2015, Encryption and Malware - Cyber Security Informer

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Security Affairs

APRIL 2, 2025

The threat actor FIN7 , also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. “The malware is distributed as a ZIP package, which includes a single Python script alongside multiple Python executables.

Antivirus

Antivirus Cybercrime Malware Encryption

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. ” continues the analysis. ” continues the analysis.

Encryption

Encryption Ransomware Firewall Backups

BrandPost: Detect Malware in Encrypted Traffic for Improved Security Visibility

CSO Magazine

OCTOBER 11, 2021

According to the Ponemon Institute's 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their entire environment—up from around 40% in 2015, and 25% in 2010.

Encryption

Encryption Malware

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad , PlugX , and the previously undocumented NailaoLocker ransomware. This launches the malware routine.” ” continues the report.

Healthcare

Healthcare Ransomware VPN Malware

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

JANUARY 27, 2021

NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a percentage of any funds extorted from victims. million last summer in exchange for a digital key needed to unlock files encrypted by the ransomware. million from the scheme.

Ransomware

Ransomware Cybercrime Antivirus Encryption

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. ” reads the analysis published by the experts.

Malware

Malware Passwords Encryption Advertising

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Custom Ragnar Locker ransom note (Source: Sophos).

Encryption

Encryption Ransomware Energy and Utilities Advertising

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. Pierluigi Paganini.

DDOS

DDOS Encryption DNS Advertising

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising

Advertising Antivirus Software Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

Some of the vulnerabilities exploited by the botnets are CVE-2015-2051 , CVE-2019-10891 , CVE-2022-37056 , and CVE-2024-33112. The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware. ” reads the report published by Fortinet.

Architecture

Architecture Malware DNS DDOS

SoNot SoSafe: Android malware disguises itself as secure messaging app

Malwarebytes

NOVEMBER 16, 2021

This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal their data.

Malware

Malware Encryption Media Marketing

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Read or write the files on the device’s external storage.

Encryption

Encryption Malware Media Authentication

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. states the analysis published by FireEye.

Malware

Malware Scams Social Engineering Phishing

Catch Hospitality Group discloses PoS malware infection at its restaurants

Security Affairs

NOVEMBER 23, 2019

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Pierluigi Paganini.

Malware

Malware Advertising Data breaches Encryption

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

The library did not disclose the family of malware that infected its system, but experts believe that the computers were infected with ransomware. “Some Californian libraries are also affected by a ransomware attack that encrypted computers at 26 community libraries in Contra Costa County on January 3.” Pierluigi Paganini.

Malware

Malware Cyber Attacks Advertising Ransomware

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” reads the post published by the company. Pierluigi Paganini.

Encryption

Encryption Advertising Accountability Hacking

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware

Malware Firmware Manufacturing Advertising

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

World Backup Day: Pledge to protect your digital life

Webroot

MARCH 12, 2025

Backing up your data simply means creating copies of your important files and storing them in secure, encrypted locations. Many hard drives fail in less than three years , and its been found that the newer drives have shorter lifespans than those manufactured before 2015.

Backups

Backups Encryption Antivirus Data preservation

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

After 1 Million of malware samples analyzed

Security Affairs

NOVEMBER 25, 2019

Malware Hunter – One year after its launch, Marco Ramilli shared the results of its project that has analyzed more than 1 Million malware samples. Malware Hunter is a python powered project driven by three main components: collectors, processors and public API. Malware Analyses Distribution. How it works.

Malware

Malware Penetration Testing Banking Advertising

Five Eyes nations plus India and Japan call for encryption backdoor once again

Security Affairs

OCTOBER 13, 2020

Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. The statements reinforce the importance of the encryption in protecting data, privacy, and IP, but highlights the risks of abusing it for criminal and terrorist purposes. Pierluigi Paganini.

Encryption

Encryption Data privacy Advertising Technology

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Security Affairs

OCTOBER 3, 2020

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. The social network giant revealed that malware has a Chinese origin and allowed hackers to siphon $4 million from users’ advertising accounts. Pierluigi Paganini.

Malware

Malware Advertising Accountability Authentication

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. Guys, another new #China ( #PRC ) made #DDoS #ELF #malware , I called it: " #Linux /Kaiji", coded in #Go lang, packed, VT low detection=1.

IoT

IoT Malware DDOS Advertising

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware

Ransomware Encryption Malware Advertising

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Operators behind Nefilim Ransomware threaten to release stolen data

Security Affairs

MARCH 17, 2020

A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. At the time of writing it is still unclear which is the attack vector exploited by Nefilim operators, experts believe the malware was mainly deployed via RDP. Nefilim appends the.

