2019, Encryption, Information Security and Malware

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware

Malware Encryption Telecommunications Authentication

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks.

IoT

IoT Encryption Malware Advertising

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption

Encryption Ransomware Malware Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions. ” states a post published by the experts. explained.

Malware

Malware Mobile Spyware Encryption

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Pierluigi Paganini.

Encryption

Encryption Ransomware System Administration Hacking

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Malware

Malware Encryption Antivirus Passwords

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG.

Accountability

Accountability Malware Phishing Social Engineering

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Ryuk Ransomware evolution avoid encrypting Linux folders

Security Affairs

DECEMBER 26, 2019

Experts spotted a new strain of the Ryuk Ransomware that was developed to avoid encrypting folders commonly seen in *NIX operating systems. The popular malware researcher Vitali Kremez that analyzed the sample involved in the attack discovered a new feature implemented in this new variant of malware. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. SecurityAffairs – hacking, malware).

Phishing

Phishing Malware Cryptocurrency Information Security

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware

Malware Architecture Passwords Engineering

Catch Hospitality Group discloses PoS malware infection at its restaurants

Security Affairs

NOVEMBER 23, 2019

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Pierluigi Paganini.

Malware

Malware Data breaches Advertising Encryption

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Custom Ragnar Locker ransom note (Source: Sophos).

Encryption

Encryption Ransomware Energy and Utilities Advertising

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. In a first stage it allocates the memory space where to copy the encrypted data and whose content is executed by the packer.

Ransomware

Ransomware Malware Cybercrime Banking

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

The MegaCortex ransomware first appeared on the threat landscape in May 2019 when it was spotted by security experts at Sophos. The experts noticed that in MegaCortex attacks other malware like Emotet and Qbot (aka Qakbot) were present in the same network. For encryption with MegaCortex V1 (the encrypted files have the “.aes128ctr”

Ransomware

Ransomware Antivirus Encryption Backups

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report. .

Encryption

Encryption Ransomware Malware Scams

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure. ” continues BleepingComputer.

Ransomware

Ransomware Malware Antivirus Encryption

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. ” reads a blog post published by Stone.

Surveillance

Surveillance Advertising Marketing Encryption

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . The following graph shows that three trading posts accounted for 64 percent of the cards on offer during the first half of 2019. . AMEX accounted for 12 percent. .

eCommerce

eCommerce Marketing Advertising Retail

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware

Malware Firmware Manufacturing Mobile

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

Security Affairs

OCTOBER 3, 2023

Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it. Encrypted file structure ransomware BlackCat / ALPHV: [ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different Black The LockBit 3.0

Ransomware

Ransomware Encryption Technology Backups

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

The attackers first create a user in the administrator group, then use it to encrypt the content of the NAS. “It is important to note that there is a free decryptor for files locked with an older version (before July 17th, 2019) of eCh0raix ransomware. . TXTT” extension. 024 ($1,200) up to.06 06 bitcoins ($3,000). and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Hacking

GermanWiper, a data-wiping malware that is targeting Germany

Security Affairs

AUGUST 5, 2019

Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. Anyway, the operators behind this campaign tell to the victims that their data was encrypted and not deleted, they used a set of Bitcoin addresses for the payment.

Malware

Malware Ransomware Encryption Advertising

Zeppelin ransomware gang is back after a temporary pause

Security Affairs

MAY 24, 2021

Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin. Last month experts spotted a new variant of the ransomware on a hacker forum allowing buyers to opt how to use the malware. ” reported BleepingComputer.

Ransomware

Ransomware Encryption Malware Healthcare

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Security Affairs

NOVEMBER 1, 2019

One of the two flaws in Chrome addressed by Google, CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors. Reported by banananapenguin on 2019-10-12[$TBD][ 1019226 ] High CVE-2019-13720: Use-after-free in audio. SecurityAffairs – CVE-2019-13720, Lazarus). Pierluigi Paganini.

Advertising

Advertising Encryption Hacking Information Security

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

The Conti ransomware gang hit infected the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is demanding over $13 million ransom (roughly 750 BTC) to avoid leaking stolen files and to provide a key to restore the encrypted files. billion in 2019.

Ransomware

Ransomware Encryption IoT Malware

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The backdoor unpacking process is composed of several stages, the second-stage malicious code is stored inside the malware PE file.

Telecommunications

Telecommunications Manufacturing Malware Education

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Experts at cyber security firm Cypher conducted a study on Portuguese domains during 2019 and concluded that Emotet and Ryuk were the most active threats. Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020.

