What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-18 05:24:43 | New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar (lien direct) | Cybersecurity researchers have disclosed a new version of the SolarMarker malware that packs in new improvements with the goal of updating its defense evasion abilities and staying under the radar. "The recent version demonstrated an evolution from Windows Portable Executables (EXE files) to working with Windows installer package files (MSI files)," Palo Alto Networks Unit 42 researchers said in | Malware | ||
|
2022-04-17 23:00:22 | New Hacking Campaign Targeting Ukrainian Government with IcedID Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, the agency said the infection sequence begins with an email containing a Microsoft Excel document ( | Malware Threat | ||
|
2022-04-15 03:24:29 | Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (lien direct) | A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. "It features the ability to steal sensitive information from victims and can download additional malware to infected systems," Cisco Talos researchers Edmund Brumaghin and Vanja Svajcer | Malware Tool Threat | ||
|
2022-04-15 02:46:30 | As State-Backed Cyber Threats Grow, Here\'s How the World Is Reacting (lien direct) | With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware | Ransomware Malware | ||
|
2022-04-14 00:02:45 | Microsoft Disrupts ZLoader Cybercrime Botnet in Global Operation (lien direct) | Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts. "ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a | Malware | ||
|
2022-04-13 21:52:47 | U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (lien direct) | The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, compromise, and control | Malware | ||
|
2022-04-13 06:07:21 | Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers (lien direct) | The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. The threat actor is said to have targeted entities in the telecommunication, internet service provider and data services sectors from August 2021 to February 2022, expanding from the initial victimology patterns observed during its attacks | Malware Threat | ||
|
2022-04-13 03:57:21 | Russian Hackers Tried Attacking Ukraine\'s Power Grid with Industroyer2 Malware (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia's military intelligence, to sabotage the operations of an unnamed energy provider in the country. "The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated | Malware | ||
|
2022-04-11 20:37:10 | Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (lien direct) | A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites," Avast researchers Pavel Novák and Jan Rubín said in a report | Malware | ||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-08 09:48:47 | Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity (lien direct) | Cybersecurity researchers have uncovered further links between BlackCat (aka AlphaV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in | Ransomware Malware Tool | ||
|
2022-04-07 23:51:59 | New Octo Banking Trojan Spreading via Fake Apps on Google Play Store (lien direct) | A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called ExobotCompact, which, in turn, is a "lite" replacement for its Exobot predecessor, Dutch mobile security firm | Malware | ||
|
2022-04-07 08:29:56 | First Malware Targeting AWS Lambda Serverless Platform Discovered (lien direct) | A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild. Dubbed "Denonia" after the name of the domain it communicates with, "the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls," Cado Labs researcher Matt Muir said | Malware | ||
|
2022-04-07 04:33:24 | SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps (lien direct) | As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News. "This malware implements a geofencing feature and evasion techniques, which makes it | Malware | ||
|
2022-04-07 03:34:26 | Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems (lien direct) | Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word document deploying a Colibri bot that then delivers the Vidar Stealer," Malwarebytes Labs said in an | Malware | ||
|
2022-04-07 00:15:28 | FBI Shut Down Russia-linked "Cyclops Blink" Botnet That Infected Thousands of Devices (lien direct) | The U.S. Department of Justice (DoJ) announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used | Malware Threat | ★★★★ | |
|
2022-04-04 00:38:17 | Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums (lien direct) | A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients," Zscaler ThreatLabz researchers Mitesh Wani | Malware | ||
|
2022-04-01 06:50:55 | Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems (lien direct) | The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. The findings come as the U.S. telecom company disclosed that it was the target of a multifaceted and deliberate" cyberattack against | Malware | ||
|
2022-03-30 07:05:57 | Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread (lien direct) | A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov said in a report | Malware | ||
|
2022-03-29 03:16:31 | New Malware Loader \'Verblecon\' Infects Hacked PCs with Cryptocurrency Miners (lien direct) | An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," | Malware Threat | ||
|
2022-03-29 03:07:06 | Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation (lien direct) | Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was first documented by Slovak cybersecurity company ESET in October 2021, with very few telemetry hits | Malware | ||
|
2022-03-28 06:00:00 | Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware (lien direct) | A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with | Malware | ||
|
2022-03-28 02:14:38 | \'Purple Fox\' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks (lien direct) | The operators of the Purple Fox malware have retooled their malware arsenal with a new variant of a remote access trojan called FatalRAT, while also simultaneously upgrading their evasion mechanisms to bypass security software. "Users' machines are targeted via trojanized software packages masquerading as legitimate application installers," Trend Micro researchers said in a report published on | Malware | ||
|
2022-03-24 06:16:14 | Chinese APT Hackers Targeting Betting Companies in Southeast Asia (lien direct) | A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a "robust and modular toolset." The ultimate motives of the threat actor are not immediately | Malware Threat | ||
|
2022-03-24 06:06:05 | How to Build a Custom Malware Analysis Sandbox (lien direct) | Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware | Malware | ||
