2017, Information Security and Malware - Cyber Security Informer

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The name ‘Nazar’ comes from the debug paths he found in the dump alongside Farsi resources in some of the malware droppers. ” continues the expert. .

Hacking

Hacking Advertising Malware Engineering

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware Advertising InfoSec Hacking

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Security Affairs

OCTOBER 16, 2020

The Google Cloud team revealed that in September 2017 it has mitigated DDoS attack that reached 2.54 The Google Cloud team revealed that back in September 2017 it has mitigated a powerful DDoS attack that clocked at 2.54 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack.

DDOS

DDOS Advertising DNS Engineering

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware

Malware Cryptocurrency Ransomware Hacking

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware

Malware Scams Social Engineering Phishing

WordPress WP-VCD malware delivered via pirated Coronavirus plugins

Security Affairs

MARCH 26, 2020

Crooks behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. behind the WordPress WP-VCD malware are distributing pirated versions of the Coronavirus plugins that inject a backdoor into websites. ” concludes Bleeping Computer. Pierluigi Paganini.

Malware

Malware Advertising Information Security Hacking

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Security Affairs

OCTOBER 24, 2020

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. ” continues the press release.

Malware

Malware Government Hacking Cyber Attacks

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. Pierluigi Paganini.

Malware

Malware Computers and Electronics Spyware Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” Kimsuky also used the forceCopy stealer malware to capture keystrokes and extract files from browser directories.

Phishing

Phishing Malware Security Intelligence Hacking

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware

Malware Social Engineering Retail Engineering

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Security Affairs

JANUARY 21, 2025

Researchers found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. ” reads the advisory.

IoT

IoT Malware Hacking Cybercrime

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware

Malware Architecture Technology DDOS

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking

Banking Malware Manufacturing Business Services

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Who is Phillip Durachinsky?

Malware

Malware Passwords Identity Theft Data collection

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Malware

Malware DDOS IoT Cybercrime

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 20, 2025

Threat actors exploit remote command execution to run a shell script that downloads a Mirai malware payload from a remote server. The third issue added to the KeV catalog is a directory traversal vulnerability, tracked as CVE-2017-12637 , in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5.

Backups

Backups Hacking Cybersecurity Malware

Crooks abuse website contact forms to deliver IcedID malware

Security Affairs

APRIL 10, 2021

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. SecurityAffairs – hacking, IcedID malware).

Malware

Malware Banking Marketing Authentication

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure. The surveillance tool family has been active since 2017, the experts highlighted that it requires physical access to the target device to initiate operations. .

Surveillance

Surveillance Mobile Spyware Malware

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Security Affairs

AUGUST 31, 2023

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. The GCHQ’s National Cyber Security Centre (NCSC) and agencies in the United States, Australia, Canada, and New Zealand have published an analysis of the Android malware.

Malware

Malware Authentication Government Threat Detection

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

Microsoft fixed two zero-day bugs exploited in malware attacks

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware.

Malware

Malware DNS Software Mobile

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware

Malware Firmware Architecture Firewall

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

Security Affairs

OCTOBER 3, 2021

TA544 is a financially motivated threat actor that is active at least since 2017, it focuses on attacks on banking users, it leverages banking malware and other payloads to target organizations worldwide, mainly in Italy and Japan. ” reads the analysis published by Proofpoint. Pierluigi Paganini.

Malware

Malware Banking Social Engineering Retail

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The malware author named the bot Satan DDoS, but Palo Alto Network’s Unit42 researchers dubbed it Lucifer because there’s another malware with the same name, the Satan Ransomware. Unit42 researchers noticed that the attacker is leveraging certutil utility in the payload for malware propagation.

DDOS

DDOS Malware Advertising Passwords

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Security Affairs

JANUARY 22, 2025

Researchers also found over 100 servers distributing Mirai malware and communicating with compromised IPs, indicating the campaign is ongoing. Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. reads the advisory.

DDOS

DDOS Malware Internet Internet

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.

Telecommunications

Telecommunications DNS Passwords Hacking

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks. Pierluigi Paganini.

Phishing

Phishing Malware Advertising Architecture

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Malware

Malware Phishing Banking Hacking

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Security Affairs

JANUARY 16, 2023

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. SecurityAffairs – hacking, malware).

Malware

Malware Encryption Authentication Hacking

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Security Affairs

MARCH 11, 2025

SideWinder rapidly adapts to security detections, modifying malware within hours, altering tactics, techniques, and procedures. “Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours. ” concludes the report.

Malware

Malware Government Phishing Hacking

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available).

Manufacturing

Manufacturing Cybercrime Passwords Authentication

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware

Ransomware Authentication Malware Hacking

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. From here, the malware executes a new thread when specific and hardcoded web-browsers are opened.

Antivirus

Antivirus Malware Banking Internet

New Triada Trojan comes preinstalled on Android devices

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Trending Sources

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

StripedFly, a complex malware that infected one million devices without being noticed

New Coronavirus-themed malspam campaign delivers FormBook Malware

WordPress WP-VCD malware delivered via pirated Coronavirus plugins

US Treasury imposes sanctions on a Russian research institute behind Triton malware

USCYBERCOM shares five new North Korea-linked malware samples

GravityRAT malware also targets Android and macOS

QSnatch malware infected over 62,000 QNAP NAS Devices

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

DarkGate malware campaign abuses Skype and Teams

TA547 targets German organizations with Rhadamanthys malware

China-linked BlackTech APT uses new Flagpro malware in recent attacks

PurpleFox malware infected at least 2,000 computers in Ukraine

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

New NKAbuse malware abuses NKN decentralized P2P network protocol

TinyNuke banking malware targets French organizations

Alleged FruitFly malware creator ruled incompetent to stand trial

EnemyBot malware adds new exploits to target CMS servers and Android devices

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

Crooks abuse website contact forms to deliver IcedID malware

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Microsoft fixed two zero-day bugs exploited in malware attacks

US and UK link new Cyclops Blink malware to Russian state hackers?

TA544 group behind a spike in Ursnif malware campaigns targeting Italy

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Purple Lambert, a new malware of CIA-linked Lambert APT group

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

CISA warns of phishing attacks delivering KONNI RAT

IcedID malware campaign targets Zoom users

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Wannacry, the hybrid malware that brought the world to its knees

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

XE Group shifts from credit card skimming to exploiting zero-days

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

SynAck ransomware gang releases master decryption keys for old victims

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Stay Connected