Malware

Malware Retail Advertising Antivirus

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The Operation CuckooBees had been operating under the radar since at least 2019, threat actors conducted multiple attacks to steal intellectual property and other sensitive data from victims. Symantec observed the attackers deploying a custom malware called Spyder Loader on the target networks. ” continues the report.

Malware

Malware Encryption Manufacturing Hacking

New Mirai botnet targets tens of flaws in popular IoT devices

Security Affairs

JUNE 22, 2023

The malware also contains a function that ensures only one instance of this malware runs on the same device. ” The researchers pointed out that the Mirai variant like IZ1H9 and V3G4 will first initialize an encrypted string table and then retrieve the strings through an index. .”

IoT

IoT Malware Encryption DDOS

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. ” reads the analysis published by Kaspersky.

Malware

Malware Banking Advertising Encryption

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

Paradise Ransomware has been active since September 2017, its operators offer the malware with a Ransomware-as-a-Service (RaaS) model. In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware.

Ransomware

Ransomware Hacking Encryption Malware

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com ‘ was involved in past campaigns of the Lazarus APT. com /cms/ wp -content/uploads/2015/12/.

Malware

Malware Advertising Encryption Hacking

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

In January 2019, Reuters published a report into Project Raven, a campaign allegedly conducted by former NSA operatives and aiming at the same types of targets as Stealth Falcon. The malware also supports multiple evasion capabilities. The remaining components are encrypted and stored within a binary registry value.”

Spyware

Spyware Malware Architecture Encryption

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. The post New TA2101 threat actor poses as government agencies to distribute malware appeared first on Security Affairs. ” reads the analysis published by ProofPoint.

Government

Government Malware Social Engineering Banking

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

MARCH 17, 2021

NTT Research opened its doors in Silicon Valley in July 2019 to help nurture basic research in three subject areas that happen to be at the core of digital transformation: quantum physics, medical informatics and cryptography. More about these paradigm shifters below. Treasury, the U.S. Department of Commerce and at least 425 of the U.S.

Digital transformation

Digital transformation Encryption Technology Mobile

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

The company did not reveal details about the attack or the malware family that infected its systems. According to CTWANT , which cited an undisclosed information security company, Delta Electronics was hit by Conti ransomware that asked Delta to pay a $15 million ransom to restore encrypted files and avoid their leak.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Malware

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” Source LeMagIT.

Ransomware

Ransomware Hacking Computers and Electronics Malware

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

The school districts of Rockford, Illinois and Rockingham County, North Carolina learned some very valuable lessons in transparency and communication, timely incident response, access management, data redundancy and disaster recovery after each experienced a debilitating malware attack years ago. Rockingham County, North Carolina.

Malware

Malware Backups Education Ransomware

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Webinars

Trending Sources

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Webinars

New enhanced Joker Malware samples appear in the threat landscape

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Ezuri memory loader used in Linux and Windows malware

YouTube creators’ accounts hijacked with cookie-stealing malware

8Base ransomware operators use a new variant of the Phobos ransomware

Ryuk Ransomware evolution avoid encrypting Linux folders

QSnatch malware infected over 62,000 QNAP NAS Devices

Phishing campaign targets LATAM e-commerce users with Chaes Malware

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Catch Hospitality Group discloses PoS malware infection at its restaurants

Ragnar Ransomware encrypts files from virtual machines to evade detection

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Bitdefender released a free decryptor for the MegaCortex ransomware

QNAP urges users to update Malware Remover after QSnatch joint alert

Two PoS Malware used to steal data from more than 167,000 credit cards

DeathRansom ransomware evolves encrypting files, but experts identified its author

Nemty Ransomware, a new malware appears in the threat landscape

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

xHelper, the Unkillable Android malware that re-Installs after factory reset

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

GermanWiper, a data-wiping malware that is targeting Germany

Zeppelin ransomware gang is back after a temporary pause

CVE-2019-13720 flaw in Chrome exploited in Operation WizardOpium attacks

Raccoon Malware, a success case in the cybercrime ecosystem

Chip maker Advantech hit by Conti ransomware gang

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Report: Threat of Emotet and Ryuk

China-linked APT41 group targets Hong Kong with Spyder Loader

New Mirai botnet targets tens of flaws in popular IoT devices

North Korea-linked malware ATMDtrack infected ATMs in India

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Dacls RAT, the first Lazarus malware that targets Linux devices

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

New TA2101 threat actor poses as government agencies to distribute malware

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

School district IT leaders grade their handling of past malware attacks

Stay Connected