What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-10 11:25:10 | Qbot, Lokibot malware switch back to Windows Regsvr32 delivery (lien direct) | Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe. [...] | Malware | ||
|
2022-02-09 10:26:31 | Ransomware dev releases Egregor, Maze master decryption keys (lien direct) | The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums by the alleged malware developer. [...] | Ransomware Malware | ||
|
2022-02-09 07:58:50 | Fake Windows 11 upgrade installers infect you with RedLine malware (lien direct) | Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. [...] | Malware Threat | ||
|
2022-02-09 03:17:34 | Molerats hackers deploy new malware in highly evasive campaign (lien direct) | The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. [...] | Malware | ||
|
2022-02-08 15:35:47 | Kimsuki hackers use commodity RATs with custom Gold Dragon malware (lien direct) | South Korean researchers have spotted a new wave of activity from the Kimsuky hacking group, involving commodity open-source remote access tools dropped with their custom backdoor, Gold Dragon. [...] | Malware | APT 43 | |
|
2022-02-08 03:12:24 | Qbot needs only 30 minutes to steal your credentials, emails (lien direct) | The widespread malware known as Qbot (aka Qakbot or QuakBot) has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. [...] | Malware | ||
|
2022-02-07 13:35:05 | (Déjà vu) Microsoft plans to kill malware delivery via Office macros (lien direct) | Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. [...] | Malware | ||
|
2022-02-07 12:05:03 | Google Cloud hypervisor modified to detect cryptominers without agents (lien direct) | Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents. [...] | Malware Threat | ||
|
2022-02-07 11:38:44 | Medusa malware ramps up Android SMS phishing attacks (lien direct) | The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud. [...] | Malware | ||
|
2022-02-07 09:47:54 | Roaming Mantis Android malware campaign sets sights on Europe (lien direct) | The Roaming Mantis SMS phishing campaign has finally reached Europe, as researchers detect campaigns targeting Android and iPhone users in Germany and France with malicious apps and phishing pages. [...] | Malware | ||
|
2022-02-04 19:10:06 | Microsoft disables MSIX protocol handler abused in Emotet attacks (lien direct) | Microsoft has disabled the MSIX ms-appinstaller protocol handler exploited in malware attacks to install malicious apps directly from a website via a Windows AppX Installer spoofing vulnerability. [...] | Malware | ||
|
2022-02-03 10:38:37 | State hackers\' new malware helped them stay undetected for 250 days (lien direct) | A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies. [...] | Malware | ||
|
2022-02-02 09:46:34 | SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers (lien direct) | A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. [...] | Malware Tool | ||
|
2022-02-01 16:59:18 | Malicious CSV text files used to install BazarBackdoor malware (lien direct) | A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...] | Malware | ||
|
2022-02-01 14:00:00 | Cyberspies linked to Memento ransomware use new PowerShell malware (lien direct) | An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...] | Ransomware Malware Conference | APT 35 APT 35 | |
|
2022-02-01 13:41:04 | Powerful new Oski variant \'Mars Stealer\' grabbing 2FAs and crypto (lien direct) | A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...] | Malware | ||
|
2022-01-31 11:14:28 | Russian \'Gamaredon\' hackers use 8 new malware payloads in attacks (lien direct) | The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...] | Malware | ||
|
2022-01-27 13:31:40 | Lazarus hackers use Windows Update to deploy malware (lien direct) | North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems. [...] | Malware | APT 38 | |
|
2022-01-27 09:23:25 | Russian APT29 hackers\' stealthy malware undetected for years (lien direct) | Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. [...] | Malware | APT 29 | |
|
2022-01-26 09:19:25 | New FluBot and TeaBot campaigns target Android devices worldwide (lien direct) | New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. [...] | Malware | ||
|
2022-01-25 15:06:27 | TrickBot now crashes researchers\' browsers to block malware analysis (lien direct) | The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts. [...] | Malware | ||
|
2022-01-25 13:26:47 | New DazzleSpy malware targets macOS users in watering hole attack (lien direct) | A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware [...] | Malware | ||
|
2022-01-25 11:31:34 | Google Drive now warns you of suspicious phishing, malware docs (lien direct) | Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. [...] | Malware Threat | ||
|
2022-01-24 12:55:28 | Android malware BRATA wipes your device after stealing data (lien direct) | The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity. [...] | Malware | ||
|
2022-01-21 12:54:28 | Phishing impersonates shipping giant Maersk to push STRRAT malware (lien direct) | A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices. [...] | Malware | ★★★★★ | |
|
2022-01-21 10:56:21 | Microsoft disables Excel 4.0 macros by default to block malware (lien direct) | Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents. [...] | Malware | ||
