This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-12T13:55:59+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) […] ]]> 2022-12-01T22:39:51+00:00 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8286450 False Malware,Threat None 3.0000000000000000 Security Affairs - Blog Secu Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] ]]> 2022-11-24T09:59:26+00:00 https://securityaffairs.co/wordpress/138924/cyber-crime/qakbot-campaign-black-basta-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8196736 False Ransomware,Malware,Guideline None None Security Affairs - Blog Secu The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn. In late July 2022, researchers from WithSecure (formerly F-Secure Business) discovered an ongoing operation, named DUCKTAIL, that was targeting individuals and organizations that operate on Facebook's Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated […] ]]> 2022-11-23T18:53:23+00:00 https://securityaffairs.co/wordpress/138894/cyber-crime/ducktail-information-stealer-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=8184051 False Malware None 2.0000000000000000 Security Affairs - Blog Secu A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. The researcher pointed out […] ]]> 2022-11-22T19:04:22+00:00 https://securityaffairs.co/wordpress/138859/security/cisco-secure-email-gateways-bypass.html www.secnews.physaphae.fr/article.php?IdArticle=8164938 False Malware None 3.0000000000000000 Security Affairs - Blog Secu Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing […] ]]> 2022-11-22T15:20:06+00:00 https://securityaffairs.co/wordpress/138851/malware/aurora-stealer-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8162645 False Malware,Threat None 4.0000000000000000 Security Affairs - Blog Secu The Emotet malware is back and experts warn of a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. Proofpoint researchers warn of the return of the Emotet malware, in early November the experts observed a high-volume malspam campaign delivering payloads like IcedID and Bumblebee. The Emotet banking trojan has been active at least since 2014, the botnet is […] ]]> 2022-11-22T08:39:56+00:00 https://securityaffairs.co/wordpress/138824/cyber-crime/emotet-is-back-nov-2022.html www.secnews.physaphae.fr/article.php?IdArticle=8157805 False Malware None 3.0000000000000000 Security Affairs - Blog Secu Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. Researchers from Cisco Talos have monitored the LodaRAT malware over the course of 2022 and recently discovered multiple updated versions that have been deployed alongside other malware families, including RedLine and Neshta. The versions include new […] ]]> 2022-11-19T09:22:01+00:00 https://securityaffairs.co/wordpress/138723/malware/lodarat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8107427 False Malware None None Security Affairs - Blog Secu A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […] ]]> 2022-11-18T08:24:14+00:00 https://securityaffairs.co/wordpress/138692/cyber-crime/wasp-stealer-supply-chain-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8083972 False Malware,Threat None None Security Affairs - Blog Secu Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT […] ]]> 2022-11-16T11:39:15+00:00 https://securityaffairs.co/wordpress/138615/malware/rapperbot-botnet-targets-game-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8045978 False Malware None None Security Affairs - Blog Secu Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch […] ]]> 2022-11-14T12:52:52+00:00 https://securityaffairs.co/wordpress/138514/malware/kmsdbot-golang-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8008611 False Malware None None Security Affairs - Blog Secu 2022-11-12T14:53:58+00:00 https://securityaffairs.co/wordpress/138440/malware/xenomorph-banking-malware-play-store.html www.secnews.physaphae.fr/article.php?IdArticle=7970365 False Malware None None Security Affairs - Blog Secu Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […] ]]> 2022-11-11T21:07:03+00:00 https://securityaffairs.co/wordpress/138395/intelligence/uyghurs-badbazaar-moonshine-surveillance.html www.secnews.physaphae.fr/article.php?IdArticle=7955465 False Malware,Threat None None Security Affairs - Blog Secu Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github.  