SecureList

DECEMBER 18, 2020

At the moment, we identified approximately ~100 customers who downloaded the trojanized package containing the Sunburst backdoor. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes.

DNS 75

DNS Telecommunications Malware Encryption 75

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS 116

DNS VPN Encryption Passwords 116

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 107

Malware DNS Cryptocurrency Internet 107

SecureList

JANUARY 22, 2024

We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. A downloader A completed “patching” kicked off the main payload, with the sample reaching out to its C2 for an encrypted script. The ciphertext was AES -encrypted in CBC mode.

Software 108

Software DNS Computers and Electronics Malware 108

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware 95

Malware DNS Government Software 95

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. This malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’ systems.

Malware 112

Malware DNS Encryption Cryptocurrency 112

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 104

Malware Adware Spyware Antivirus 104

Fox IT

JUNE 29, 2022

Flubot is an Android based malware that has been distributed in the past 1.5 An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. Introduction.

Banking 97

Banking Malware DNS Encryption 97

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. The attack chain starts with a downloader module on a victim’s server in the form of a standalone executable format and a DLL. The DLL downloader is run by the Exchange IIS worker process w3wp.exe.

Ransomware 118

Ransomware Backups Encryption DNS 118

SecureList

JUNE 5, 2023

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom.

Cryptocurrency 82

Cryptocurrency DNS Malware Encryption 82

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. These lure documents, which are harmless PDF files, are sent to the target, but when they open them the content appears to be encrypted. It is mainly in use by security researchers to classify malware.

Social Engineering 94

Social Engineering Government Media DNS 94

SecureList

MARCH 10, 2021

Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. In the latest campaign, we have seen several apps impersonated by the malware: the ad blockers AdShield and Netshield, as well as the OpenDNS service. Updater.exe code snippet containing the encrypted address. Patched.netyyk.

DNS 143

DNS Antivirus Malware Encryption 143

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications. We discovered that the domain in question has a deb.fdmpkg[.]org

Malware 97

Malware Ransomware Encryption Energy and Utilities 97

Cisco Security

NOVEMBER 3, 2022

Cisco provided automated malware analysis, threat intelligence, DNS visibility and Intrusion Detection; brought together with SecureX. The findings report addresses several security topics, including: Encrypted vs. Unencrypted network traffic. Malware Analysis, through the NetWitness® integration. Voice over IP.

Wireless 68

Wireless DNS Education Encryption 68

Security Affairs

JULY 14, 2021

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts.

Adware 119

Adware Encryption Malware Passwords 119

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. Malware execution instructions.

Malware 113

Malware Cryptocurrency Passwords Software 113

SecureWorld News

MARCH 29, 2024

Malvertising acts as a vessel for malware propagation. To set such a stratagem in motion, cybercriminals poison legitimate websites with ads that lead to shady URLs or download malicious code camouflaged as something harmless. This interference is a major catalyst for double extortion that involves both a breach and data encryption.

Cybercrime 82

Cybercrime Advertising Engineering Antivirus 82

eSecurity Planet

SEPTEMBER 17, 2021

Cobalt Strike Beacon Linux enables emulation of advanced attacks to a network over HTTP, HTTPS, or DNS. Beacon’s shell commands are handy for performing various injections , remote command executions, and unauthorized uploads and downloads. The malware has been renamed Vermilion. VirusTotal Failed to Detect the Malware.

DNS 117

DNS Malware Software Security Awareness 117

Webroot

SEPTEMBER 7, 2023

Depending on the size of the business, one-third to two-thirds of businesses suffer malware attacks in any given year. Tools like Webroot’s Advanced Email Threat Protection analyze the links and attachments in messages to detect malware and keep your systems secure against threats. In 2022, American businesses lost $10.3

Encryption 88

Encryption Cyber Insurance Cybercrime Phishing 88

SecureList

SEPTEMBER 29, 2021

The first malicious update was pushed to SolarWinds users in March 2020, and it contained a malware named Sunburst. One month later, we discovered interesting similarities between Sunburst and Kazuar , another malware family linked to Turla by Palo Alto. DNS hijacking. December 28, 2020 to January 13, 2021. mail.invest.

