Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-12-20 16:11:00 |
VirusTotal cheat sheet makes it easy to search for specific results (lien direct) |
VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform. [...] |
Malware
Guideline
|
|
★★★
|
|
2022-12-20 13:42:20 |
Hackers bombard PyPi platform with information-stealing malware (lien direct) |
The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data. [...] |
Malware
|
|
★
|
|
2022-12-20 10:15:59 |
Raspberry Robin worm drops fake malware to confuse researchers (lien direct) |
The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools. [...] |
Malware
|
|
★★★★★
|
|
2022-12-19 14:37:18 |
(Déjà vu) Microsoft finds macOS bug that lets malware bypass security checks (lien direct) |
Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] |
Malware
Vulnerability
|
|
★★
|
|
2022-12-19 14:37:18 |
Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper (lien direct) |
Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] |
Malware
Vulnerability
|
|
★★
|
|
2022-12-19 12:39:27 |
Ukraine\'s DELTA military system users targeted by info-stealing malware (lien direct) |
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware. [...] |
Malware
|
|
★★★
|
|
2022-12-17 11:08:16 |
Glupteba malware is back in action after Google disruption (lien direct) |
The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. [...] |
Malware
|
|
★★★
|
|
2022-12-16 10:23:17 |
Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux (lien direct) |
A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. [...] |
Malware
|
|
★★
|
|
2022-12-15 02:36:18 |
Hackers target Japanese politicians with new MirrorStealer malware (lien direct) |
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.' [...] |
Malware
|
|
★
|
|
2022-12-14 14:13:11 |
Attackers use SVG files to smuggle QBot malware onto Windows systems (lien direct) |
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. [...] |
Malware
|
|
★★
|
|
2022-12-14 13:24:00 |
Microsoft patches Windows zero-day used to drop ransomware (lien direct) |
Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] |
Ransomware
Malware
Vulnerability
Threat
|
|
★★
|
|
2022-12-13 12:27:43 |
New GoTrim botnet brute forces WordPress site admin accounts (lien direct) |
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. [...] |
Malware
|
|
★★
|
|
2022-12-12 16:26:33 |
New Python malware backdoors VMware ESXi servers for remote access (lien direct) |
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. [...] |
Malware
|
|
★★★
|
|
2022-12-11 11:22:33 |
(Déjà vu) Clop ransomware uses TrueBot malware for access to networks (lien direct) |
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] |
Ransomware
Malware
|
|
★★
|
|
2022-12-11 11:22:33 |
Clop ransomware partners with TrueBot malware for access to networks (lien direct) |
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. [...] |
Ransomware
Malware
|
|
★
|
|
2022-12-09 09:00:00 |
Holiday 2022 deal: 20% off Zero2Automated malware analysis training (lien direct) |
Zero2Automated, the creators of the popular malware analysis and reverse-engineering course, is having a Christmas special where you can get 20% off all courses on their site, with additional goodies thrown in. [...] |
Malware
|
|
★★★
|
|
2022-12-08 05:00:00 |
New \'Zombinder\' platform binds Android malware with legitimate apps (lien direct) |
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. [...] |
Malware
Threat
|
|
★★★
|
|
2022-12-07 14:19:32 |
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices (lien direct) |
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras. [...] |
Malware
|
|
★★
|
|
2022-12-04 10:11:22 |
Android malware apps with 2 million installs spotted on Google Play (lien direct) |
A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. [...] |
Malware
Mobile
|
|
★★★
|
|
2022-12-03 10:12:06 |
Hackers use new, fake crypto app to breach networks, steal cryptocurrency (lien direct) |
The North Korean 'Lazarus' hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets. [...] |
Malware
|
APT 38
|
★★★
|
|
2022-12-02 12:29:48 |
New CryWiper malware wipes data in attack against Russian org (lien direct) |
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery. [...] |
Malware
|
|
★★★
|
|
2022-12-01 21:43:44 |
(Déjà vu) Samsung, LG, Mediatek certificates compromised to sign Android malware (lien direct) |
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware. [...] |
Malware
|
|
★★★★★
|
|
2022-12-01 21:43:44 |
Compromised OEM Android platform certificates used to sign malware (lien direct) |
Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware. [...] |
Malware
Threat
|
|
★★★
|
|
2022-12-01 15:52:29 |
Android malware infected 300,000 devices to steal Facebook accounts (lien direct) |
An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices. [...] |
Malware
|
|
★★★
|
|
2022-12-01 13:45:32 |
(Déjà vu) New Redigo malware drops stealthy backdoor on Redis servers (lien direct) |
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. [...] |
Malware
Threat
|
|
★★★
|
|
2022-12-01 11:19:46 |
New DuckLogs malware service claims having thousands of \'customers\' (lien direct) |
A new malware-as-a-service (MaaS) operation named 'DuckLogs' has emerged, giving low-skilled attackers easy access to multiple modules to steal information, log key strokes, access clipboard data, and remote access to the compromised host. [...] |