The […] ]]> 2022-11-10T16:15:55+00:00 https://securityaffairs.co/wordpress/138342/security/malicious-package-pypi-steganography.html www.secnews.physaphae.fr/article.php?IdArticle=7928862 False Malware None None Security Affairs - Blog Secu Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] ]]> 2022-11-09T13:31:43+00:00 https://securityaffairs.co/wordpress/138292/malware/amadey-malware-deploying-lockbit-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=7905588 False Ransomware,Malware None None Security Affairs - Blog Secu Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble researchers uncovered a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas. The experts detected more than 180 different samples of the clipper […] ]]> 2022-11-08T18:22:33+00:00 https://securityaffairs.co/wordpress/138251/malware/smokeloader-delivers-laplas-clipper.html www.secnews.physaphae.fr/article.php?IdArticle=7892664 False Malware None None Security Affairs - Blog Secu Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […] ]]> 2022-11-05T21:34:11+00:00 https://securityaffairs.co/wordpress/138113/hacking/pypi-packages-delivers-w4sp-stealer.html www.secnews.physaphae.fr/article.php?IdArticle=7852189 False Malware None None Security Affairs - Blog Secu Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […] ]]> 2022-11-03T16:28:32+00:00 https://securityaffairs.co/wordpress/138052/cyber-crime/supply-chain-attack-fakeupdates.html www.secnews.physaphae.fr/article.php?IdArticle=7804949 False Malware,Threat None None Security Affairs - Blog Secu Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […] ]]> 2022-11-02T18:55:55+00:00 https://securityaffairs.co/wordpress/137990/hacking/sandstrike-malware-cyberespionage.html www.secnews.physaphae.fr/article.php?IdArticle=7786609 False Malware,Threat None None Security Affairs - Blog Secu Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] ]]> 2022-10-31T14:37:01+00:00 https://securityaffairs.co/wordpress/137894/cyber-crime/wannacry-hybrid-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7754874 False Ransomware,Malware Wannacry,Wannacry 2.0000000000000000 Security Affairs - Blog Secu Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […] ]]> 2022-10-25T14:59:22+00:00 https://securityaffairs.co/wordpress/137608/malware/pos-malware-stolen-card-data.html www.secnews.physaphae.fr/article.php?IdArticle=7672738 False Malware,Threat None None Security Affairs - Blog Secu 2022-10-21T07:50:12+00:00 https://securityaffairs.co/wordpress/137435/malware/ursnif-shift-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=7600844 False Malware None None Security Affairs - Blog Secu Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that […] ]]> 2022-10-17T15:00:10+00:00 https://securityaffairs.co/wordpress/137252/malware/black-lotus-uefi-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=7528752 False Malware None None Security Affairs - Blog Secu Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The malicious code is distributed as free/cracked application installers for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Ducktail has been […] ]]> 2022-10-15T16:41:24+00:00 https://securityaffairs.co/wordpress/137145/malware/ducktail-php-targets-facebook.html www.secnews.physaphae.fr/article.php?IdArticle=7485682 False Malware None None Security Affairs - Blog Secu Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware.  Threat actors initially deployed […] ]]> 2022-10-12T05:54:56+00:00 https://securityaffairs.co/wordpress/136968/cyber-crime/microsoft-exchange-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7405732 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Threat actors behind the Emotet bot are continually improving their tactics, techniques, and procedures to avoid detection. VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by […] ]]> 2022-10-11T10:40:22+00:00 https://securityaffairs.co/wordpress/136935/malware/emotet-evolution-ttps.html www.secnews.physaphae.fr/article.php?IdArticle=7390601 False Malware None None Security Affairs - Blog Secu Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). The Eternity group operates a homonymous malware-as-a-service (MaaS), it is linked to the Russian “Jester Group,” which is […] ]]> 2022-10-07T05:02:45+00:00 https://securityaffairs.co/wordpress/136764/breaking-news/lilithbot-malware-eternity-group.html www.secnews.physaphae.fr/article.php?IdArticle=7328289 False Malware,Threat None None Security Affairs - Blog Secu Hundreds of Microsoft SQL servers all over the world have been infected with a new piece of malware tracked as Maggie. Security researchers Johann Aydinbas