Ransomware

Ransomware Encryption Cybercrime Advertising

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. This creates a “chain of trust” between a signature on a piece of software and a CA—like DigiCert or Let’s Encrypt—that operating systems trust. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware.

Malware

Malware Software System Administration Ransomware

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

SecureList

FEBRUARY 18, 2025

RARExtract decrypts unrar.dll using AES encryption with a hard-coded key, cls-precompx.dll. Anti-debug checks example If the checks are passed, the malware executes cmd.exe to register unrar.dll as a command handler with regsvr32.exe. The creation time of the.dat file is spoofed with a random date between 01/01/2015 and 12/25/2021.

Malware

Malware Encryption Software Technology

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

The stated intent was to recruit “intelligent individuals” by presenting a series of puzzles to be solved; no new puzzles were published on January 4, 2015. Truesec researchers dissected a variant that targets VMware ESXi systems, which appears to be a version of the same malware for Windows. ” reported Truesec.

Ransomware

Ransomware Encryption Malware Cybercrime

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems.

Ransomware

Ransomware Encryption Advertising Malware

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. If not stopped, Dexphot ultimately ran a cryptocurrency miner on the device, with monitoring services and scheduled tasks triggering re-infection when defenders attempt to remove the malware.” msiexec.exe, unzip.exe, rundll32.exe,

Cryptocurrency

Cryptocurrency Malware Encryption Advertising

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Mobile

Mobile Financial Services Banking Malware

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware

Ransomware Cybercrime Accountability Malware

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. The ransomware attack took place on September 23, the threat actors breached the network of the company and deployed the malware. Tyler Technologies, Inc. ” reported BleepingComputer.

Technology

Technology Ransomware Encryption Advertising

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Advertising Retail Antivirus

Mount Locker ransomware operators demand multi-million dollar ransoms

Security Affairs

SEPTEMBER 28, 2020

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to the popular malware researchers Michael Gillespie , the Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key.

Ransomware

Ransomware Encryption Advertising Engineering

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Snake Ransomware isolates infected Systems before encrypting files

Trending Sources

BrandPost: Detect Malware in Encrypted Traffic for Improved Security Visibility

NailaoLocker ransomware targets EU healthcare-related entities

Arrest, Seizures Tied to Netwalker Ransomware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Ragnar Ransomware encrypts files from virtual machines to evade detection

Tedrade banking malware families target users worldwide

German encrypted email service Tutanota suffers DDoS attacks

Is the Abaddon RAT the first malware using Discord as C&C?

Who’s Behind the RevCode WebMonitor RAT?

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Experts warn of a surge in activity associated FICORA and Kaiten botnets

SoNot SoSafe: Android malware disguises itself as secure messaging app

GravityRAT returns disguised as an end-to-end encrypted chat app

QSnatch malware infected over 62,000 QNAP NAS Devices

New Coronavirus-themed malspam campaign delivers FormBook Malware

Catch Hospitality Group discloses PoS malware infection at its restaurants

Malware attack took down 600 computers at Volusia County Public Library

Zoom now supports end-to-end encrypted (E2EE) calls

xHelper, the Unkillable Android malware that re-Installs after factory reset

New MATA Multi-platform malware framework linked to NK Lazarus APT

World Backup Day: Pledge to protect your digital life

Raccoon Malware, a success case in the cybercrime ecosystem

CDRThief Linux malware steals VoIP metadata from Linux softswitches

After 1 Million of malware samples analyzed

Five Eyes nations plus India and Japan call for encryption backdoor once again

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Kaiji, a new Linux malware targets IoT devices in the wild

SentinelOne released free decryptor for ThiefQuest ransomware

QNAP urges users to update Malware Remover after QSnatch joint alert

Operators behind Nefilim Ransomware threaten to release stolen data

Stolen Nvidia certificates used to sign malware—here’s what to do

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

A new variant of Cicada ransomware targets VMware ESXi systems

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Microsoft warns of Dexphot miner, an interesting polymorphic threat

EventBot, a new Android mobile targets financial institutions across Europe

How Did Authorities Identify the Alleged Lockbit Boss?

Tyler Technologies finally paid the ransom to receive the decryption key

Maze ransomware uses Ragnar Locker virtual machine technique

Report: Threat of Emotet and Ryuk

Mount Locker ransomware operators demand multi-million dollar ransoms

Stay Connected