Security Affairs

MAY 31, 2019

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. .

Malware 111

Malware Advertising DDOS Architecture 111

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. ” reported ZDnet.

IoT 111

IoT Malware Advertising Firmware 111

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 107

Malware Encryption Advertising Passwords 107

Security Affairs

SEPTEMBER 24, 2020

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Alien first appeared in the threat landscape early this year, its model of sale is Malware-as-a-Service (MaaS) and is advertised on several underground hacking forums.

Banking 110

Banking Malware Advertising Architecture 110

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware 99

Malware DDOS Advertising DNS 99

Security Affairs

OCTOBER 7, 2020

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language. Upon gaining access to the device, the bot downloads one of seven binaries that install the HEH malware. ” concludes the post.

Architecture 136

Architecture IoT Malware Advertising 136

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). ” Godlua is the first malware that abuses the DNS over HTTPS (DoH) protocol to protect its command and control infrastructure. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS 107

DNS Malware Advertising DDOS 107

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware 120

Malware Government Encryption Architecture 120

Security Affairs

AUGUST 17, 2020

The malware has evolved over the years, it is able to log keystrokes, steal files, capture screenshots, collect information about the infected system, steal credentials from major browsers (i.e. The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks.

Phishing 139

Phishing Malware Advertising Architecture 139

Security Affairs

APRIL 10, 2019

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices. Pierluigi Paganini.

Architecture 111

Architecture DDOS IoT Internet 111

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware 140

Malware Phishing Advertising Antivirus 140

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS 145

DDOS Architecture Malware Cybercrime 145

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace.

Malware 135

Malware Telecommunications Advertising Encryption 135

Security Affairs

SEPTEMBER 20, 2020

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. The malware spreads by attempting to guess Telnet passwords of target devices and leveraging known exploits. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT 145

IoT DDOS Architecture Passwords 145

Security Affairs

FEBRUARY 9, 2020

. “The modus operandi of the group behind this specific attack comes over with a criminal group that already has one has a long history, and goes back to at least 2014,” reads the Fox-IT full report to UM (in Dutch). TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Pierluigi Paganini.

Ransomware 143

Ransomware Cyber Attacks Backups Architecture 143

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. states Microsoft.

Cybercrime 139

Cybercrime Security Intelligence Authentication Banking 139

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. Pierluigi Paganini. SecurityAffairs – hacking, UEFI).

Firmware 145

Firmware Spyware Surveillance Hacking 145

Security Affairs

AUGUST 26, 2020

Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins. Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins.

Architecture 116

Architecture Malware Advertising Software 116

Security Affairs

JANUARY 24, 2020

A US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. Both downloaders were used to deliver the second-stage SYSCON malware.

Malware 143

Malware Government Advertising Phishing 143

Security Affairs

MAY 15, 2020

Since December 2014, the threat actors are using a malware dubbed USBferry in attacks against military/navy agencies, government institutions, military hospitals, and also a national bank. The malware was first mentioned in a PwC report that attributes it to Tropic Trooper APT, but that did not include a detailed analysis.

Government 126

Government Malware Advertising Architecture 126

Security Affairs

OCTOBER 28, 2020

Office furniture company Steelcase was hit by Ryuk ransomware attack that forced it to shut down its network to avoid the malware from spreading. Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries.

Ransomware 131

Ransomware Computers and Electronics Manufacturing Advertising 131

Security Affairs

AUGUST 1, 2019

The malware’s command center is hidden to make takedowns a more complicated process. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture 108

Architecture IoT Malware Advertising 108

Security Affairs

JUNE 22, 2020

If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware 134

Firmware Architecture Advertising Manufacturing 134

Security Affairs

MAY 7, 2019

Attackers use the LightNeuron malware to access and modify any email passing through the compromised mail server. Malware researchers believe Turla is using the malware at least since 2014 to target Microsoft Exchange servers. “ LightNeuron is a very powerful piece of malware. ” continues the analysis.

Malware 103

Malware Advertising Architecture Government 103

Security Affairs

SEPTEMBER 13, 2019

The WatchBog bot is a Linux-based malware that is active since last year, it targets systems to mine for the Monero virtual currency. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems.” ” states the analysis published by Cisco Talos.

Architecture 106

Architecture Cryptocurrency Malware Advertising 106

Security Affairs

FEBRUARY 21, 2020

However, as previously mentioned, it is curious to notice that the malware installs two different variants of the executable, with the only difference in timestamp: Figure 7: Comparison between the two files. The icon of the executable let us understand that the malware has been forged through the usage of the tool Pyinstaller.

Malware 144

Malware Architecture Advertising Encryption 144

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The attackers were using brute-force attacks (using the root:admin credential) on SSH servers to distribute the malware. ” continues the analysis.

IoT 107

IoT DDOS Malware Architecture 107

Security Affairs

APRIL 8, 2020

“For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.” The experts discovered at customized payloads for at least 12 different CPU architectures. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT 117

IoT DDOS Architecture Advertising 117

Security Affairs

OCTOBER 18, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the not Petya wiper to the Industroyer ICS malware. The APT group leverage the GreyEnergy malware, a malicious code that implements a modular architecture to extend its capabilities by adding the appropriate modules. ” states ESET.

Malware 111

Malware Architecture Advertising Phishing 111

Security Affairs

OCTOBER 2, 2020

The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading. The malware supports multiple features, including the monitoring of removable drives, taking screenshots, exfiltrating documents, and collecting nearby Wi-Fi access point identifiers. “We

Malware 144

Malware Government Advertising Phishing 144

We Live Security

SEPTEMBER 22, 2014

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.

Architecture 52

Architecture Malware 52

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. ” concludes ESET. Pierluigi Paganini.

Malware 136

Malware Hacking Advertising Architecture 136

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware 98

Malware DNS Media Architecture 98

Security Affairs

JANUARY 24, 2019

Security experts from Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) linked the GreyEnergy malware with and the Zebrocy backdoor. Security researchers from Kaspersky Lab’s ICS CERT have discovered a link between GreyEnergy malware with and the Zebrocy tool. Pierluigi Paganini.

Malware 104

Malware Advertising Architecture Phishing 104

Security Affairs

SEPTEMBER 2, 2019

The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. ” The expert explained that the XMR cryptominer was optimized for Intel x86 (both 32bit or 64bit architecture) and Intel 686 processors. .” “This one seems to target enterprise systems.”

IoT 111

IoT Cryptocurrency Malware System Administration 111

Security Affairs

NOVEMBER 21, 2018

The new versions don’t implement worm-like spreading abilities, instead, threat actors leverage exploits to spread the malware. “Mirai botmasters that target Linux servers no longer need to tailor their malware for strange architectures , they assume their targets are using x86.” ” concluded the experts.

IoT 110

IoT Advertising Malware Architecture 110

Security Affairs

FEBRUARY 18, 2020

According to the alerts, the infection did not impact any programmable logic controllers (PLCs) on the affected networks because the malware was designed to infect only Windows devices and the organization did not lose control of operations at any point during the attack. ” continues the report. Pierluigi Paganini.

Ransomware 139

Ransomware Advertising Encryption Architecture 139