and Axel Wauer from the DCSO CyTec have spotted a new piece of malware, named Maggie, that has already infected over 250 Microsoft SQL servers worldwide. Most of the infected instances […] ]]> 2022-10-05T20:21:06+00:00 https://securityaffairs.co/wordpress/136693/cyber-crime/maggie-malware-microsoft-sql-server.html www.secnews.physaphae.fr/article.php?IdArticle=7310633 False Malware None None Security Affairs - Blog Secu Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will […] ]]> 2022-09-30T05:17:30+00:00 https://securityaffairs.co/wordpress/136408/hacking/vmware-esxi-hypervisors-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7217278 False Malware None None Security Affairs - Blog Secu A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. The malicious code was developed to target a broad range of devices, […] ]]> 2022-09-29T07:28:01+00:00 https://securityaffairs.co/wordpress/136384/malware/chaos-malware-windows-linux.html www.secnews.physaphae.fr/article.php?IdArticle=7196491 False Malware None None Security Affairs - Blog Secu The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut […] ]]> 2022-09-28T15:43:32+00:00 https://securityaffairs.co/wordpress/136370/uncategorized/quantum-builder-agent-tesla-rat.html www.secnews.physaphae.fr/article.php?IdArticle=7181400 False Malware,Threat None None Security Affairs - Blog Secu The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Cluster25 researchers were analyzing a lure PowerPoint document used to deliver a variant of Graphite malware, which is known to be used […] ]]> 2022-09-28T13:47:10+00:00 https://securityaffairs.co/wordpress/136358/apt/apt28-powerpoint-mouseover-technique.html www.secnews.physaphae.fr/article.php?IdArticle=7179609 False Malware APT 28 None Security Affairs - Blog Secu North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers aimed at stealing credentials for the victims’ wallets. Last week, SentinelOne researchers discovered a decoy documents advertising positions […] ]]> 2022-09-27T20:39:33+00:00 https://securityaffairs.co/wordpress/136297/apt/lazarus-apt-targeting-macos.html www.secnews.physaphae.fr/article.php?IdArticle=7164732 False Malware APT 38 None Security Affairs - Blog Secu The recently discovered Erbium information-stealer is being distributed as fake cracks and cheats for popular video games. Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Erbium info-stealing malware was first spotted by researchers at threat […] ]]> 2022-09-27T09:40:39+00:00 https://securityaffairs.co/wordpress/136285/malware/erbium-info-stealing-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7158257 True Malware,Threat None None Security Affairs - Blog Secu Ransomware operators switch to new extortion tactics by using the Exmatter malware and adding new data corruption functionality. The data extortion landscape is constantly evolving and threat actors are devising new extortion techniques, this is the case of threat actors using the Exmatter malware. Cyderes Special Operations and Stairwell Threat Research researchers spotted a sample […] ]]> 2022-09-26T06:22:16+00:00 https://securityaffairs.co/wordpress/136226/cyber-crime/exmatter-tool-shift-extortion-tactics.html www.secnews.physaphae.fr/article.php?IdArticle=7146767 False Malware,Tool,Threat None None Security Affairs - Blog Secu Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […] ]]> 2022-09-20T20:49:10+00:00 https://securityaffairs.co/wordpress/135996/apt/sandworm-targets-ukraine-teleco.html www.secnews.physaphae.fr/article.php?IdArticle=7022332 False Malware None None Security Affairs - Blog Secu VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect user traffic. The malware is able to redirect the user's traffic and hijacking user search queries to popular […] ]]> 2022-09-20T05:11:39+00:00 https://securityaffairs.co/wordpress/135949/malware/chromeloader-malware-campaigns.html www.secnews.physaphae.fr/article.php?IdArticle=7009427 False Malware None None Security Affairs - Blog Secu AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 […] ]]> 2022-09-19T05:09:43+00:00 https://securityaffairs.co/wordpress/135911/cyber-crime/teamtnt-is-back-encryption-solvers.html www.secnews.physaphae.fr/article.php?IdArticle=6997016 False Malware None None Security Affairs - Blog Secu Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners Researchers from Kaspersky have spotted a self-extracting archive, served to gamers looking for cheats on YouTube, that was employed to