SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile 132

Mobile Malware Adware Banking 132

Krebs on Security

JULY 20, 2021

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov , a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov was arrested in 2017 while in Barcelona, Spain with his family.

Antivirus 287

Antivirus Cybercrime Identity Theft Scams 287

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. What should we learn from this?

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

SiteLock

AUGUST 27, 2021

As cybercrime grows and evolves, malware remains a constant weapon in a cybercriminal’s armory. Malware, short for malicious software, is created with the intent of causing harm to a website or computer. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.

Malware 98

Malware Backups Cybercrime Antivirus 98

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware 106

Malware Hacking Government Telecommunications 106

Security Affairs

OCTOBER 11, 2018

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper.

Malware 87

Malware Passwords Advertising Antivirus 87

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. Koshkin was arrested in California in September 2019 , while Tsurkan was arrested in April 2017.

Antivirus 86

Antivirus Malware Cybercrime Cyber threats 86

CyberSecurity Insiders

NOVEMBER 11, 2021

AT&T Alien Labs™ has found new malware written in the open source programming language Golang. The malware creates a backdoor and waits to either receive a target to attack from a remote operator through port 19412 or from another related module running on the same machine. VirusTotal scanning results of BotenaGo malware.

Malware 85

Malware IoT Firmware Authentication 85

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware 107

Malware DNS Encryption Cryptocurrency 107

Krebs on Security

JULY 18, 2022

re network uses at least two free VPN services to lure its users to install a malware-like software that achieves persistence on the user’s computer,” the researchers wrote. These two software are currently unknown to most if not all antivirus companies.” In a 2017 discussion on fl.l33t[.]su “The 911[.]re

VPN 294

VPN Computers and Electronics Antivirus Software 294

CyberSecurity Insiders

NOVEMBER 8, 2022

BitDefender Mobile Security feature assists customers in protecting against malware spread and phishing scams. From then, the company has been offering antivirus software, multi-cloud security, extended detection and response and anti-virus and IoT protection.

Mobile 101

Mobile Antivirus VPN IoT 101

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Antivirus 98

Antivirus Encryption Malware Hacking 98

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 This malware is still in beta phase and has been accidently leaked.

IoT 122

IoT Firmware Malware Wireless 122

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware 84

Malware DNS Social Engineering Advertising 84

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 128

DNS Cryptocurrency Internet Internet 128

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 190

Advertising Antivirus Software Malware 190

CyberSecurity Insiders

AUGUST 26, 2022

Ransomware is a cyberattack that uses malware – software created to infiltrate a computer system and damage or disrupt it. An AIDS researcher named Joseph Popp put malware on floppy discs and handed them out to over 20,000 people at a conference. The malware demanded over $500 from each person who inserted the floppy disk.

Ransomware 123

Ransomware Education Software Malware 123

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. Using an encrypted payload is quite a common way to evade Antivirus, since the encrypted payload changes depending on the used key. Stage1: Encrypted Content. But what is the key?

Malware 87

Malware Computers and Electronics Encryption Penetration Testing 87

Security Affairs

APRIL 30, 2021

The weaponized RTF documents generated with the exploit builder are able to trigger the CVE-2017-11882 , CVE-2018-0798 , CVE-2018-0802 vulnerabilities in Microsoft’s Equation Editor. This tool was widely adopted by several China-linked threat actors, including Tick , Tonto Team and TA428.

Phishing 130

Phishing Malware Antivirus Encryption 130

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. The activity of the Zinc APT group, aka Lazarus , surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware 124

Malware Phishing Antivirus Hacking 124

Krebs on Security

MAY 16, 2019

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the same name. Prosecutors say Nikolov, a.k.a.

Cybercrime 173

Cybercrime Banking Small Business Computers and Electronics 173

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Apps from other sources can carry malware or spyware.

Passwords 196

Passwords Password Management Antivirus Internet 196

CyberSecurity Insiders

MAY 31, 2023

The malware combines several open-source projects to improve its capabilities. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017). in March 2023, which is the most current version.

Malware 117

Malware Antivirus Encryption Advertising 117

Security Affairs

OCTOBER 4, 2021

In March, the cyberespionage group was observed leveraging ProxyShell against targets in 10 countries and used a variety of malware in its campaign. FRP, Cobalt Strike Beacon, and Tiny Shell) and previously undetected malware tracked as ProxyT, BeaconLoader and the DoorMe backdoor. ” reads the analysis published by the experts.

Energy and Utilities 89

Energy and Utilities Malware Technology Antivirus 89

Security Affairs

JUNE 12, 2019

The last time security experts documented the FIN8’s activities was in 2016 and 2017. FireEye documented obfuscation techniques used by the group in June 2017 and the involvement of PUNCHTRACK POS-scraping malware. “It is believed that the malware was deployed as a result of several phishing attempts.”

Hacking 76

Hacking Malware Advertising Retail 76

Security Affairs

DECEMBER 28, 2021

Check Point researchers have published a detailed analysis of the DoubleFeature tool used to log post-exploitation activities in attacks conducted by the Equation Group and involving the DanderSpritz malware framework. The tool also includes features to bypass Antivirus engines and perform other malicious activities. .

Antivirus 92

Antivirus Malware Hacking Engineering 92

Security Affairs

APRIL 17, 2019

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. ” continues the analysis. .

Antivirus 83

Antivirus Malware Advertising Passwords 83

Security Affairs

OCTOBER 15, 2018

The BlackEnergy malware is a threat improved to target SCADA systems, some variants include the KillDisk component developed to wipe the disks and make systems inoperable. According to the SBU, BlackEnergy hackers used new samples of malware in a recent series of attack. ” states the ukrinform.net.

Cyber Attacks 89

Cyber Attacks Surveillance Telecommunications Advertising 89

Krebs on Security

JULY 28, 2022

” Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download.

Advertising 208

Advertising Software Computers and Electronics Internet 208

Security Affairs

SEPTEMBER 26, 2018

The man pleaded guilty in December 2017 to one count of willful retention of classified national defense information. On September 11, 2014, Kaspersky antivirus detected the Win32.GrayFish.gen On September 11, 2014, Kaspersky antivirus detected the Win32.GrayFish.gen Equestre.*”.

Antivirus 89

Antivirus Hacking Software Government 89

Krebs on Security

FEBRUARY 9, 2023

Initially a stealthy trojan horse program delivered via email and used to steal passwords, Trickbot evolved into “a highly modular malware suite that provides the Trickbot Group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks,” the Treasury Department said. The Forbes.ru

Hacking 186

Hacking Cybercrime Ransomware Government 186

Malwarebytes

JULY 30, 2021

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [ 1 ][ 2 ] on the Microsoft Security blog.

Malware 90

Malware Penetration Testing Passwords Antivirus 90

Security Affairs

JULY 21, 2018

Security experts from Kaspersky Lab have discovered a precursor of the infamous Proton macOS malware that was named Calisto. Malware researchers from Kaspersky Lab have discovered a malware, tracked as Calisto, that appears to be to the precursor of the Proton macOS malware. Use antivirus software.

Antivirus 48

Antivirus Advertising Malware Accountability 48

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware 90

Malware Ransomware Encryption Energy and Utilities 90

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware 71

Ransomware Antivirus Malware Banking 71

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Not all visitors to the site were infected. ” concludes Microsoft.

Malware 114

Malware Antivirus Hacking Accountability 114

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. “Yehuo” ( ? ? ) Two of those domains registered to tosaka1027@gmail.com — elsyzsmc[.]com

Mobile 241

Mobile Technology Manufacturing Malware 241