2014, Architecture and Malware - Cyber Security Informer

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. Upon installing the threat, the bot drops a file in /tmp/.pwned

Malware

Malware DDOS IoT Cybercrime

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Newly Discovered Malware Evades Detection by Hijacking Communications

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware

Malware Government Encryption Architecture

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

com to deliver malware. Prevent zero-day attacks with a holistic, end to end cyber architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Threat actors registered malicious domains like googloclassroom[.]com

Malware

Malware Advertising Retail Architecture

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Feedify cloud service architecture compromised by MageCart crime gang

Security Affairs

SEPTEMBER 16, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Feedify cloud service architecture compromised by MageCart crime gang appeared first on Security Affairs. Pierluigi Paganini.

Architecture

Architecture Advertising Cybercrime Malware

Alien Android banking Trojan, the powerful successor of the Cerberus malware

Security Affairs

SEPTEMBER 24, 2020

Security researchers spotted a new strain of Android malware, dubbed Alien, that implements multiple features allowing it to steal credentials from 226 apps. Alien first appeared in the threat landscape early this year, its model of sale is Malware-as-a-Service (MaaS) and is advertised on several underground hacking forums.

Banking

Banking Malware Advertising Architecture

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Cashdollar explained that the Silex malware trashes the storage of the infected devices, drops firewall rules and wipe network configurations before halting the system. ” reported ZDnet.

IoT

IoT Malware Advertising Firmware

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Security Affairs

MAY 31, 2019

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. .

Malware

Malware Advertising DDOS Architecture

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS DNS Advertising

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language. Upon gaining access to the device, the bot downloads one of seven binaries that install the HEH malware. ” concludes the post.

Architecture

Architecture IoT Malware Advertising

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). ” Godlua is the first malware that abuses the DNS over HTTPS (DoH) protocol to protect its command and control infrastructure. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Malware Advertising DDOS

Dark Frost Botnet targets the gaming sector with powerful DDoS

Security Affairs

MAY 26, 2023

The experts highlight that the vulnerability exploited in the attacks has been in existence since 2014. According to a screenshot taken by the malware author, the botnet was composed of at least 414 machines as of February 2023. Most of the infected machines are based on ARMv4 architectures, specifically MIPSEL and x86.

DDOS

DDOS Architecture Malware Hacking

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” Key takeaways: BotenaGo malware source code is now available to any malicious hacker or malware developer.

Malware

Malware IoT Authentication Antivirus

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The malware has evolved over the years, it is able to log keystrokes, steal files, capture screenshots, collect information about the infected system, steal credentials from major browsers (i.e. The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks.

Phishing

Phishing Malware Advertising Architecture

Hackers for hire group target organizations via 3ds Max exploit

Security Affairs

AUGUST 26, 2020

Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins. Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins.

Architecture

Architecture Malware Advertising Software

Experts spotted a new Mirai variant that targets new processors

Security Affairs

APRIL 10, 2019

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices. Pierluigi Paganini.

Architecture

Architecture DDOS IoT Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. The malware spreads by attempting to guess Telnet passwords of target devices and leveraging known exploits. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Passwords

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

AT&T Alien Labs™ has found new malware written in the open source programming language Golang. The malware creates a backdoor and waits to either receive a target to attack from a remote operator through port 19412 or from another related module running on the same machine. VirusTotal scanning results of BotenaGo malware.

Malware

Malware IoT Firmware Authentication

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware

Malware Phishing Advertising Antivirus

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. Pierluigi Paganini. SecurityAffairs – hacking, UEFI).

Firmware

Firmware Spyware Surveillance Hacking

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace.

Malware

Malware Telecommunications Advertising Encryption

Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP technique

Security Affairs

SEPTEMBER 19, 2018

We downloaded the sample directly from the compromised server, we found four samples of the Gafgyt variant that were already compiled for the specific architecture, X86-64, X86-32, MIPS, ARM. The report includes a detailed analysis of the malware. You can download the full ZLAB Malware Analysis Report at the following URL: [link].

Advertising

Advertising Malware Architecture Internet

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

Since December 2014, the threat actors are using a malware dubbed USBferry in attacks against military/navy agencies, government institutions, military hospitals, and also a national bank. The malware was first mentioned in a PwC report that attributes it to Tropic Trooper APT, but that did not include a detailed analysis.

Government

Government Malware Advertising Architecture

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.” The skip-2.0

Malware

Malware Passwords Advertising DNS

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

Office furniture company Steelcase was hit by Ryuk ransomware attack that forced it to shut down its network to avoid the malware from spreading. Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries.

Ransomware

Ransomware Computers and Electronics Manufacturing Advertising

New Mirai botnet hides C2 server in the Tor network to prevent takedowns

Security Affairs

AUGUST 1, 2019

The malware’s command center is hidden to make takedowns a more complicated process. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture IoT Malware Advertising

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

The WatchBog bot is a Linux-based malware that is active since last year, it targets systems to mine for the Monero virtual currency. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems.” ” states the analysis published by Cisco Talos.

