Antivirus, Blog, Information Security and Malware

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps. In case the subscription process requires a confirmation code, the malware is able to get it from the notifications.

Malware

Malware Mobile Antivirus Hacking

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. ” concludes the report.”Once

Software

Software Malware Telecommunications Antivirus

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity

Cybersecurity IoT Antivirus Education

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

This blog post was authored by Ankur Saini and Hossein Jazi. In this blog post, we will analyze Woody Rat’s distribution methods, capabilities as well as communication protocol. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. “Conti looks for and executes DLLs in its current directory. Pierluigi Paganini.

Ransomware

Ransomware Antivirus Malware Encryption

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. 2020-02-13] #Lampion v2 #portugal #malware #ATA 0998f6473004e0ba54ead5784ba62db8 h}//vrau-x.s3.us-east-2.amazonaws.[com/0.zip zip h//oiurx14x.s3.us-east-2.amazonaws.}com/P-14-7.dll

Malware

Malware Banking Antivirus Advertising

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. This is the exact case we observed with the Sharkbot malware.”

Banking

Banking Antivirus Malware Accountability

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store.

Adware

Adware Antivirus Malware Software

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” continues the report.

Encryption

Encryption Malware Cryptocurrency Software

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” SecurityAffairs – hacking, ZLoader malware). To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader.

Ransomware

Ransomware Malware Antivirus Phishing

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

This blog post was authored by Ankur Saini and Hossein Jazi. In this blog post, we will analyze Woody Rat's distribution methods, capabilities as well as communication protocol. The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc.

Malware

Malware Encryption Antivirus Architecture

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

MARCH 24, 2020

ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. Malware batches are available for download on a daily base.

Malware

Malware Adware Cyber threats Advertising

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

IoT

IoT DNS Antivirus DDOS

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Security Affairs

MAY 9, 2023

The flaw can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm, a circumstance that suggests it was used as part of an exploit chain to deliver malware. This vulnerability is actively exploited in attacks.

Antivirus

Antivirus Malware Hacking Cybersecurity

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io

Malware

Malware Antivirus Hacking Accountability

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

However, CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” Source J.D. reads the alert.

Ransomware

Ransomware Healthcare Education Encryption

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer. The binary is deployed using a specific flag that allows its execution, while the ZIP archive is removed.

Ransomware

Ransomware VPN Antivirus Encryption

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

Experts spotted Syslogk, a Linux rootkit under development

Security Affairs

JUNE 14, 2022

Researchers from antivirus firm Avast spotted a new Linux rootkit, dubbed ‘Syslogk,’ that uses specially crafted “magic packets” to activate a dormant backdoor on the device. Linux rootkits are malware installed as kernel modules in the operating system. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware System Administration Antivirus Architecture

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . “As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” concludes the researchers.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The tool was specifically designed to avoid detection by security solutions such as endpoint detection and response (EDR) and antivirus (AV). blog incoming pic.twitter.com/3NpUh2lOYF — Chetan Nayak (Author of Brute Ratel C4) (@NinjaParanoid) September 28, 2022. I am tracking it over the past few weeks. in, and Xss[.]is,

Hacking

Hacking Cybercrime Ransomware Antivirus

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

The malware takes advantage of a template from the Portuguese Tax services (Autoridade Tributária e Aduaneira) to disseminate the threat in the wild. At this moment, the infection chain is able to bypass the antivirus detection, with the latter EXE ( WpfApp14.exe The intent of this binary is the download the last stage of the malware.

Banking

Banking Encryption Malware Phishing

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

The modus operandi of this piece of malware is not new in Portugal. One of the last occurrences was last December 2019, where the Lampion trojan operated in a very similar way, changing only the way the malware was distributed (via AWS S3 buckets and with the first stage encoded in a highly obfuscated VBS file).

Banking

Banking Malware Phishing Social Engineering

From Targeted Attack to Untargeted Attack

Security Affairs

JUNE 17, 2019

Today I’d like to share an interesting and heavily obfuscated Malware which made me thinking about the meaning of ‘Targeted Attack’ Nowadays a Targeted Attack is mostly used to address state assets or business areas. The file looks like a common XLS file within low Antivirus detection rate as shown in the following image (6/63).

Computers and Electronics

Computers and Electronics Penetration Testing Antivirus Malware

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

” reads a blog post published by Intezer. As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. ” continues the analysis.

Cryptocurrency

Cryptocurrency Internet Internet Malware

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

The French police force, National Gendarmerie, announced to have neutralized the Retadup malware on over 850,000 computers taking over its C2 server. The operation allowed the France law enforcement agency to remotely disinfect more than 850,000 computers worldwide with the help of Avast malware researchers.