|
2022-03-23 04:59:47 | Chinese \'Mustang Panda\' Hackers Spotted Deploying New \'Hodur\' Malware (lien direct) | A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. "Most | Malware Threat | ||
|
2022-03-23 03:03:39 | New Variant of Chinese Gimmick Malware Targeting macOS Users (lien direct) | Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "feature-rich, multi-platform malware family that uses public cloud | Malware Threat | ||
|
2022-03-23 02:49:30 | Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware (lien direct) | Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same | Malware | ||
|
2022-03-17 21:52:58 | New Variant of Russian Cyclops Blink Botnet Targeting ASUS Routers (lien direct) | ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. According to a new report published by Trend Micro, the botnet's "main purpose is to build an infrastructure for further attacks on high-value targets," given that | Malware | ||
|
2022-03-17 05:59:15 | DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly (lien direct) | The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm | Malware | ||
|
2022-03-17 03:05:39 | TrickBot Malware Abusing Hacked IoT Devices as Command-and-Control Servers (lien direct) | Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers. "By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds | Malware | ||
|
2022-03-15 02:38:46 | CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks (lien direct) | Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia's continuing military invasion of the country. Slovak cybersecurity company ESET dubbed the third wiper "CaddyWiper," which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (" | Malware | ||
|
2022-03-14 02:17:59 | Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers (lien direct) | New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "are the same group or really close collaborators." "Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said. "If Kwampirs is | Malware | ||
|
2022-03-10 07:12:52 | Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (lien direct) | The Iranian state-sponsored threat actor known as MuddyWater has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems. "The MuddyWater supergroup is highly motivated and can use unauthorized access to conduct espionage, intellectual property theft, and deploy ransomware and destructive | Ransomware Malware Threat | ||
|
2022-03-10 00:01:20 | Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States (lien direct) | Yaroslav Vasinskyi, a Ukrainian national, linked to the Russia-based REvil ransomware group has been extradited to the U.S. to face charges for his role in carrying out the file-encrypting malware attacks against several companies, including Kaseya last July. The 22-year-old had been previously arrested in Poland in October 2021, prompting the U.S. Justice Department (DoJ) to file charges of | Ransomware Malware | ★★ | |
|
2022-03-06 23:36:25 | SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store (lien direct) | The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing | Malware Threat | ||
|
2022-03-01 22:20:17 | TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps (lien direct) | An Android banking trojan designed to steal credentials and SMS messages has been observed sneaking past Google Play Store protections to target users of more than 400 banking and financial apps from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via the device screen's live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and | Malware | ||
|
2022-03-01 08:46:53 | Second New \'IsaacWiper\' Data Wiper Targets Ukraine After Russian Invasion (lien direct) | A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper | Malware | ||
|
2022-03-01 06:03:02 | Conti Ransomware Gang\'s Internal Chats Leaked Online After Siding With Russia (lien direct) | Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated | Ransomware Malware | ||
|
2022-03-01 05:22:15 | Trickbot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail (lien direct) | Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [ | Malware | ||
|
2022-03-01 01:18:08 | Microsoft Finds FoxBlade Malware Hit Ukraine Hours Before Russian Invasion (lien direct) | Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new | Malware Threat | ||
|
2022-03-01 00:01:03 | China-linked Daxin Malware Targeted Multiple Governments in Espionage Attacks (lien direct) | A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a | Malware Tool Threat | ||
|
2022-02-28 03:10:56 | Reborn of Emotet: New Features of the Botnet and How to Detect it (lien direct) | One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet's executables. And it looked like the end of the trojan's story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues | Malware | ||
|
2022-02-27 22:52:31 | Iranian Hackers Using New Spying Malware That Abuses Telegram Messenger API (lien direct) | An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. Cybersecurity company Mandiant attributed the attack to an uncategorized cluster it's tracking under the moniker UNC3313, which it assesses with "moderate | Malware Threat | ||
|
2022-02-26 02:19:53 | Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (lien direct) | A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent | Malware | ||
|
2022-02-25 23:39:31 | Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (lien direct) | Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed targeting private 'i.ua' and 'meta.ua' accounts of Ukrainian military personnel and related | Malware | ||
|
2022-02-25 09:21:07 | New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors (lien direct) | Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the | Malware | ||
|
2022-02-25 06:08:03 | Iran\'s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks (lien direct) | Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies | Malware Threat | ||
|
2022-02-25 00:03:14 | Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure (lien direct) | The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's | Malware | ||
|
2022-02-24 05:28:40 | TrickBot Gang Likely Shifting Operations to Switch to New Malware (lien direct) | TrickBot, the infamous Windows crimeware-as-a-service (CaaS) solution that's used by a variety of threat actors to deliver next-stage payloads like ransomware, appears to be undergoing a transition of sorts, with no new activity recorded since the start of the year. The lull in the malware campaigns is "partially due to a big shift from Trickbot's operators, including working with the operators | Malware Threat |
To see everything:
Our RSS (filtrered)
