2018, Malware and Spyware - Cyber Security Informer

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. and iOS versions before 11.4.

Spyware

Spyware Malware Surveillance Mobile

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta. Meta won the litigation against the Israeli spyware vendor NSO Group , a U.S. from April 29, 2018, to May 10, 2020). from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Architecture Software

Trojans and Spyware Are Making a Comeback

Adam Levin

JANUARY 25, 2019

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. Kaspersky and McAfee Labs both reported a 30% decline in ransomware attacks in 2018. “[T]he

Spyware

Spyware Ransomware Banking Malware

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

Malwarebytes

MAY 28, 2024

As you may have read many times before on our blog, some spyware companies have a surprisingly low standard of security. Daigle found that pcTattleTale’s Application Programming Interface (API) allows any attacker to access the most recent screen capture recorded from any device on which the spyware is installed. Ignore Always.

Spyware

Spyware Software Malware Mobile

Pegasus spyware used to spy on a Polish mayor

Security Affairs

MARCH 3, 2023

The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish special services are using surveillance software to spy on government opponents.

Spyware

Spyware Surveillance Hacking Government

Hermit spyware is deployed with the help of a victim’s ISP

Malwarebytes

JUNE 29, 2022

Google’s Threat Analysis Group (TAG) has revealed a sophisticated spyware activity involving ISPs (internet service providers) aiding in downloading powerful commercial spyware onto users’ mobile devices. The spyware, dubbed Hermit, is reported to have government clients much like Pegasus.

Spyware

Spyware Government Social Engineering Mobile

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called BadBazaar and new variants of the MOONSHINE surveillance software discovered by Citizen Lab in 2019 and employed in attacks against Tibetan activists. .

Surveillance

Surveillance Spyware Malware Mobile

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. The spyware is likely used as part of a sextortion campaign.

Spyware

Spyware Mobile Surveillance Malware

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware

Malware Phishing Spyware Cyber threats

Experts spotted two Android spyware used by Indian APT Confucius

Security Affairs

FEBRUARY 11, 2021

Lookout researchers provided details about two Android spyware families employed by an APT group tracked as Confucius. Researchers at mobile security firm Lookout have provided details about two recently discovered Android spyware families, dubbed Hornbill and SunBird, used by an APT group named Confucius.

Spyware

Spyware Surveillance Malware Mobile

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. The threat actors used by spyware to take over the target systems, spy on the victims, and exfiltrate data. The link points to files containing spyware that could infect both Mac OS or Windows systems.

Spyware

Spyware Government Surveillance Phishing

Photos of kids taken from spyware-ridden phones found exposed on the internet

Malwarebytes

JUNE 16, 2022

This news, first reported by Motherboard , is the latest in a lengthening list of spyware brands breached due to their poor cybersecurity hygiene. Unlike other malware, it is also publicly available. In 2018, a hacker going by the initials L.M. And TheTruthSpy is hardly the first of its kind to put kids’ data at risk.

Spyware

Spyware Internet Internet Marketing

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Security Affairs

JUNE 22, 2020

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. The links used in these attacks are similar to the ones detected by in June 2018 by Amnesty International in operations against an Amnesty staff member and a Saudi HRD.

Spyware

Spyware Surveillance Mobile Advertising

Some details about PhoneSpy Malware

CyberSecurity Insiders

NOVEMBER 15, 2021

A new malware has been uncovered recently and has been dubbed as PhoneSpy. And reports are in that the developers of such malware could be those funded by North Korea government found always spying on populace of various countries across the world.

Malware

Malware Spyware Mobile Software

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. Both incidents occurred in 2018. Apple Under Fire.

Spyware

Spyware Mobile Government Surveillance

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

JULY 11, 2019

Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. Pierluigi Paganini.

Spyware

Spyware Mobile Advertising Architecture

Regin spyware involved in attack against the Russian tech giant Yandex

Security Affairs

JUNE 28, 2019

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware. According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

Spyware

Spyware Malware Advertising Authentication

Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat

Threatpost

OCTOBER 5, 2018

A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic.