deliver the RedLine Stealer information-stealing malware and crypto miners. The RedLine malware allows operators to steal several […] ]]> 2022-09-15T15:32:00+00:00 https://securityaffairs.co/wordpress/135788/malware/self-spreading-malware-target-gamers.html www.secnews.physaphae.fr/article.php?IdArticle=6911148 False Malware None None Security Affairs - Blog Secu A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system […] ]]> 2022-09-07T16:38:18+00:00 https://securityaffairs.co/wordpress/135437/malware/shikitega-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6769653 False Malware,Threat None None Security Affairs - Blog Secu Experts spotted new Android spyware that was used by China-linked threat actors to spy on the Uyghur community in China. Researchers from Cyble Research & Intelligence Labs (CRIL) started their investigation after MalwareHunterTeam experts shared information about a new Android malware used to spy on the Uyghur community. The malware disguised as a book titled “The China […] ]]> 2022-09-06T16:23:32+00:00 https://securityaffairs.co/wordpress/135403/malware/android-malware-spy-uyghur.html www.secnews.physaphae.fr/article.php?IdArticle=6751989 False Malware,Threat None None Security Affairs - Blog Secu Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] ]]> 2022-09-05T11:44:19+00:00 https://securityaffairs.co/wordpress/135326/security/windows-defender-flase-positive.html www.secnews.physaphae.fr/article.php?IdArticle=6739548 False Ransomware,Malware None None Security Affairs - Blog Secu Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. Fox IT researchers have spotted an upgraded version of a SharkBot dropper that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, […] ]]> 2022-09-05T08:02:25+00:00 https://securityaffairs.co/wordpress/135303/malware/sharkbot-variant-google-play.html www.secnews.physaphae.fr/article.php?IdArticle=6738029 False Malware None None Security Affairs - Blog Secu The author of the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub. The development team behind the remote access trojan (RAT) CodeRAT has leaked the source code of its malware on GitHub after the SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. […] ]]> 2022-09-04T09:14:26+00:00 https://securityaffairs.co/wordpress/135255/malware/coderat-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6722594 False Malware,Threat None None Security Affairs - Blog Secu The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer, which allows to secretly steal a copy of the data exfiltrated from the victims. “Zscaler ThreatLabz researchers have uncovered the Prynt Stealer builder, also […] ]]> 2022-09-02T17:31:54+00:00 https://securityaffairs.co/wordpress/135229/malware/prynt-stealer-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=6688283 False Malware None None Security Affairs - Blog Secu Researchers attribute the Raspberry Robin malware to the Russian cybercrime group known as Evil Corp group. IBM Security X-Force researchers discovered similarities between a component used in the Raspberry Robin malware and a Dridex malware loader, which was part of the malicious operations of the cybercrime gang Evil Corp. Raspberry Robin is a Windows worm discovered […] ]]> 2022-09-02T12:54:09+00:00 https://securityaffairs.co/wordpress/135206/cyber-crime/raspberry-robin-linked-to-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=6683865 False Malware None None Security Affairs - Blog Secu 2022-08-31T16:43:57+00:00 https://securityaffairs.co/wordpress/135090/malware/gowebbfuscator-james-webb-space-telescope.html www.secnews.physaphae.fr/article.php?IdArticle=6648566 False Malware,Threat None None Security Affairs - Blog Secu Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers discovered a Turkish based crypto miner malware campaign, dubbed Nitrokod, which infected machines across 11 countries The threat actors dropped the malware from popular software available on dozens of free software websites, including Softpedia and […] ]]> 2022-08-29T13:11:48+00:00 https://securityaffairs.co/wordpress/134985/cyber-crime/nitrokod-crypto-miner-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=6612759 False Malware,Threat None None Security Affairs - Blog Secu Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments.  