Security Affairs

JUNE 18, 2020

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years. The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

DNS 123

DNS Spyware Advertising Software 123

The Last Watchdog

MAY 2, 2019

Last February, Dallas-based email encryption vendor Zix Corp. In 2017, for instance, SMBs were under tremendous pressure to defend their networks against rapidly morphing ransomware attacks. In 2018, attackers shifted their focus to refining and deploying banking trojans, which essentially act as spyware.

Risk 182

Risk Cyber Risk Cyber threats Banking 182

Security Affairs

MAY 23, 2023

In the latest campaign uncovered by Kaspersky, the APT group, used a modular framework dubbed CloudWizard that supports spyware capabilities, including taking screenshots, microphone recording, harvesting Gmail inboxes, and keylogging. Since 2017, there have been no traces of Groundbait and BugDrop operations.

Malware 98

Malware Spyware Encryption Hacking 98

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

Herjavec Group

AUGUST 26, 2021

2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install spyware on Heartland’s data systems. 2014 — eBay — A cyberattack exposes names, addresses, dates of birth, and encrypted passwords of all of eBay’s 145 million users. . 2017 — Equifax — Equifax, one of the largest U.S.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

SecureList

NOVEMBER 1, 2022

KeyPlug is a modular backdoor with the capability of communicating to its server via several network communication protocols set in its XOR-encrypted embedded configuration block. In June, we identified a previously unknown Android spyware app that targets Persian-speaking individuals. í religion that are banned in Iran.

Malware 145

Malware Ransomware Spyware Encryption 145

SiteLock

AUGUST 27, 2021

You may be most familiar with computer malware such as Trojan viruses and spyware, which can be used to retrieve sensitive data from a computer or even take control of the system. You’ve likely read about high-profile cyberattacks in the headlines after a major data breach, such as the Equifax breach in 2017. Ransomware. Malvertising.

Small Business 98

Small Business DDOS Malware Phishing 98

Security Affairs

APRIL 5, 2019

Ursnif/Gozi is active from over a decade and was one of the most active malware listed in 2017 and 2018. A few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB , an offspring of the original Gozi which source code was leaked in 2014.

Banking 109

Banking Malware Cryptocurrency Advertising 109

Security Affairs

JANUARY 10, 2021

The Cyber-attack resulted in a large volume of data to be encrypted including database servers and backup data. In December 2020, Symrise AG confirmed that they were the target of Clop Ransomware attack, when 500GB of their data from over 1000 infected devices was encrypted by cyber criminals.

Cyber Attacks 125

Cyber Attacks Government Surveillance Software 125

SecureList

APRIL 27, 2021

Further investigation of the Sunburst backdoor revealed several features that overlap with a previously identified backdoor known as Kazuar , a.NET backdoor first reported in 2017 and tentatively linked to the Turla APT group. webshells and Exaramel implants.

Malware 145

Malware Government Spyware Social Engineering 145

SecureList

NOVEMBER 18, 2022

In another, they were able to compromise a WebLogic server through an exploit for the CVE-2017-10271 vulnerability, which ultimately allowed them to run a script. The attackers compress stolen files into encrypted and password-protected ZIP archives. Other malware. Prilex: the pricey prickle credit card complex.

Malware 123

Malware Computers and Electronics Adware Cryptocurrency 123

SecureList

AUGUST 30, 2023

CloudWizard reminded us of two campaigns observed in Ukraine and reported publicly: Operation Groundbait (first described by ESET in 2016) and Operation BugDrop (discovered by CyberX in 2017). Using a number of vulnerabilities in iOS, the attachment is executed and installs spyware. The malware, which we call Minas , is a miner.

Malware 98

Malware Spyware Cryptocurrency Government 98

SecureList

MAY 3, 2021

In second place came exploits for the CVE-2017-11882 vulnerability in the Microsoft Equation Editor component, which were detected in 6.38% of cases. In seventh place is the Noon spyware (2.41%), which steals passwords from browsers and reads keystrokes. Third position this time was taken by Trojans from the Badun family (5.79%).

Phishing 137

Phishing Banking Accountability Computers and Electronics 137

SecureList

MARCH 1, 2021

The word “covid” in various combinations was typically used in the names of packages hiding spyware and banking Trojans, adware or Trojan droppers. Mobile malicious installation packages for Android in 2017 through 2020 ( download ). This malware was first spotted in 2017. Pandemic theme in mobile threats.

Mobile 145

Mobile Malware Adware Banking 145

SecureList

JULY 27, 2023

Following this, we released the first of a series of additional reports describing the final payload in the infection chain: a highly sophisticated spyware implant that we dubbed “TriangleDB” Operating in memory, this implant periodically communicates with the C2 (command and control) infrastructure to receive commands.

Malware 98

Malware Government Phishing Social Engineering 98

SecureList

JULY 29, 2024

After a two-year break, the Mandrake Android spyware returned to Google Play and lay low for two years. Technical details Background The original Mandrake campaign with its two major infection waves, in 2016–2017 and 2018–2020, was analyzed by Bitdefender in May 2020. Encrypted strings are mixed with plain text strings.

Spyware 144

Spyware Encryption Malware Mobile 144

eSecurity Planet

FEBRUARY 16, 2021

In 2017, more than 300,000 WordPress websites were affected by a malicious plugin that allowed an attacker to place embedded hidden links on victim websites. Additional features of botnets include spam, ad and click fraud, and spyware. Jump ahead: Adware. Bots and botnets. Browser hijacker. Malicious mobile app. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

The Last Watchdog

FEBRUARY 28, 2021

It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms. Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). Don’t worry though.

Cyber threats 113

Cyber threats Computers and Electronics Adware Spyware 113

CyberSecurity Insiders

JANUARY 31, 2021

It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms. Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). Don’t worry though.

Malware 107

Malware Computers and Electronics Adware Spyware 107

SecureList

FEBRUARY 15, 2021

In most cases, scammers, as before, claimed to have used spyware to film the blackmail victim watching adult videos. Equation Editor vulnerability exploits, Exploit.MSOffice.CVE-2017-11882 , dropped to third place with 6.55 Threats made by extortionists grew in diversity. The Trojan-PSW.MSIL.Agensla family was second with 7.70%.

Phishing 145

Phishing Malware Accountability Scams 145

SecureList

AUGUST 5, 2021

Exploits for CVE-2017-11882 (4.07%), an Equation Editor vulnerability popular with cybercriminals, gave ground and dropped to fourth place. Sixth and eighth places were occupied by Noon spyware Trojans, which infect any (2.66%) or only 32-bit (2.47%) versions of Windows. TOP 10 malware families in mail traffic, Q2 2021 ( download ).

Phishing 135

Phishing Banking Scams Computers and Electronics 135