What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-22 05:41:06 | Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild (lien direct) | A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China.
Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking |
Malware | ||
|
2021-10-20 20:42:39 | Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals (lien direct) | Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015.
Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison, |
Malware | ||
|
2021-10-19 05:03:46 | A New Variant of FlawedGrace Spreading Through Mass Email Campaigns (lien direct) | Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria.
Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat |
Malware | ||
|
2021-10-18 23:11:57 | Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia (lien direct) | A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia.
Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka |
Malware Threat | ||
|
2021-10-15 07:40:55 | Attackers Behind Trickbot Expanding Malware Distribution Channels (lien direct) | The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti.
The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106 (aka TA551 or Shathak), |
Ransomware Malware Threat Guideline | ||
|
2021-10-14 09:30:34 | Google: We\'re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries (lien direct) | Google's Threat Analysis Group (TAG) on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.
The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from "blocking an |
Malware Threat | ||
|
2021-10-08 00:25:34 | Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems (lien direct) | Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server.
The malware family, dubbed "FontOnLake" by Slovak cybersecurity firm ESET, is said to feature "well-designed modules" that |
Malware | ||
|
2021-10-05 06:16:08 | New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers (lien direct) | Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.
"The image we uncovered was that of a state-sponsored campaign that plays on |
Malware Guideline | APT 41 | |
|
2021-10-01 05:25:31 | Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users (lien direct) | A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a "sophisticated multi-stage malware framework" that allows for providing |
Malware Threat | ||
|
2021-10-01 00:21:43 | Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware (lien direct) | In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks |
Malware Threat | ||
|
2021-09-30 00:40:22 | (Déjà vu) New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack (lien direct) | Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat (APT) behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools.
Moscow-headquartered firm Kaspersky codenamed the malware "Tomiris," calling out its similarities to another |
Malware Threat | ||
|
2021-09-29 02:06:23 | New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit (lien direct) | Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit using a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis.
Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux |
Malware | ||
|
2021-09-28 01:32:38 | New BloodyStealer Trojan Steals Gamers\' Epic Games and Steam Accounts (lien direct) | A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware "BloodyStealer," said it first detected the malicious tool in |
Malware Tool Threat | ||
|
2021-09-27 23:15:52 | Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers (lien direct) | Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers.
The tech giant's Threat Intelligence Center (MSTIC) codenamed the "passive and highly targeted backdoor" FoggyWeb, making it the threat actor tracked |
Malware Threat | ||
|
2021-09-27 06:35:19 | Russian Turla APT Group Deploying New Backdoor on Targeted Systems (lien direct) | State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.
Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected. |
Malware Threat | ||
|
2021-09-27 04:47:41 | New Android Malware Steals Financial Data from 378 Banking and Wallet Apps (lien direct) | The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research.
"The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed |
Malware | ||
|
2021-09-26 23:26:49 | A New Jupyter Malware Version is Being Distributed via MSI Installers (lien direct) | Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions.
The new delivery chain, spotted by Morphisec on September 8, underscores that the malware has not just continued to remain active but also showcases "how threat actors |
Malware Threat | ||
|
2021-09-24 05:49:39 | Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows (lien direct) | Cybersecurity researchers have disclosed a novel technique adopted by threat actors to deliberately evade detection with the help of malformed digital signatures of its malware payloads.
"Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code - which is used in a number of security scanning products," Google |
Malware Threat | ||
|
2021-09-23 02:55:09 | New Android Malware Targeting US, Canadian Users with COVID-19 Lures (lien direct) | An "insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data.
Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot."
"The malware |
Malware | ||
|
2021-09-21 03:08:05 | New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin (lien direct) | A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency.
"The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, |
Malware | ||
|
2021-09-20 04:00:58 | A New Wave of Malware Attack Targeting Organizations in South America (lien direct) | A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
Cybersecurity firm Trend Micro attributed the attacks to an advanced persistent threat (APT) tracked as APT-C-36 (aka Blind Eagle), a suspected |
Spam Malware Threat | APT-C-36 | |
|
2021-09-17 04:03:29 | New Malware Targets Windows Subsystem for Linux to Evade Detection (lien direct) | A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.
The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent |
Malware Threat | ||
|
2021-09-17 01:00:30 | Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years (lien direct) | A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.
Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence |
Malware Threat | ||
|
2021-09-14 06:43:34 | New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads (lien direct) | Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems while simultaneously embracing a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
"The malware is downloaded from a Google advertisement published through Google |
Malware | ||
|
2021-09-10 01:18:43 | Experts Link Sidewalk Malware Attacks to Grayfly Chinese Hacker Group (lien direct) | A previously undocumented backdoor that was recently found targeting an unnamed computer retail company based in the U.S. has been linked to a longstanding Chinese espionage operation dubbed Grayfly.
In late August, Slovakian cybersecurity firm ESET disclosed details of an implant called SideWalk, which is designed to load arbitrary plugins sent from an attacker-controlled server, gather |
Malware Guideline | APT 41 | |
|
2021-09-06 04:13:41 | Traffic Exchange Networks Distributing Malware Disguised as Cracked Software (lien direct) | An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications.