Architecture

Architecture Cryptocurrency Malware Advertising

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading. The malware supports multiple features, including the monitoring of removable drives, taking screenshots, exfiltrating documents, and collecting nearby Wi-Fi access point identifiers. “We

Malware

Malware Government Advertising Phishing

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

. “The modus operandi of the group behind this specific attack comes over with a criminal group that already has one has a long history, and goes back to at least 2014,” reads the Fox-IT full report to UM (in Dutch). TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Pierluigi Paganini.

Ransomware

Ransomware Cyber Attacks Architecture Backups

Dark Nexus, a new IoT botnet that targets a broad range of devices

Security Affairs

APRIL 8, 2020

“For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.” The experts discovered at customized payloads for at least 12 different CPU architectures. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Advertising

LightNeuron, a Turla’s backdoor used to compromise exchange mail servers

Security Affairs

MAY 7, 2019

Attackers use the LightNeuron malware to access and modify any email passing through the compromised mail server. Malware researchers believe Turla is using the malware at least since 2014 to target Microsoft Exchange servers. “ LightNeuron is a very powerful piece of malware. ” continues the analysis.

Malware

Malware Advertising Architecture Government

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Architecture Advertising Manufacturing

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The attackers were using brute-force attacks (using the root:admin credential) on SSH servers to distribute the malware. ” continues the analysis.

IoT

IoT DDOS Architecture Malware

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

OCTOBER 18, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the not Petya wiper to the Industroyer ICS malware. The APT group leverage the GreyEnergy malware, a malicious code that implements a modular architecture to extend its capabilities by adding the appropriate modules. ” states ESET.

Malware

Malware Architecture Advertising Phishing

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. ” The expert explained that the XMR cryptominer was optimized for Intel x86 (both 32bit or 64bit architecture) and Intel 686 processors. .” “This one seems to target enterprise systems.”

IoT

IoT Cryptocurrency Malware System Administration

NK CARROTBALL dropper used in attacks on U.S. Govn Agency

Security Affairs

JANUARY 24, 2020

A US Government agency was hit with a phishing attack attempting to deliver a new malware dropper dubbed CARROTBALL. Security experts at Palo Alto Networks have uncovered a new malware dropper called CARROTBALL that was used in targeted attacks against a U.S. Both downloaders were used to deliver the second-stage SYSCON malware.

Malware

Malware Government Advertising Phishing

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

JULY 11, 2019

Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. The implant analyzed by the experts contained binary files for ARMv7 and ARM64 CPU architectures. “FinSpy developers are constatly working on the updates for their malware.

Spyware

Spyware Mobile Advertising Architecture

Massive increase in XorDDoS Linux malware in last six months

EnemyBot malware adds new exploits to target CMS servers and Android devices

Webinars

Trending Sources

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Webinars

Newly Discovered Malware Evades Detection by Hijacking Communications

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Raccoon Malware, a success case in the cybercrime ecosystem

Feedify cloud service architecture compromised by MageCart crime gang

Alien Android banking Trojan, the powerful successor of the Cerberus malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Silex malware bricks thousands of IoT devices in a few hours

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Trend Micro observed notable malware activity associated with the Momentum Botnet

Enemybot, a new DDoS botnet appears in the threat landscape

New HEH botnet wipes devices potentially bricking them

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Dark Frost Botnet targets the gaming sector with powerful DDoS

BotenaGo strikes again – malware source code uploaded to GitHub

CISA warns of phishing attacks delivering KONNI RAT

Hackers for hire group target organizations via 3ds Max exploit

Experts spotted a new Mirai variant that targets new processors

Mozi Botnet is responsible for most of the IoT Traffic

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

QNodeService Trojan spreads via fake COVID-19 tax relief

Second-ever UEFI rootkit used in North Korea-themed attacks

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

DePriMon downloader uses a never seen installation technique

Dissecting the first Gafgyt bot implementing the “Non Un-Packable” NUP technique

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Steelcase office furniture giant hit by Ryuk ransomware attack

New Mirai botnet hides C2 server in the Tor network to prevent takedowns

WatchBog cryptomining botnet now uses Pastebin for C2

XDSpy APT remained undetected since at least 2011

Maastricht University finally paid a 30 bitcoin ransom to crooks

Dark Nexus, a new IoT botnet that targets a broad range of devices

LightNeuron, a Turla’s backdoor used to compromise exchange mail servers

AMD is going to patch UEFI SMM callout privilege escalation flaw

Chalubo, a new IoT botnet emerges in the threat landscape

GreyEnergy cyberespionage group targets Poland and Ukraine

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

NK CARROTBALL dropper used in attacks on U.S. Govn Agency

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Stay Connected