2017, Encryption and Malware - Cyber Security Informer

A new fileless variant of Remcos RAT observed in the wild

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited. Once the CVE-2017-0199 is exploited, it downloads an HTA file and executes it on the recipient’s device.

Phishing

Phishing Malware Banking Encryption

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 million encrypted malware attacks, +27% over the previous year. .” billion attacks.

IoT

IoT Encryption Malware Advertising

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

JULY 30, 2020

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based Unsurprisingly, thieves have known about this weakness for years.

Banking

Banking Malware Encryption Accountability

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware.

Malware

Malware Encryption Architecture Phishing

Analysis of Xloader’s C2 Network Encryption

Security Boulevard

JANUARY 21, 2022

Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. Capture keystrokes.

Encryption

Encryption Malware Backups Passwords

How to get back files encrypted by the Hacked Ransomware for free

Security Affairs

MARCH 26, 2019

The Hacked Ransomware was first spotted in 2017, it appends.hacked extension to the encrypted files and includes ransom notes in Italian, English, Spanish, and Turkish. In 2018, the popular malware researcher Michael Gillespie discovered a weakness in the encryption process that allowed the expert to create a decryption tool.

Encryption

Encryption Hacking Ransomware Advertising

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. states the analysis published by FireEye.

Malware

Malware Scams Social Engineering Phishing

Decoding Security 108: 2017 – The Year Everyone Got Hacked

SiteLock

AUGUST 27, 2021

2017 was a big year for malware, hacks, and data breaches. The second is a strain of malware found in pirated premium WordPress themes , which adds a backdoor account to a site that can be used to execute attacks at a later time. And finally, a variation of a 19-year-old vulnerability may bring about the end of RSA encryption.

Hacking

Hacking Encryption Data breaches Malware

SoNot SoSafe: Android malware disguises itself as secure messaging app

Malwarebytes

NOVEMBER 16, 2021

This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal their data.

Malware

Malware Encryption Marketing Media

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Read or write the files on the device’s external storage.

Encryption

Encryption Malware Media Authentication

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

JUNE 3, 2019

National Security Agency (NSA) and leaked online in 2017. But new analysis suggests that while Eternal Blue could have been used to spread the infection, the Robbinhood malware itself contains no traces of it. Stewart said he obtained a sample of the malware that he was able to confirm was connected to the Baltimore incident.

Ransomware

Ransomware Accountability Malware Government

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure. The surveillance tool family has been active since 2017, the experts highlighted that it requires physical access to the target device to initiate operations. .

Surveillance

Surveillance Mobile Spyware Malware

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

Malwarebytes

FEBRUARY 16, 2021

Today, we are showing readers just what that evolution looked like, in our State of Malware 2021 report. This report provides our most comprehensive analysis of last year’s malware trends, with breakdowns by malware category, malware type, operating system, region, industry, and more.

Malware

Malware Scams Spyware Healthcare

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

SecureList

APRIL 17, 2025

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny while the use of some malware families is reported for decades, information about others disappears after days, months or several years.

Malware

Malware Encryption Architecture Engineering

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware. At a first sight, the office document had an encrypted content available on OleObj.1 And why the attacker used an encrypted payload if the victim cannot open it? 1 and OleObj.2.

Malware

Malware Computers and Electronics Encryption Penetration Testing

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile

Mobile Malware Adware Banking

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Antivirus

Antivirus Advertising Software Malware

Cobalt crime gang is using again CobInt malware in attacks on former soviet states

Security Affairs

SEPTEMBER 13, 2018

The Russian Cobalt crime gang was particularly active in the last month, a new report confirms a massive use of the CobInt malware in recent attacks. Security researchers from Proofpoint reported the massive use of the CobInt malware by the Cobalt group in recent attacks. CVE-2017-8570, CVE-2017-11882, or CVE-2018-0802.

Malware

Malware Banking Advertising Manufacturing

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Malware

Malware Telecommunications Advertising Encryption

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive. Later that year, we discovered a new set of activities.

Malware

Malware Government Software Spyware

Fake mobile version of Cyberpunk 2077 spreads ransomware

Security Affairs

DECEMBER 18, 2020

RC4 algorithm with hardcoded key (in this example – "21983453453435435738912738921") is used for encryption. That means that if you got your files encrypted by this #ransomware , it is possible to decrypt them without paying the ransom. link] — Tatyana Shishkova (@sh1shk0va) December 17, 2020. "CyberPunk2077.sfx.exe"

Mobile

Mobile Ransomware Encryption Malware

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Security Affairs

JANUARY 16, 2023

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. SecurityAffairs – hacking, malware).

Malware

Malware Encryption Authentication Hacking

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware

Malware DNS Encryption Cryptocurrency

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

FEBRUARY 16, 2021

In another news related to cyber attack, France Cyber Security authorities have detected that the United States SolarWinds cyber attack could have been launched on its infrastructure in 2017 that remained undetected till 2020 or until security firm FireEye revealed it to the world.

Cyber Attacks

Cyber Attacks Insurance Backups Encryption

The ‘AVE_MARIA’ Malware

Security Affairs

JANUARY 11, 2019

Ave Maria Malware – Phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector. Similar packing of AutoIT code have been observed even by Juniper back in 2016, where SFX files were abused this way to deliver scripts used as first stage of the malware.