"These malware included an assortment of click fraud bots, other information stealers, and even ransomware," researchers from cybersecurity firm Sophos said in a |
Malware | ||
|
2021-09-03 03:40:42 | This New Malware Family Using CLFS Log Files to Avoid Detection (lien direct) | Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms.
FireEye's Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the identities of the |
Malware | ||
|
2021-09-02 02:07:03 | Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks (lien direct) | The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
News of the arrest, which originally happened in June, was disclosed by researchers from Netlab, the network research division of Chinese internet security company Qihoo 360, earlier this Monday, detailing |
Malware Threat | ||
|
2021-09-01 08:50:52 | Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns (lien direct) | Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage.
"Malware is currently leveraging these platforms to monetize the internet bandwidth of victims, similar to how malicious |
Malware Threat | ||
|
2021-08-28 09:37:18 | LockFile Ransomware Bypasses Protection Using Intermittent File Encryption (lien direct) | A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption."
Called LockFile, the operators of the ransomware has been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only |
Ransomware Malware | ||
|
2021-08-25 06:02:13 | Researchers Uncover FIN8\'s New Backdoor Targeting Financial Institutions (lien direct) | A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian |
Malware Threat | ||
|
2021-08-25 00:43:55 | New SideWalk Backdoor Targets U.S.-based Computer Retail Business (lien direct) | A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia.
Slovak cybersecurity firm ESET attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin |
Malware Threat | ||
|
2021-08-20 08:44:30 | ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups (lien direct) | ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
"The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware, |
Malware Threat | ||
|
2021-08-19 03:30:47 | Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang (lien direct) | Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate.
The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer |
Ransomware Malware Threat | ||
|
2021-08-18 01:33:33 | NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware (lien direct) | A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise (SWC) targeting a South Korean online newspaper.
Cybersecurity firm Volexity attributed the attacks to a threat actor it tracks as InkySquid, and more widely known by the monikers ScarCruft and APT37. Daily NK, the |
Malware Threat Cloud | APT 37 | |
|
2021-08-16 00:29:29 | New AdLoad Variant Bypasses Apple\'s Security Defenses to Target macOS Systems (lien direct) | A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection.
"AdLoad," as the malware is known, is one of several |
Malware | ||
|
2021-08-12 08:13:30 | Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (lien direct) | A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.
Dubbed "Ficker Stealer," it's notable for being propagated via Trojanized web links |
Malware Threat | ||
|
2021-08-09 06:00:46 | Beware! New Android Malware Hacks Thousands of Facebook Accounts (lien direct) | A new Android trojan has been found to compromise Facebook accounts of over 10,000 users in at least 144 countries since March 2021 via fraudulent apps distributed through Google Play Store and other third-party app marketplaces.
Dubbed "FlyTrap," the previously undocumented malware is believed to be part of a family of trojans that employ social engineering tricks to breach Facebook accounts as |
Malware | ||
|
2021-08-05 03:12:49 | A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service (lien direct) | Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to distribute a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S.
Dubbed " |
Malware | ||
|
2021-08-04 13:30:39 | Several Malware Families Targeting IIS Web Servers With Malicious Modules (lien direct) | A systematic analysis of attacks against Microsoft's Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years.
The findings were presented today by ESET malware researcher Zuzana Hromcova at the Black |
Malware | ||
|
2021-08-02 03:07:15 | Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild (lien direct) | Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar.
Dubbed "Solarmarker," the malware campaign is believed to be active since September 2020, with |
Malware Threat | ||
|
2021-07-30 03:00:54 | Experts Uncover Several C&C Servers Linked to WellMess Malware (lien direct) | Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign.
More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said |
Malware Threat | APT 29 | |
|
2021-07-30 00:36:30 | A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System (lien direct) | A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."
The campaign - dubbed "MeteorExpress" - has not been linked to any previously identified threat group or to additional attacks, making it the first |
Malware Threat | ||
|
2021-07-29 23:13:31 | Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers (lien direct) | An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are |
Ransomware Malware | ||
|
2021-07-29 08:18:26 | Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs (lien direct) | An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign.
The backdoor is distributed via a decoy document named "Manifest.docx" that |
Malware Threat | ||
|
2021-07-29 01:46:50 | New Android Malware Uses VNC to Spy and Steal Passwords from Victims (lien direct) | A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud.
Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was |
Malware | ||
|
2021-07-28 05:53:40 | UBEL is the New Oscorp - Android Credential Stealing Malware Active in the Wild (lien direct) | An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021.
Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing |
Malware | ||
|
2021-07-28 03:06:58 | Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees (lien direct) | An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of years-long social engineering and targeted malware campaign.
Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider |
Malware Threat | ||
|
2021-07-27 05:39:47 | Hackers Turning to \'Exotic\' Programming Languages for Malware Development (lien direct) | Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
"Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of |
Malware Threat | ||
|
2021-07-26 03:13:56 | Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems (lien direct) | An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns.
"LemonDuck, an actively updated and robust malware that's primarily known |
Malware |
To see everything:
Our RSS (filtrered)