The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […] ]]> 2022-08-25T17:11:38+00:00 https://securityaffairs.co/wordpress/134838/apt/nobelium-magicweb-tool.html www.secnews.physaphae.fr/article.php?IdArticle=6524118 False Malware,Threat APT 29 None Security Affairs - Blog Secu Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct […] ]]> 2022-08-23T07:03:34+00:00 https://securityaffairs.co/wordpress/134735/malware/counterfeit-versions-mobile-devices-target-whatsapp.html www.secnews.physaphae.fr/article.php?IdArticle=6479390 False Malware None None Security Affairs - Blog Secu The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by the Amnesty International revealed that the […] ]]> 2022-08-22T06:47:28+00:00 https://securityaffairs.co/wordpress/134674/apt/donot-team-improves-jaca-framework.html www.secnews.physaphae.fr/article.php?IdArticle=6469702 False Malware None None Security Affairs - Blog Secu Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages […] ]]> 2022-08-21T23:56:05+00:00 https://securityaffairs.co/wordpress/134686/hacking/fake-ddos-protection-pages-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=6464198 False Malware None None Security Affairs - Blog Secu A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific […] ]]> 2022-08-21T08:35:30+00:00 https://securityaffairs.co/wordpress/134651/cyber-crime/grandoreiro-targest-mexico-spain.html www.secnews.physaphae.fr/article.php?IdArticle=6451974 False Malware None None Security Affairs - Blog Secu TA558 cybercrime group is behind a malware campaign targeting hospitality, hotel, and travel organizations in Latin America Researchers from Proofpoint are monitoring a malware campaign conducted by a cybercrime group, tracked as TA558, that is targeting hospitality, hotel, and travel organizations in Latin America. The group is a small crime threat actor, that has been […] ]]> 2022-08-20T08:28:30+00:00 https://securityaffairs.co/wordpress/134622/cyber-crime/ta558-targets-hospitality-travel.html www.secnews.physaphae.fr/article.php?IdArticle=6430507 False Malware,Threat None None Security Affairs - Blog Secu Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] ]]> 2022-08-19T09:04:18+00:00 https://securityaffairs.co/wordpress/134580/security/cisco-secure-web-appliance-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6409263 False Malware,Vulnerability None None Security Affairs - Blog Secu The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and military sectors and leverages […] ]]> 2022-08-17T08:31:52+00:00 https://securityaffairs.co/wordpress/134491/malware/north-korea-mac-malware-m1.html www.secnews.physaphae.fr/article.php?IdArticle=6369198 False Malware,Medical APT 38 None Security Affairs - Blog Secu Russia-linked Gamaredon APT group targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) targets Ukrainian entities with PowerShell info-stealer malware dubbed GammaLoad, Symantec warns. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed the ongoing cyber espionage campaign. Symantec and TrendMicro first discovered the Gamaredon […] ]]> 2022-08-16T08:15:55+00:00 https://securityaffairs.co/wordpress/134438/apt/gamaredon-continues-target-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=6349738 False Malware None None Security Affairs - Blog Secu 2022-08-15T15:22:28+00:00 https://securityaffairs.co/wordpress/134392/malware/sova-android-malware-v5.html www.secnews.physaphae.fr/article.php?IdArticle=6342993 False Ransomware,Malware None None Security Affairs - Blog Secu Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […] ]]> 2022-08-15T08:16:31+00:00 https://securityaffairs.co/wordpress/134381/security/pypi-package-fileless-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6337742 False Malware None None Security Affairs - Blog Secu Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware, Reuters reported citing two sources present. The revelation comes while media and journalists are […] ]]> 2022-08-06T20:46:41+00:00 https://securityaffairs.co/wordpress/134097/intelligence/greek-intelligence-surveillance-malware.html www.secnews.physaphae.fr/article.php?IdArticle=6170155 False Malware None None Security Affairs - Blog Secu An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an unknown threat actor targeting Russian organizations with a new remote access trojan called Woody RAT. The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw (CVE-2022-30190). The assumption […] ]]> 2022-08-04T19:13:13+00:00 https://securityaffairs.co/wordpress/134014/intelligence/woody-rat-targets-russia-orgs.html www.secnews.physaphae.fr/article.php?IdArticle=6128945 False Malware,Threat None None Security