Spyware

Spyware Cyber Attacks Phishing Mobile

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers spotted new variants of the Windows GravityRAT spyware that now can also infect Android and macOS devices. Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices.

Malware

Malware Computers and Electronics Spyware Advertising

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

New threat actor SandCat exploited recently patched CVE-2018-8611 0day

Security Affairs

DECEMBER 12, 2018

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors. Microsoft’s Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. Pierluigi Paganini.

Spyware

Spyware Advertising Accountability Malware

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

The word “covid” in various combinations was typically used in the names of packages hiding spyware and banking Trojans, adware or Trojan droppers. The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. More on that later.

Mobile

Mobile Malware Adware Banking

Experts observed the growth of hi-tech crime landscape in Asia in 2018

Security Affairs

MARCH 19, 2019

Security experts at Group-IB presented at Money2020 Asia the results of an interesting analysis of hi-tech crime landscape in Asia in 2018. The number of leaked cards increased in 2018 by 56%. The total underground market value of Singaporean banks’ cards compromised in 2018 is estimated at nearly $640 000.

Banking

Banking Government Passwords Marketing

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. SecurityAffairs – scranos malware, malware). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Adware Malware Accountability

Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised

Security Affairs

APRIL 8, 2019

Bahrain, 08.04.2019 – Group-IB, an international company that specializes in preventing cyberattacks , and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8

Artificial Intelligence

Artificial Intelligence Government Banking Advertising

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware creates different threads and timer functions in the main function. ” reads the analysis published by SentinelOne.

Passwords

Passwords Spyware VPN Malware

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. The iOS app analyzed by the researchers contained the following exploits: CVE-2018-4344 internally referred to and publicly known as LightSpeed. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance

Surveillance Mobile Spyware Telecommunications

Threat landscape for industrial automation systems, H2 2021

SecureList

MARCH 3, 2022

Percentage of ICS computers on which malicious objects were blocked, January – December 2018 – 2021 ( download ). It is also worth noting that in 2021 the vectors of monthly fluctuations (increases and decreases) are the same as those in 2019 and, particularly, in 2018 more often than in 2020. Selected industries. Malicious objects.

Spyware

Spyware Ransomware Cryptocurrency Phishing

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Security Affairs

APRIL 5, 2019

A few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB , an offspring of the original Gozi which source code was leaked in 2014. Ursnif/Gozi is active from over a decade and was one of the most active malware listed in 2017 and 2018.

Banking

Banking Malware Cryptocurrency Advertising

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

Threatpost

OCTOBER 5, 2020

A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.

Spyware

Spyware IoT Malware

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. The LoadEdge backdoor maintains persistence through the Windows registry.

Spyware

Spyware DNS Phishing Government

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. ” “I am not your A-typical computer geek, Brian,” he wrote in a 2018 email. “I An advertisement for Orcus RAT.

Advertising

Advertising Malware Marketing Software

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

MARCH 13, 2019

In October 2018, FruityArmor exploited another Windows zero-day in targeted attacks aimed at entities in the Middle East. The SandCat APT was discovered by Kaspersky Lab at the end of 2018 when the group used a flaw (CVE-2018-8611) addressed with security updates released by Microsoft in December.

Spyware

Spyware Advertising Government Hacking

APT trends report Q3 2022

SecureList

NOVEMBER 1, 2022

Since the malware in this incident was compiled on April 15, 2021, and compilation dates are the same for all known samples, this incident is likely to be the first involving Maui ransomware. This report included technical details of malware used in the campaign, such as Ecipekac, SodaMaster, P8RAT, FYAnti and QuasarRAT.

Malware

Malware Ransomware Spyware Encryption

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider.

eCommerce

eCommerce Advertising Malware Spyware

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs

JULY 18, 2019

The group set up malicious sites mimicking legitimate ones to carry out watering holes to deliver tainted installers and malware. The new campaign started in the second half of 2018, attackers used once again tainted version of popular software like WinRAR to compromise victims’ systems. ” Alien Labs notes.

