Download, Information Security and Malware

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware.

Malware

Malware Software Cryptocurrency Passwords

Ukrainian hackers are behind the Free Download Manager supply chain attack

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. org subdomain. reported Kasperksy. It’s estimated that much less than 0.1%

Malware

Malware Backups Software Passwords

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. “Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware.”

Malware

Malware Banking Accountability Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Information Security News headlines trending on Google

CyberSecurity Insiders

MAY 4, 2023

Therefore, computer admins are being warned to be aware of phishing emails, malicious downloads, and be wary of other social engineering attacks. Primary analysis made by the technology giant stated that the malware was being distributed via browser extensions and fake ads running on compromised business accounts.

Information Security

Information Security Healthcare Social Engineering Ransomware

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware

Malware Mobile Antivirus Hacking

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. ” concludes the report.

Malware

Malware Cryptocurrency Encryption Hacking

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The campaign shows how attackers exploit trusted internet services to carry out cyberattacks that steal personal information. This tactic allows them to avoid detection.

Malware

Malware Banking Software Advertising

4 Malicious apps on Play Store totaled +1M downloads

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware

Adware Phishing Mobile Malware

WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware

Security Affairs

SEPTEMBER 29, 2019

Researchers at Proofpoint have spotted a piece of downloader , dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. . In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries.

Malware

Malware Advertising Phishing Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising

Advertising Cybercrime Malware Cryptocurrency

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. The security firm reported its findings to Google, which notified the development teams.

Data collection

Data collection Mobile Malware Education

WordPress Download Manager Plugin was affected by two flaws

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking

Hacking Data breaches Cybercrime Information Security

Xamalicious Android malware distributed through the Play Store

Security Affairs

DECEMBER 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with.NET and C#. Google promptly removed the malware-laced apps from Google Play.

Malware

Malware Encryption Social Engineering Marketing

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. to the disk of the replica. ” reads the analysis published by AquaSec. .”

Malware

Malware DDOS Architecture Cryptocurrency

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware

Malware Architecture Technology DDOS

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Malware

Malware Cryptocurrency Accountability Software

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security Affairs

JANUARY 4, 2021

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. ” reported Ax Sharma on Bleeping Computer.

Antivirus

Antivirus Malware Accountability Hacking

Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users

Security Affairs

OCTOBER 16, 2023

The app is highly popular, with over a million downloads on Google Play. The legitimate app is available on Google Play and has over a million downloads on On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team discovered a website hosting a malware-laced version of RedAlert – Rocket Alerts application.

Malware

Malware Spyware Mobile Hacking

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering

Engineering Malware Cryptocurrency Encryption

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. ” reads the report published CheckPoint.

Malware

Malware VPN Encryption Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. Then the DePriMon malware uses Schannel for the communication.

Malware

Malware Telecommunications Advertising Encryption

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device. Info sent to the C2 includes data from sensors (e.g.

Spyware

Spyware Advertising Malware Marketing

Vietnamese threat actors linked to DarkGate malware campaign

Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. zip” and the execution of the content.

Malware

Malware Cybercrime Hacking Information Security

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware

Malware DDOS Cryptocurrency Firewall

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

MARCH 17, 2024

The researchers noticed that all the repositories were newly created repos leading to the same download link. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. The repositories look similar, featuring a README.md

Malware

Malware Passwords Software Hacking

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software

Software Malware Cybercrime VPN

Experts spotted a new stealthy Linux malware dubbed Shikitega

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware

Malware IoT Cryptocurrency Engineering

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. Thus, user interaction is required to begin the malware installation.”

Malware

Malware Phishing Banking Hacking

New Vultur malware version includes enhanced remote control and evasion capabilities

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware

Malware Banking Engineering Encryption

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Download files. Upload files. Open a URL.

Malware

Malware Cryptocurrency Hacking Software

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises.

Malware

Malware Authentication Cryptocurrency Ransomware

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

Fortinet observed three rogue PyPI packages spreading malware

Security Affairs

JANUARY 17, 2023

The packages are designed to drop malware on compromised developer systems. The three packages were downloaded over 550 times in total. The researchers noticed that the download URL has not previously been labeled as malicious, while the downloaded executable was identified as malicious by some security vendors.

Malware

Malware Hacking Cybercrime Information Security

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware

Malware DNS Retail Education

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware

Malware Encryption Advertising Cryptocurrency

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Threat actors use PowerShell,NET assemblies, and HTA and VBS files to perform lateral movements across a targeted network and eventually drop other pieces of malware, such as the SystemBC trojan and DCRAT.

Malware

Malware Cryptocurrency Hacking Technology

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications

Telecommunications Malware Media Passwords

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware

Malware Cryptocurrency Ransomware Hacking

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. ” reads the analysis published by Cluster25.

Malware

Malware Government Hacking Information Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Security Affairs

SEPTEMBER 11, 2023

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The HijackLoader is being used to load different malware families such as Danabot , SystemBC and RedLine Stealer.

Cybercrime

Cybercrime Malware Hacking Information Security

Free Download Manager backdoored to serve Linux malware for more than 3 years

Ukrainian hackers are behind the Free Download Manager supply chain attack

Webinars

Trending Sources

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Webinars

Information Security News headlines trending on Google

Fleckpe Android malware totaled +620K downloads via Google Play Store

Crooks manipulate GitHub’s search results to distribute malware

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

4 Malicious apps on Play Store totaled +1M downloads

WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Cuttlefish malware targets enterprise-grade SOHO routers

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

New Android malicious library Goldoson found in 60 apps +100M downloads

WordPress Download Manager Plugin was affected by two flaws

Xamalicious Android malware distributed through the Play Store

New Go-based Redigo malware targets Redis servers

New NKAbuse malware abuses NKN decentralized P2P network protocol

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Magnet Goblin group used a new Linux variant of NerbianRAT malware

DePriMon downloader uses a never seen installation technique

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Vietnamese threat actors linked to DarkGate malware campaign

New shc Linux Malware used to deploy CoinMiner

“gitgub” malware campaign targets Github users with RisePro info-stealer

Amadey malware spreads via software cracks laced with SmokeLoader

Experts spotted a new stealthy Linux malware dubbed Shikitega

WikiLoader malware-as-a-service targets Italian organizations

New Vultur malware version includes enhanced remote control and evasion capabilities

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

New Lobshot hVNC malware spreads via Google ads

Fortinet observed three rogue PyPI packages spreading malware

New Agent Raccoon malware targets the Middle East, Africa and the US

Statc Stealer, a new sophisticated info-stealing malware

Russia-linked APT28 used new malware in a recent phishing campaign

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

StripedFly, a complex malware that infected one million devices without being noticed

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Stay Connected