|
2022-01-20 13:37:25 | FBI links Diavol ransomware to the TrickBot cybercrime group (lien direct) | The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. [...] | Ransomware Malware | ||
|
2022-01-20 07:55:29 | New MoonBounce UEFI malware used by APT41 in targeted attacks (lien direct) | Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found so far in the wild, to the Chinese-speaking APT41 hacker group (also known as Winnti). [...] | Malware Guideline | APT 41 | |
|
2022-01-19 10:15:45 | New BHUNT malware targets your crypto wallets and passwords (lien direct) | A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. [...] | Malware | ||
|
2022-01-18 06:55:34 | Europol shuts down VPN service used by ransomware groups (lien direct) | Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. [...] | Ransomware Malware | ||
|
2022-01-16 13:32:35 | Microsoft: Fake ransomware targets Ukraine in data-wiping attacks (lien direct) | Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. [...] | Ransomware Malware | ||
|
2022-01-15 10:12:24 | Linux malware sees 35% growth during 2021 (lien direct) | The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks. [...] | Malware | ||
|
2022-01-13 13:08:36 | Microsoft Defender weakness lets hackers bypass malware detection (lien direct) | Threat actors can take advantage of a weakness that affects Microsoft Defender antivirus on Windows to learn locations excluded from scanning and plant malware there. [...] | Malware Threat | ||
|
2022-01-12 12:53:27 | Magniber ransomware using signed APPX files to infect systems (lien direct) | The Magniber ransomware has been spotted using Windows application package files (.APPX) signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates. [...] | Ransomware Malware | ||
|
2022-01-11 12:39:53 | New RedLine malware version spread as fake Omicron stat counter (lien direct) | A new variant of the RedLine info-stealer is distributed via emails using a fake COVID-19 Omicron stat counter app as a lure. [...] | Malware | ||
|
2022-01-11 10:04:33 | (Déjà vu) New SysJoker backdoor targets Windows, macOS, and Linux (lien direct) | A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. [...] | Malware | ||
|
2022-01-11 10:04:33 | New SysJocker backdoor targets Windows, macOS, and Linux (lien direct) | A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. [...] | Malware | ||
|
2022-01-10 16:09:01 | Linux version of AvosLocker ransomware targets VMware ESXi servers (lien direct) | AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. [...] | Ransomware Malware | ||
|
2022-01-10 13:43:47 | Oops: Cyberspies infect themselves with their own malware (lien direct) | After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers. [...] | Malware | ||
|
2022-01-08 14:35:42 | Trojanized dnSpy app drops malware cocktail on researchers, devs (lien direct) | Hackers targeted cybersecurity researchers and developers this week in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners. [...] | Malware | ||
|
2022-01-07 12:37:12 | FluBot malware now targets Europe posing as Flash Player app (lien direct) | The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features. [...] | Malware | ||
|
2022-01-05 09:54:34 | iOS malware can fake iPhone shut downs to snoop on camera, microphone (lien direct) | Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection. [...] | Malware | ||
|
2022-01-05 06:00:00 | Microsoft code-sign check bypassed to drop Zloader malware (lien direct) | A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries. [...] | Malware | ||
|
2022-01-03 15:45:11 | Purple Fox malware distributed via malicious Telegram installers (lien direct) | A laced Telegram for desktop installer was spotted distributing the Purple Fox malware while disabling the UAC on the infected systems. [...] | Malware | ||
|
2021-12-30 15:17:31 | Have I Been Pwned adds 441K accounts stolen by RedLine malware (lien direct) | The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441,000 accounts stolen in an information-stealing campaign using RedLine malware. [...] | Data Breach Malware | ||
|
2021-12-30 09:55:50 | (Déjà vu) Firmware attack can drop persistent malware in hidden SSD area (lien direct) | Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [...] | Malware | ||
|
2021-12-30 09:55:50 | Hiding malware inside the flex capacity space on modern SSDs (lien direct) | Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions. [...] | Malware | ||
|
2021-12-28 14:23:39 | New Flagpro malware linked to Chinese state-backed hackers (lien direct) | The cyber-espionage APT (advanced persistent threat) group tracked as 'BlackTech' was spotted using a novel malware called 'Flagpro' in attacks against Japanese firms. [...] | Malware | ||
|
2021-12-28 13:07:19 | RedLine malware shows why passwords shouldn\'t be saved in browsers (lien direct) | The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea. [...] | Malware | ||
|
2021-12-24 08:11:22 | Dridex Omicron phishing taunts with funeral helpline number (lien direct) | A malware distributor for the Dridex banking malware has been toying with victims and researchers over the last few weeks. The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number. [...] | Malware |
To see everything:
Our RSS (filtrered)