Malware

Malware Software Spyware Advertising

IT threat evolution in Q2 2023

SecureList

AUGUST 30, 2023

Since 2018, Lazarus has persistently targeted crypto-currency-related businesses for a long time, using malicious Word documents and themes related to the crypto-currency business to lure potential targets. It’s thought that the malware was spread through a vulnerability in the software.

Malware

Malware Spyware Cryptocurrency Government

Syria-linked APT group SEA targets Android users with COVID19 lures

Security Affairs

APRIL 17, 2020

Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets Arabic-speaking Android users. “This campaign appears to have been active since the start of January 2018, and targets Arabic-speaking users, likely in Syria and the surrounding region.” ” continues the expert.

Surveillance

Surveillance Telecommunications Mobile Advertising

Security Affairs newsletter Round 181 – News of the week

Security Affairs

SEPTEMBER 23, 2018

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms. NSO mobile Pegasus Spyware used in operations in 45 countries. Evolution of threat landscape for IoT devices – H1 2018. Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw. Ngrok Mining Botnet.

Computers and Electronics

Computers and Electronics Cryptocurrency Spyware Data breaches

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

The Last Watchdog

MAY 20, 2019

Malware deliveries Upon reviewing Android usage data for all of 2018, Google identified a rise in the number of “potentially harmful apps” that were preinstalled or delivered through over-the-air updates. Here are a few key developments everyone should know about.

Mobile

Mobile Spyware Banking Manufacturing

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

Later it was involved in many malspam attacks, but only in July 2018, the authors released a substantially updated variant. In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18. SecurityAffairs – STOP ransomare , malware). Pierluigi Paganini.

Encryption

Encryption Ransomware Cryptocurrency Passwords

Security Affairs newsletter Round 177 – News of the week

Security Affairs

AUGUST 26, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Banking DNS Retail

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Croatia government agencies targeted with news SilentTrinity malware. UK ICO fines British Airways £183 Million under GDPR over 2018 security breach. Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016. Agent Smith Android malware already infected 25 million devices. Kindle Edition. Paper Copy.

Data breaches

Data breaches Spyware Advertising Government

Experts found a macOS version of the sophisticated LightSpy spyware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Trending Sources

Trojans and Spyware Are Making a Comeback

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

Pegasus spyware used to spy on a Polish mayor

Hermit spyware is deployed with the help of a victim’s ISP

Pegasus Project – how governments use Pegasus spyware against journalists

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Sextortion campaign uses Goontact spyware to target Android and iOS users

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Experts spotted two Android spyware used by Indian APT Confucius

APT32 state hackers target human rights defenders with spyware

Photos of kids taken from spyware-ridden phones found exposed on the internet

Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Some details about PhoneSpy Malware

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Regin spyware involved in attack against the Russian tech giant Yandex

Virus Bulletin 2018: Saudi Dissident Spyware Attack Belies Bigger Threat

GravityRAT malware also targets Android and macOS

Orcus RAT Author Charged in Malware Scheme

New threat actor SandCat exploited recently patched CVE-2018-8611 0day

Mobile malware evolution 2020

Experts observed the growth of hi-tech crime landscape in Asia in 2018

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Gulf countries came under hackers’ spotlight in 2018, with more than 130 000 payment cards compromised

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Threat landscape for industrial automation systems, H2 2021

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

Russia-linked InvisiMole APT targets state organizations of Ukraine

Canadian Police Raid ‘Orcus RAT’ Author

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

APT trends report Q3 2022

Evilnum Group targets European and British fintech companies

Experts detailed new StrongPity cyberespionage campaigns

IT threat evolution in Q2 2023

Syria-linked APT group SEA targets Android users with COVID19 lures

Security Affairs newsletter Round 181 – News of the week

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

STOP ransomware encrypts files and steals victim’s data

Security Affairs newsletter Round 177 – News of the week

Security Affairs newsletter Round 222 – News of the week

Stay Connected