Affairs - Blog Secu Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, […] ]]> 2022-08-02T07:44:54+00:00 https://securityaffairs.co/wordpress/133918/malware/gootkit-is-still-active.html www.secnews.physaphae.fr/article.php?IdArticle=6086658 False Malware None 2.0000000000000000 Security Affairs - Blog Secu Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […] ]]> 2022-07-29T13:55:57+00:00 https://securityaffairs.co/wordpress/133810/cyber-crime/raspberry-robin-linked-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=6012569 False Malware None None Security Affairs - Blog Secu Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […] ]]> 2022-07-29T08:06:44+00:00 https://securityaffairs.co/wordpress/133795/cyber-crime/malware-npm-packages-discord.html www.secnews.physaphae.fr/article.php?IdArticle=6008014 True Malware None None Security Affairs - Blog Secu Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […] ]]> 2022-07-28T11:04:36+00:00 https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5988226 False Malware,Threat None None Security Affairs - Blog Secu Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […] ]]> 2022-07-26T16:14:12+00:00 https://securityaffairs.co/wordpress/133680/malware/dll-sideloading-spread-qakbot.html www.secnews.physaphae.fr/article.php?IdArticle=5953000 False Malware None None Security Affairs - Blog Secu Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […] ]]> 2022-07-25T23:10:18+00:00 https://securityaffairs.co/wordpress/133658/malware/cosmicstrand-uefi-firmware-rootkit.html www.secnews.physaphae.fr/article.php?IdArticle=5944102 False Malware,Threat None None Security Affairs - Blog Secu Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […] ]]> 2022-07-25T06:27:21+00:00 https://securityaffairs.co/wordpress/133617/cyber-crime/amadey-malware-spreads-smokeloader.html www.secnews.physaphae.fr/article.php?IdArticle=5936287 False Malware None None Security Affairs - Blog Secu A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […] ]]> 2022-07-22T05:45:39+00:00 https://securityaffairs.co/wordpress/133535/apt/ta4563-group-evilnum-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5870359 True Malware,Threat None None Security Affairs - Blog Secu Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that […] ]]> 2022-07-21T20:20:16+00:00 https://securityaffairs.co/wordpress/133520/malware/attackers-target-software-firm-ukraine-gomet.html www.secnews.physaphae.fr/article.php?IdArticle=5861750 False Malware None None Security Affairs - Blog Secu Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework, which targets Linux systems. The malicious code has a modular structure and is able to install rootkits. “Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has […] ]]> 2022-07-21T17:37:51+00:00 https://securityaffairs.co/wordpress/133506/malware/lightning-framework-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5858907 False Malware None None Security Affairs - Blog Secu Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively uses public cloud storage services as C2. The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. […] ]]> 2022-07-19T20:07:23+00:00 https://securityaffairs.co/wordpress/133416/hacking/cloudmensis-spyware.html www.secnews.physaphae.fr/article.php?IdArticle=5827812 False Malware None None Security Affairs - Blog Secu Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware. The […] ]]> 2022-07-19T08:44:47+00:00 https://securityaffairs.co/wordpress/133394/malware/play-store-apps-joker-facestealer-coper.html www.secnews.physaphae.fr/article.php?IdArticle=5823539 False Malware None None Security Affairs - Blog Secu Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The threat continues to […] ]]> 2022-07-13T18:29:04+00:00 https://securityaffairs.co/wordpress/133191/malware/qakbot-continues-to-evolve.html www.secnews.physaphae.fr/article.php?IdArticle=5700264 False Malware,Threat None None Security Affairs - Blog Secu Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The malware uses […] ]]> 2022-07-09T10:04:58+00:00 https://securityaffairs.co/wordpress/133039/cyber-crime/raspberry-robin-infection-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5626635 False Malware None None Security Affairs - Blog Secu The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] ]]> 2022-07-08T10:25:18+00:00 https://securityaffairs.co/wordpress/132999/cyber-crime/trickbot-systematically-attacking-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=5609074 