Security Affairs

FEBRUARY 7, 2020

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption. ” reads the report published by Sophos.

Software 122

Software Ransomware Antivirus Encryption 122

Security Affairs

NOVEMBER 5, 2020

In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. Two of these delivered a payload carrying a simple shell, while the other two carried a more complex set of malware. ” reads the analysis published by Sophos.

Encryption 108

Encryption Malware Advertising Antivirus 108

Security Affairs

SEPTEMBER 23, 2020

The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. “In particular, we found a malicious file uploaded to VirusTotal, which ultimately drops a Zebrocy malware and communicates with a C2 in France.” screenshots) to hxxp://194.32.78[.]245/protect/get-upd-id[.]PHP”

Antivirus 108

Antivirus Government Malware Advertising 108

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. At a first sight, the office document had an encrypted content available on OleObj.1 And why the attacker used an encrypted payload if the victim cannot open it? 1 and OleObj.2.

Malware 87

Malware Computers and Electronics Encryption Penetration Testing 87

Security Affairs

JULY 11, 2019

Malware researchers at two security firms Intezer and Anomali have discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files.

Ransomware 89

Ransomware Encryption Malware Advertising 89

Security Affairs

AUGUST 3, 2020

He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign. The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection.

Ransomware 117

Ransomware Advertising Malware Hacking 117

Security Affairs

MARCH 19, 2019

The ransomware encrypts data on the victim’s machine and appends the.Jnec extension to the encrypted data asking a ransom 0.05 The attackers renamed the malware dropped in the Startup folder as ‘GoogleUpdate.exe’ in the attempt to deceive the victims. bitcoins (about $200). Pierluigi Paganini.

Ransomware 71

Ransomware Antivirus Encryption Advertising 71

CyberSecurity Insiders

MAY 31, 2023

The malware combines several open-source projects to improve its capabilities. It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal. in March 2023, which is the most current version.

Malware 117

Malware Antivirus Encryption Advertising 117

Security Affairs

NOVEMBER 18, 2019

NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. T he name comes from the extensions the ransomware appends to the filenames of encrypted files. The malicious code targets Nextcloud instances and it is currently undetected by antivirus engines. ” said xact64.

Ransomware 75

Ransomware Encryption Malware Advertising 75

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “On one of the compromised information systems, experts found encrypted files with the extension “ newversion.”

Government 105

Government Ransomware Encryption Penetration Testing 105

Security Affairs

SEPTEMBER 28, 2020

“When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity. ” Some reports circulating online reveal that the ransomware added the “ ryk” extension to the filenames of encrypted documents, a circumstance that confirms a Ryuk ransomware infection.

Ransomware 115

Ransomware Healthcare Advertising Antivirus 115

Security Affairs

FEBRUARY 17, 2019

Adiantum will bring encryption on Android devices without cryptographic acceleration. New Linux coin miner kills competing malware to maximize profits. Experts found a way to create a super-malware implanted in SGX-enclaves. Experts spotted a new strain of Shlayer macOS Malware. 20% discount. Kindle Edition. Paper Copy.

Advertising 69

Advertising Antivirus Malware Backups 69

Security Affairs

AUGUST 20, 2018

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. During the analysis time, only really few Antivirus (6 out of 60) were able to “detect” the sample. AntiVirus Coverage. Resource (a.k.a package in where it will be contextualized).

Engineering 63

Engineering Malware Computers and Electronics Penetration Testing 63

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware 70

Ransomware Antivirus Malware Banking 70

Security Affairs

MARCH 10, 2020

In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 115

Ransomware Cybercrime Social Engineering Banking 115

Security Affairs

OCTOBER 30, 2019

Researchers at Emsisoft firm has released a new free tool to decrypt files encrypted by the Paradise ransomware. Security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. This ransomware family encrypts files using Salsa20 and RSA-1024 and it appends several extensions to theis filenames.

Ransomware 42

Ransomware Encryption Advertising Antivirus 42

Security Affairs

APRIL 27, 2020

Shade was considered one of the most dangerous threats in the cyber crime scenario, it has been active at least since 2014 when a massive infection was observed in Russian. Unlike other ransomware strains that don’t encrypt victims in Russia and other CIS countries, Shade also targets computers in Russia and Ukraine.

Ransomware 119

Ransomware Advertising Antivirus Education 119

Security Affairs

DECEMBER 9, 2019

Experts from Antivirus maker Emsisoft discovered a bug in the decrypter app of the infamous Ryuk ransomware. megabytes) it will only encrypt certain parts of it in order to save time and allow it to work its way through the data as quickly as possible before anyone notices.” ” reads the post published by Emsisoft.

Ransomware 59

Ransomware Encryption Backups Advertising 59

Security Affairs

SEPTEMBER 15, 2019

At every turn in the infection chain, the malware uses legitimate services to evade detection. The malware abused living -off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Console ( WMIC ) to download and install malicious payloads in the background. continues the researchers.

Phishing 82

Phishing Malware Encryption Network Security 82

SecureList

JUNE 2, 2022

In their initial disclosures on this threat actor, TeamT5 identified three malware families: SpyDealer, Demsty and WinDealer. In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. WinDealer is a modular malware platform.