Malware

Malware Phishing Advertising InfoSec

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

Paradise Ransomware has been active since September 2017, its operators offer the malware with a Ransomware-as-a-Service (RaaS) model. In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware.

Ransomware

Ransomware Hacking Encryption Malware

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware

Ransomware Cybercrime Accountability Malware

Ransomware in the CIS

SecureList

OCTOBER 7, 2021

The malware also sends a message with this information via Telegram. After encryption, the contents of the folders look as follows: the cybercriminals’ e-mail address and the victim’s ID are added to the beginning of each file, followed by the original name and extension, and then the extension added by the ransomware.

Ransomware

Ransomware Encryption Passwords Malware

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

billion claim arising from the NotPetya malware incident. billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck and its insurers have agreed with a $1.4

Insurance

Insurance Manufacturing Ransomware Healthcare

Stories from the SOC – WannaCry malware

CyberSecurity Insiders

JANUARY 31, 2022

WannaCry malware was first discovered in May 2017 and a patch was released roughly two months prior to its public release. This particular event confirmed our suspicion that this was, indeed, the WannaCry malware. The post Stories from the SOC – WannaCry malware appeared first on Cybersecurity Insiders.

Malware

Malware Threat Detection Firewall Encryption

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm.

Ransomware

Ransomware Advertising Malware Encryption

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption

Encryption Antivirus Malware Hacking

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

AUGUST 12, 2018

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs. million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

Banking

Banking Accountability Phishing Authentication

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. The KONNI RAT was first spotted by Cisco Talos researchers in 2017, it has been undetected since 2014 and was employed in highly targeted attacks. ” concludes the report. ” concludes the report.

Encryption

Encryption Malware Phishing Hacking

Denonia cryptominer is first malware to target AWS Lambda

Malwarebytes

APRIL 11, 2022

Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda , the serverless computing platform of Amazon Web Services (AWS). The malware’s name is inspired by the domain the threat actors behind the cryptominer communicate with. Use TLS 1.2

Malware

Malware Accountability Encryption Software

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. From here, the malware executes a new thread when specific and hardcoded web-browsers are opened.

Antivirus

Antivirus Malware Banking Internet

BrandPost: Beating Ransomware in the Midgame: Detection Best Practices in 2022

CSO Magazine

APRIL 14, 2022

Ransomware (ransom + malware) is a form of malware designed to allow malicious actors to extort money from an organization. This is accomplished by using a variety of encryption techniques that lock an organization's files to then force the organization to pay for the key to unlock the data. What is Ransomware?

Ransomware

Ransomware Encryption Malware

Old Vulnerabilities, New Attacks: Encrypted MalDocs Evade Detection

Penetration Testing

FEBRUARY 9, 2024

However, a recent investigation by Check Point... The post Old Vulnerabilities, New Attacks: Encrypted MalDocs Evade Detection appeared first on Penetration Testing. In the fast-paced world of cybersecurity, where new threats emerge daily, it’s all too easy to forget about the dangers lurking in the shadows of the past.

Encryption

Encryption Penetration Testing Cybersecurity Malware

A new fileless variant of Remcos RAT observed in the wild

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Trending Sources

Is Your Chip Card Secure? Much Depends on Where You Bank

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Analysis of Xloader’s C2 Network Encryption

How to get back files encrypted by the Hacked Ransomware for free

New Coronavirus-themed malspam campaign delivers FormBook Malware

Decoding Security 108: 2017 – The Year Everyone Got Hacked

SoNot SoSafe: Android malware disguises itself as secure messaging app

GravityRAT returns disguised as an end-to-end encrypted chat app

QSnatch malware infected over 62,000 QNAP NAS Devices

Tedrade banking malware families target users worldwide

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

QNAP urges users to update Malware Remover after QSnatch joint alert

Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

New MATA Multi-platform malware framework linked to NK Lazarus APT

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Mobile malware evolution 2020

Wannacry, the hybrid malware that brought the world to its knees

Who’s Behind the RevCode WebMonitor RAT?

Cobalt crime gang is using again CobInt malware in attacks on former soviet states

DePriMon downloader uses a never seen installation technique

APT trends report Q3 2024

Fake mobile version of Cyberpunk 2077 spreads ransomware

Experts spotted a backdoor that borrows code from CIA’s Hive malware

StripedFly: Perennially flying under the radar

Cyber Attack news headlines trending on Google

The ‘AVE_MARIA’ Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The source code of the Paradise Ransomware was leaked on XSS hacking forum

How Did Authorities Identify the Alleged Lockbit Boss?

Ransomware in the CIS

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Stories from the SOC – WannaCry malware

Leading Law firm Seyfarth Shaw discloses ransomware attack

Chinese actors behind attacks on industrial enterprises and public institutions

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

North Korea-linked Konni APT uses Russian-language weaponized documents

Denonia cryptominer is first malware to target AWS Lambda

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

BrandPost: Beating Ransomware in the Midgame: Detection Best Practices in 2022

Old Vulnerabilities, New Attacks: Encrypted MalDocs Evade Detection

Stay Connected