Malware

Malware Advertising Antivirus Cryptocurrency

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

The malware was named ‘Lampion’ as this is the name used as part of its internal name. In brief, when the victim clicks on the links available in the email body the malware is downloaded from the online server. dll) was sent to the VirusTotal by SI-LAB, and 12 from 71 engines classified it as malware. Lampion trojan (P-19-2.dll)

Malware

Malware Internet Internet Antivirus

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020. Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. .

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. With that, criminals achieved an important rule of thumb in the malware landscape: no detection.

Banking

Banking Malware Antivirus Cyber threats

The Language and Nature of Fileless Attacks Over Time

Lenny Zeltser

OCTOBER 12, 2018

It fascinates me not only because of its relevance to malware, but also because of its knack for agitating many security practitioners. When I look at the ways in which malware bypasses detection nowadays (see below), the evasion techniques often fall under the fileless umbrella, though the term expanded beyond its original meaning.

Malware

Malware Antivirus Software Cybersecurity

Security Affairs newsletter Round 227

Security Affairs

AUGUST 18, 2019

The best news of the week with Security Affairs. Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Boffins hacked Siemens Simatic S7, most secure controllers in the industry. Once again thank you!

Banking

Banking Password Management Advertising Antivirus

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Security Boulevard

MARCH 24, 2022

On March 15th, research firm ESET reported a new data-wiping malware targeting Ukraine named CaddyWiper. [ 1 ] The malware “destroys user data and partitions information from attached drives”. The German Federal Office for Information Security (BSI) issued a warning about the use of Kaspersky products. [

Ransomware

Ransomware Malware Government Antivirus

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

Security Affairs

MAY 23, 2019

Using this strategy, the malware writer moves the identifiable payload in a section which is more difficult to detect both for automatic and manual analysis, obtaining a lower detection rate during static analysis. SecurityAffairs – malware, avoid detection). Spoofed Signature. Even Symantec AV didn’t detect the sample as malicious!

Antivirus

Antivirus Malware Advertising Cyber Attacks

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines.

Malware

Malware Antivirus Technology Phishing

After latest Microsoft Windows updates some PCs running Sophos AV not boot

Security Affairs

MAY 21, 2019

Sophos confirmed that the latest set of Windows updates are causing problems with the boot of computers running the popular Antivirus software. Microsoft pointed out that this vulnerability could be exploited by malware with wormable capabilities.

Advertising

Advertising Antivirus Cyber Attacks Malware

Symbiote, a nearly-impossible-to-detect Linux malware?

NetDooka framework distributed via a pay-per-install (PPI) malware service

Trending Sources

Fleckpe Android malware totaled +620K downloads via Google Play Store

BRATA Android Malware evolves and targets the UK, Spain, and Italy

China-linked Moshen Dragon abuses security software to sideload malware

15 Best Cybersecurity Blogs To Read

Ezuri memory loader used in Linux and Windows malware

Woody RAT: A new feature-rich malware spotted in the wild

An expert shows how to stop popular ransomware samples via DLL hijacking

Lampion malware v2 February 2020

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Malicious apps continue to spread through the Google Play Store

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Microsoft has taken legal and technical action to dismantle the Zloader botnet

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

DEV-0569 group uses Google Ads to distribute Royal Ransomware

BlackCat Ransomware gang breached over 60 orgs worldwide

Woody RAT: A new feature-rich malware spotted in the wild

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs newsletter Round 364 by Pierluigi Paganini

Crooks made more than $560K with a simple clipboard hijacker

Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Microsoft: North Korea-linked Zinc APT targets security experts

City of Dallas shut down IT services after ransomware attack

New CACTUS ransomware appeared in the threat landscape

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Experts spotted Syslogk, a Linux rootkit under development

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Brazilian trojan banker is targeting Portuguese users using browser overlay

From Targeted Attack to Untargeted Attack

New variant of Linux Botnet WatchBog adds BlueKeep scanner

French Police remotely disinfected 850,000 PCs from RETADUP bot

A new trojan Lampion targets Portugal

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

The Language and Nature of Fileless Attacks Over Time

Security Affairs newsletter Round 227

The Analyst Prompt #05: Russo-Ukrainian Cyberattacks, and Updates on Lapsus$ and Conti Ransomware Operations

Playing Cat and Mouse: Three Techniques Abused to Avoid Detection

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

After latest Microsoft Windows updates some PCs running Sophos AV not boot

Stay Connected