Malware 112

Malware Encryption Social Engineering Telecommunications 112

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware 113

Malware Antivirus Hacking Accountability 113

Security Affairs

JULY 25, 2019

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency 69

Cryptocurrency Internet Internet Malware 69

Security Affairs

MARCH 26, 2019

Malware researchers at Cybaze-Yoroi ZLab team uncovered a new Ursnif malware campaign that reached several organizations across Italy. The Ursnif trojan confirms itself as one of the most active malware threats in cyberspace, even during the past days, when new attack attempts reached several organizations across Italy.

Malware 85

Malware Antivirus Advertising Encryption 85

Security Affairs

FEBRUARY 7, 2019

It is also known as GOZI, in fact, it is a fork of the original Gozi-ISFB banking Trojan that got its source code leaked in 2014 updating and evolving Gozi features over the years. Extracting the macro code, shows the malware, in the first instance, checks the victim country using the Application.International MS Office property.

Banking 89

Banking Malware Advertising Encryption 89

Security Affairs

MAY 7, 2020

The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details of the victims. When malware initiates, it requests Google Drive documents for details on the C2’s IP address.

Banking 110

Banking Malware Phishing Social Engineering 110

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. Browsing History Stealer Payload — This payload collects Chrome’s browsing history and sends it to the C&C in an encrypted form.

Spyware 70

Spyware Adware Malware Accountability 70

Security Affairs

JANUARY 29, 2019

Here the malware implements recon functionalities, retrieves machine information and grabs screenshot every minute. Then, all the information is encoded in Base64 and sent to the C2 through the “ connect ” function, using a SSL encrypted HTTP channel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware 80

Malware Advertising InfoSec Antivirus 80

Security Affairs

OCTOBER 12, 2019

The new loader is able to drop the malware directly in memory, it was dubbed BOOSTWRITE and allows threat actors to load several malicious codes, including the Carbanak backdoor. In March, the group carried out attacks delivering a previously unseen malware tracked as SQLRat that drops files and executes SQL scripts on the host.

Identity Theft 75

Identity Theft Hacking Advertising DNS 75

Security Affairs

AUGUST 23, 2018

The campaign appears as targeted and well-planned, crooks targeted several enterprises and encrypted hundreds of PC, storage and data centers in each infected company. The malicious code used in the attack was tracked as Ryuk ransomware, it appears connected to Hermes malware that was associated with the notorious Lazarus APT group.

Ransomware 41

Ransomware Encryption Backups Advertising 41

Security Affairs

MAY 23, 2019

Using this strategy, the malware writer moves the identifiable payload in a section which is more difficult to detect both for automatic and manual analysis, obtaining a lower detection rate during static analysis. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Spoofed Signature. Conclusion.

Antivirus 82

Antivirus Malware Advertising Cyber Attacks 82

Security Affairs

APRIL 10, 2019

SI-LAB detected hundreds of users that were impacted by this malware between March 18th and 26th of 2019. The last days of March 2019 are making headlines due to a targeted cyber attack involving a new variant of infamous EMOTET malware. With that, criminals achieved an important rule of thumb in the malware landscape: no detection.

Banking 59

Banking Malware Antivirus Cyber threats 59

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Figure 9: The persistence mechanisms of the malware. Technical Analysis. C2 retrieval.

Malware 70

Malware Advertising DNS Antivirus 70

Security Affairs

AUGUST 20, 2019

The intention behind hacking your identity might be to attack your connection with malware or to trace your location for some malicious activities in the future. VPN also provides an encrypted tunnel for all your online activities and closes all doors for spies and cybercriminals. Ways of Protecting IP Address from Hackers.

Hacking 90

Hacking VPN Internet Internet 90

Security Affairs

MAY 16, 2019

In fact, many independent researchers pointed to a particular email attack wave probably related to the known TA505 hacking group , active since 2014 and focusing on Retail and Banking companies. The piece of malware under analysis were downloaded from “bullettruth[.com/out[.exe”, Figure 3: Malware Signature by SLON LTD.

Banking 72

Banking Malware Surveillance Retail 72

Security Affairs

MARCH 2, 2019

SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise user’s devices. This technology is stored in the Workbook OLE stream in Excel 97-2003 format which makes it very difficult to detect and parse by antivirus (AV) engines.

Malware 84

Malware Antivirus Technology Phishing 84

Security Affairs

MAY 29, 2019

Once the macro is executed, the malware downloads two files from “kentona[.su”, su”, using an SSL encrypted communication, and stores them in “C:UsersPublic” path: “ rtegre.exe ” and “ wprgxyeqd79.exe Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Example of junk instructions used in macro.

Retail 67

Retail Banking Advertising Encryption 67

Security Affairs

FEBRUARY 12, 2019

Most of the infection attempts started with a particular email attachment: a compressed archive containing stealthy JavaScript code, most of the times able to avoid antivirus detection during the initial stages of the attack campaigns. Figure 3: Encrypted communication with driverconnectsearch[.]info Stage 1 – The Attached Javascript.

Malware 83

Malware Advertising InfoSec Passwords 83