DNS 103

DNS Malware Engineering Encryption 103

eSecurity Planet

AUGUST 8, 2022

A public key is stored with the Domain Name System (DNS) for download by any email server receiving emails with the encrypted digital signature. SPF email authentication counters spoofing by publishing to DNS records a list of email-sending Internet Protocol (IP) addresses authorized by the sending domain. What is SPF?

DNS 114

DNS Phishing Authentication Marketing 114

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking 357

Hacking Cybercrime DNS Antivirus 357

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 90

Data breaches Malware Mobile Spyware 90

Security Affairs

DECEMBER 5, 2020

The backdoor uses multiple tricks to evade detection and leverages DNS over HTTPS (DoH) to communicate with its C2 server, using Cloudflare responders. Once executed the command, the malware the malicious code sends back command execution results. “On In some attacks, threat actors used a Windows shortcut file to deliver the implant.

DNS 78

DNS Phishing Antivirus Encryption 78

Security Boulevard

JANUARY 17, 2024

Figure 1 — Cloudflare RBI Diagram The primary focus of RBI is to prevent user interactions with web-based malware such as cross-site scripting (XSS), drive-by downloads, and various forms of malicious JavaScript. Other RBI solutions are set to a fail-closed state that blocks the download of a file if it cannot scan it.

DNS 64

DNS Penetration Testing Passwords Encryption 64

SecureList

MAY 23, 2023

The other known infection vector was a malicious document that uses the remote template injection technique to download a malicious HTML page, which exploits the Follina vulnerability. The malware’s execution flow is determined by the arguments provided in the command line with which it is run. This tool was used in 2020.

Malware 120

Malware Encryption Government Technology 120

Fox IT

JUNE 2, 2020

Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar [ 1 ]’) appears to be a new malware being developed by the group behind Trickbot. Even though the development of the malware appears to be recent, the developers have already developed two components with rich functionality. Introduction.

Malware 48

Malware DNS Architecture Backups 48

SecureList

AUGUST 30, 2023

The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers. If the target opened the document and enabled the macros, a malicious script would extract the embedded downloader and load it with specific parameters.

Malware 76

Malware Spyware Cryptocurrency Government 76

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

DNS 76

DNS Advertising Spyware Software 76

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Statista portal predicts their number will exceed 29 billion by 2030. Tested, tried.

IoT 91

IoT DDOS Passwords Malware 91

SecureList

FEBRUARY 7, 2022

Roaming Mantis is a malicious campaign that targets Android devices and spreads mobile malware via smishing. We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones. and Trojan-Dropper.AndroidOS.Wroba.o ( download ).

Phishing 85

Phishing DNS Mobile Malware 85

SecureList

JULY 28, 2021

The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. This malware is of interest for its use of infected devices as honeypots. It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers.

DDOS 134

DDOS DNS IoT Marketing 134

SecureList

JUNE 2, 2022

In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer. In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. WinDealer is a modular malware platform.

Malware 118

Malware Encryption Social Engineering Telecommunications 118

SecureList

SEPTEMBER 2, 2021

However, there is another infection vector that involves a malicious QakBot payload being transferred to the victim’s machine via other malware on the compromised machine. The loaded payload (stager) includes another binary containing encrypted resource modules. The data is encrypted with the RC4 algorithm.

Passwords 133

Passwords Encryption Banking Malware 133

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. “The attackers encrypt both the main bot component and its corresponding Lua script using the ChaCha stream cipher.” ” continues the analysis.

IoT 78

IoT DDOS Architecture Malware 78

Security Affairs

OCTOBER 22, 2021

The FiveSys rootkit uses the same technique to remain under the radar, it is very similar to the Undead malware and likely originate from China where is used to target domestic games. Up.sys downloads an executable and starts it using an embedded dll which it injects from kernel mode. PAC fle, hence the name probably).

Malware 102

Malware DNS Internet Internet 102

Security Affairs

MARCH 6, 2019

SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims.

Ransomware 79

Ransomware Encryption Malware Cyber Attacks 79