Malware
|
|
★★★
|
|
2022-11-30 15:51:29 |
New Windows malware scans victims\' mobile phones for data to steal (lien direct) |
Security researchers found a previously unknown backdoor they call Dophin that's been used by North Korean hackers in highly targeted operations for more than a year to steal files and send them to Google Drive storage. [...] |
Malware
|
|
★★★
|
|
2022-11-28 13:40:42 |
TikTok \'Invisible Body\' challenge exploited to push malware (lien direct) |
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. [...] |
Malware
|
|
★★★
|
|
2022-11-23 06:02:16 |
Russian cybergangs stole over 50 million passwords this year (lien direct) |
At least 34 distinct Russian-speaking cybercrime groups using info-stealing malware like Raccoon and Redline have collectively stolen 50,350,000 account passwords from over 896,000 individual infections from January to July 2022. [...] |
Malware
|
|
★★★★
|
|
2022-11-22 11:04:37 |
Android file manager apps infect thousands with Sharkbot malware (lien direct) |
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. [...] |
Malware
|
|
★★★
|
|
2022-11-21 18:09:13 |
Aurora infostealer malware increasingly adopted by cybergangs (lien direct) |
Cybercriminals are increasingly turning to a new Go-based information stealer named 'Aurora' to steal sensitive information from browsers and cryptocurrency apps, exfiltrate data directly from disks, and load additional payloads. [...] |
Malware
|
|
★★★★
|
|
2022-11-21 13:24:44 |
Google Chrome extension used to steal cryptocurrency, passwords (lien direct) |
An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. [...] |
Malware
|
|
|
|
2022-11-19 13:28:32 |
New attacks use Windows security bypass zero-day to drop malware (lien direct) |
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...] |
Malware
Vulnerability
|
|
|
|
2022-11-18 10:24:41 |
Chinese hackers use Google Drive to drop malware on govt networks (lien direct) |
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [...] |
Malware
|
|
|
|
2022-11-17 13:19:17 |
QBot phishing abuses Windows Control Panel EXE to infect devices (lien direct) |
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. [...] |
Malware
|
|
|
|
2022-11-16 15:15:45 |
Updated RapperBot malware targets game servers in DDoS attacks (lien direct) |
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers. [...] |
Malware
|
|
|
|
2022-11-15 17:24:49 |
North Korean hackers target European orgs with updated malware (lien direct) |
North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [...] |
Malware
|
|
|
|
2022-11-11 11:26:33 |
New BadBazaar Android malware linked to Chinese cyberspies (lien direct) |
A previously undocumented Android spyware tool named 'BadBazaar' has been discovered targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang. [...] |
Malware
Tool
|
|
|
|
2022-11-10 17:58:42 |
Phishing drops IceXLoader malware on thousands of home, corporate devices (lien direct) |
A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. [...] |
Malware
|
|
|
|
2022-11-10 17:18:10 |
(Déjà vu) Microsoft fixes Windows zero-day bug exploited to push malware (lien direct) |
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] |
Malware
|
|
|
|
2022-11-10 17:18:10 |
Microsoft fixes MoTW zero-day used to drop malware via ISO files (lien direct) |
Windows has fixed a bug that prevented Mark of the Web flags from propagating to files within downloaded ISO files, dealing a massive blow to malware distributors and developers. [...] |
Malware
|
|
|
|
2022-11-10 14:17:25 |
Worok hackers hide new malware in PNGs using steganography (lien direct) |
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [...] |
Malware
Threat
|
|
|
|
2022-11-09 17:51:08 |
New StrelaStealer malware steals your Outlook, Thunderbird accounts (lien direct) |
A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. [...] |
Malware
|
|
|
|
2022-11-08 17:56:13 |
LockBit affiliate uses Amadey Bot malware to deploy ransomware (lien direct) |
A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices. [...] |
Ransomware
Malware
|
|
|
|
2022-11-03 15:36:50 |
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (lien direct) |
The threat actor behind the RomCom RAT (remote access trojan) has refreshed its attack vector and is now abusing well-known software brands for distribution. [...] |
Malware
Threat
|
|
|
|
2022-11-02 16:35:15 |
(Déjà vu) Hundreds of U.S. news sites push malware in supply-chain attack (lien direct) |
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] |
Malware
Threat
|
|
|
|
2022-11-02 16:35:15 |
Hundreds of U.S. news sites hit in SocGholish supply-chain attack (lien direct) |
The compromised infrastructure of an undisclosed media company is being used by threat actors to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S. [...] |
Malware
Threat
|
|
|
|
2022-11-02 14:41:42 |
(Déjà vu) Emotet botnet starts blasting malware again after 4 month break (lien direct) |
The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation. [...] |
Malware
|
|
|
|
2022-11-02 14:41:42 |
Emotet botnet starts blasting malware again after 5 month break (lien direct) |
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation. [...] |
Malware
|
|
|
|
2022-11-02 13:21:26 |
Dozens of PyPI packages caught dropping \'W4SP\' info-stealing malware (lien direct) |
Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware. [...] |
Malware
|
|
|