False Ransomware,Malware None None Security Affairs - Blog Secu Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […] ]]> 2022-07-07T09:34:15+00:00 https://securityaffairs.co/wordpress/132966/hacking/orbit-linux-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5592154 False Malware None None Security Affairs - Blog Secu Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] ]]> 2022-07-06T09:38:38+00:00 https://securityaffairs.co/wordpress/132914/malware/hive-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5576358 False Ransomware,Malware None None Security Affairs - Blog Secu AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] ]]> 2022-07-05T07:44:27+00:00 https://securityaffairs.co/wordpress/132871/malware/astralocker-ransomware-shut-down.html www.secnews.physaphae.fr/article.php?IdArticle=5558384 False Ransomware,Malware None None Security Affairs - Blog Secu Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […] ]]> 2022-07-03T17:32:54+00:00 https://securityaffairs.co/wordpress/132826/malware/microsoft-raspberry-robin-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=5537884 False Malware None None Security Affairs - Blog Secu Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment […] ]]> 2022-06-30T06:36:46+00:00 https://securityaffairs.co/wordpress/132743/malware/ytstealer-malware-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=5465759 False Malware None None Security Affairs - Blog Secu A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] ]]> 2022-06-28T21:24:18+00:00 https://securityaffairs.co/wordpress/132709/hacking/zuorat-soho-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5447076 False Malware,Threat None None Security Affairs - Blog Secu Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] ]]> 2022-06-27T14:46:33+00:00 https://securityaffairs.co/wordpress/132665/malware/matanbuchus-loader.html www.secnews.physaphae.fr/article.php?IdArticle=5419215 False Malware,Threat None None Security Affairs - Blog Secu The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […] ]]> 2022-06-27T10:23:24+00:00 https://securityaffairs.co/wordpress/132651/malware/cert-ua-darkcrystal-rat-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5417058 False Malware None None Security Affairs - Blog Secu China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] ]]> 2022-06-23T18:40:55+00:00 https://securityaffairs.co/wordpress/132545/hacking/tropic-trooper-apt-new-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5345458 False Malware,Tool APT 23 None Security Affairs - Blog Secu The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. The malware was first spotted in 2019 by security experts at Kaspersky, the name BRAT comes from 'Brazilian RAT Android,' because at the time it was used to […] ]]> 2022-06-20T09:41:01+00:00 https://securityaffairs.co/wordpress/132425/malware/brata-android-malware-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=5296059 False Malware None None Security Affairs - Blog Secu Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. The experts documented attacks against multiple banks, including UniCredit, Santander, CaixaBank, and CartaBCC. […] ]]> 2022-06-18T06:47:02+00:00 https://securityaffairs.co/wordpress/132387/hacking/malibot-android-malware.html www.secnews.physaphae.fr/article.php?IdArticle=5239143 False Malware None None Security Affairs - Blog Secu Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] ]]> 2022-06-17T20:00:33+00:00 https://securityaffairs.co/wordpress/132363/malware/hermit-spyware-italian-surveillance-firm.html www.secnews.physaphae.fr/article.php?IdArticle=5226610 False Malware,Threat,Cloud APT 37 None Security Affairs - Blog Secu Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. However, the experts warn that info-stealing Trojans are the […] ]]> 2022-06-16T07:00:36+00:00 https://securityaffairs.co/wordpress/132305/malware/malware-google-play-store.html www.secnews.physaphae.fr/article.php?IdArticle=5182737 False Malware None None Security Affairs - Blog Secu Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. Researchers from Confiant have uncovered a sophisticated malware campaign, tracked as SeaFlower, targeting Web3 wallet users. Chinese crooks are spreading backdoored versions of iOS and Android Web3 wallets to steal users' seed phrase. SeaFlower maintains the functionality […] ]]> 2022-06-14T07:06:29+00:00 https://securityaffairs.co/wordpress/132250/cyber-crime/seaflower-malware-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=5140188 