ | |
|
2022-05-11 02:08:21 | Malicious NPM Packages Target German Companies in Supply Chain Attack (lien direct) | Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the | Malware | ★★★ | |
|
2022-05-10 05:44:36 | Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families (lien direct) | Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an analysis last week. "The stealer also steals data from various locations across the system and | Malware | ★★ | |
|
2022-05-09 05:27:01 | Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums (lien direct) | Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat (aka DarkCrystal RAT) that's offered on sale for "dirt cheap" prices, making it accessible to professional cybercriminal groups and novice actors alike. "Unlike the well-funded, massive Russian threat groups crafting custom malware [...], this remote access Trojan (RAT) appears to be the work of | Malware Threat | ★★★★ | |
|
2022-05-09 03:38:34 | Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store (lien direct) | A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information. | Malware | ||
|
2022-05-09 01:55:28 | Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The mass email campaign carries the subject line "chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer. The attack, which | Malware Guideline | ||
|
2022-05-06 21:03:52 | This New Fileless Malware Hides Shellcode in Windows Event Logs (lien direct) | A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-up published this week. The stealthy infection process, not attributed to a known actor, is believed | Malware | ★★★★ | |
|
2022-05-06 04:07:04 | Researchers Warn of \'Raspberry Robin\' Malware Spreading via External Drives (lien direct) | Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL." The earliest signs of the activity are said to | Malware | ★★★★ | |
|
2022-05-06 02:26:10 | Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware (lien direct) | A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan ( | Malware | ||
|
2022-05-06 00:17:17 | Experts Uncover New Espionage Attacks by Chinese \'Mustang Panda\' Hackers (lien direct) | The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing | Malware Threat | ||
|
2022-05-04 01:34:17 | Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers (lien direct) | A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open | Malware Threat | ||
|
2022-05-02 22:32:30 | Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (lien direct) | A Chinese-aligned cyberespionage group has been observed striking the telecommunication sector in Central Asia with versions of malware such as ShadowPad and PlugX. Cybersecurity firm SentinelOne tied the intrusions to an actor it tracks under the name "Moshen Dragon," with tactical overlaps between the collective and another threat group referred to as Nomad Panda (aka RedFoxtrot). "PlugX and | Malware Threat | ||
|
2022-04-28 04:01:07 | Cybercriminals Using New Malware Loader \'Bumblebee\' in the Wild (lien direct) | Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new, | Malware Threat | ||
|
2022-04-27 05:24:39 | Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware (lien direct) | A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has | Malware Threat | ||
|
2022-04-26 21:57:19 | NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages (lien direct) | A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them. The supply chain threat has been dubbed "Package Planting" by researchers from cloud security firm Aqua. Following responsible disclosure on February | Malware Threat | ||
|
2022-04-26 03:17:12 | Gold Ulrick Hackers Still in Action Despite Massive Conti Ransomware Leak (lien direct) | The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. Conti, attributed to a Russia-based threat actor known as Gold Ulrick, is one of the most prevalent malware strains in the ransomware landscape, accounting for 19% of all attacks during the three-month-period | Ransomware Malware Threat | ||
|
2022-04-26 02:53:07 | North Korean Hackers Target Journalists with GOLDBACKDOOR Malware (lien direct) | A state-backed threat actor with ties to the Democratic People's Republic of Korea (DRPK) has been attributed to a spear-phishing campaign targeting journalists covering the country with the ultimate goal of deploying a backdoor on infected Windows systems. The intrusions, said to be the work of Ricochet Chollima, resulted in the deployment of a novel malware strain called GOLDBACKDOOR, an | Malware Threat Cloud | APT 37 | |
|
2022-04-25 02:41:16 | New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices (lien direct) | A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically singling out Lilin security camera DVR devices to infect them with Mirai malware. Dubbed "Lilin Scanner" by Nozomi Networks, the latest version is designed to exploit a two-year-old critical command injection vulnerability in the DVR firmware that was patched by the Taiwanese company in February 2020. | Malware | ||
|
2022-04-24 21:52:36 | FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide (lien direct) | The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and | Ransomware Malware | ||
|
2022-04-22 02:30:49 | Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud (lien direct) | LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike | Malware | ||
|
2022-04-21 07:02:28 | Hackers Sneak \'More_Eggs\' Malware Into Resumes Sent to Corporate Hiring Managers (lien direct) | A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of | Malware |
To see everything:
Our RSS (filtrered)