False Malware None None Security Affairs - Blog Secu The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] ]]> 2022-06-10T14:37:16+00:00 https://securityaffairs.co/wordpress/132134/malware/cuba-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5076307 False Ransomware,Malware None None Security Affairs - Blog Secu Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program. Researchers from Avast have uncovered a malware campaign, tracked as FakeCrack, spreading through the search results for a pirated copy of the CCleaner Pro Windows optimization program. The researchers pointed out that operators behind the campaign […] ]]> 2022-06-09T08:48:41+00:00 https://securityaffairs.co/wordpress/132076/cyber-crime/ccleaner-black-seo-malware-fakecrack.html www.secnews.physaphae.fr/article.php?IdArticle=5053642 False Malware CCleaner,CCleaner 3.0000000000000000 Security Affairs - Blog Secu The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] ]]> 2022-06-07T08:55:47+00:00 https://securityaffairs.co/wordpress/132018/hacking/black-basta-ransomware-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=5020098 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. Researchers from Kaspersky have uncovered an “extremely sophisticated” China-linked APT group, tracked as LuoYu, that has been observed using a malicious Windows tool called WinDealer. LuoYu has been active since at […] ]]> 2022-06-03T23:46:21+00:00 https://securityaffairs.co/wordpress/131921/apt/luoyu-apt-windealer.html www.secnews.physaphae.fr/article.php?IdArticle=4960331 False Malware,Tool None None Security Affairs - Blog Secu The operators of the EnemyBot botnet added exploits for recently disclosed flaws in VMware, F5 BIG-IP, and Android systems. Operators behind the EnemyBot botnet are expanding the list of potential targets adding exploits for recently disclosed critical vulnerabilities in from VMware, F5 BIG-IP, and Android. The botnet was first discovered by Fortinet in March, the […] ]]> 2022-05-30T07:09:17+00:00 https://securityaffairs.co/wordpress/131783/malware/enemybot-botnet-new-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=4891900 False Malware None 5.0000000000000000 Security Affairs - Blog Secu 360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances of the malware spotted by the experts […] ]]> 2022-05-28T15:55:27+00:00 https://securityaffairs.co/wordpress/131762/apt/gamaredon-apt-ddos-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4860568 False Malware,Threat None None Security Affairs - Blog Secu The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2] that drop the following wallpaper that promotes […] ]]> 2022-05-28T15:02:13+00:00 https://securityaffairs.co/wordpress/131754/cyber-crime/industrial-spy-cuba-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=4859740 False Ransomware,Malware None None Security Affairs - Blog Secu Researchers warn of a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. Researchers from Red Canary observed a new malvertising campaign spreading the ChromeLoader malware that hijacks the victims’ browsers. ChromeLoader is a malicious Chrome browser extension, it is classified as a pervasive browser hijacker that modifies browser settings to redirect […] ]]> 2022-05-26T14:38:43+00:00 https://securityaffairs.co/wordpress/131685/malware/chromeloader-malspam-campaign.html www.secnews.physaphae.fr/article.php?IdArticle=4821145 False Malware None None Security Affairs - Blog Secu Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. Interpol Secretary General Jurgen Stock declared that nation-state malwre will become available on the darknet in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non […] ]]> 2022-05-24T09:06:15+00:00 https://securityaffairs.co/wordpress/131618/cyber-crime/nation-state-malware-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=4782917 False Malware None None Security Affairs - Blog Secu Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library […] ]]> 2022-05-23T06:56:23+00:00 https://securityaffairs.co/wordpress/131553/intelligence/fake-poc-exploits-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4770925 False Malware,Threat None None Security Affairs - Blog Secu Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […] ]]> 2022-05-18T14:37:54+00:00 https://securityaffairs.co/wordpress/131406/malware/microsoft-warns-cryware.html www.secnews.physaphae.fr/article.php?IdArticle=4689032 False Malware,Threat None None