2021, Encryption, Information Security and Malware

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

New Vultur malware version includes enhanced remote control and evasion capabilities

Security Affairs

APRIL 1, 2024

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC. In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials.

Malware

Malware Banking Engineering Encryption

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption

Encryption Ransomware Malware Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware

Malware Encryption Telecommunications Authentication

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption

Encryption Ransomware Cybercrime Malware

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. 1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021.

Encryption

Encryption Ransomware Spyware Malware

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption

Encryption Ransomware Malware Hacking

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords

Passwords Authentication Architecture Risk

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). . Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Financial Services

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption

Encryption Cybercrime Hacking Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Gets connected network information. in) used by the attackers.

Encryption

Encryption Malware Media Authentication

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? Microsoft confirmed the attacks against the Exchange servers that aimed at stealing emails and install malware to gain persistence in the target networks.

Cyber Attacks

Cyber Attacks Ransomware Insurance Hacking

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. ” states a post published by the experts. explained.

Malware

Malware Mobile Spyware Encryption

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. pic.twitter.com/GYJOddEPxl — Filippo Valsorda (@FiloSottile) January 29, 2021. pic.twitter.com/LYC9PsURqn — Filippo Valsorda (@FiloSottile) January 29, 2021.

Encryption

Encryption Engineering Hacking Software

BlackCat ransomware, a very sophisticated malware written in Rust

Security Affairs

DECEMBER 10, 2021

Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. Another one used to encrypt companies' networks. Filemarker 19 47 B7 4D at EOF and before the encrypted key, which is JSON with some settings.

Ransomware

Ransomware Malware Cybercrime Encryption

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Security Affairs

JANUARY 16, 2023

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. SecurityAffairs – hacking, malware).

Malware

Malware Encryption Authentication Hacking

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” reads the post published by the company. Pierluigi Paganini.

Encryption

Encryption Advertising Accountability Hacking

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT

IoT Mobile Media Encryption

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

Malware

Malware Authentication Software Accountability

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021. ” continues the report.

Penetration Testing

Penetration Testing Government Software Education

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware

Malware Encryption Hacking Cybersecurity

US arrested Latvian woman who developed part of Trickbot malware

Security Affairs

JUNE 5, 2021

The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware.

Malware

Malware Banking Ransomware Encryption

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. To understand which modules are used in the current infection, the malware communicates with another C2 server.” ” continues the report. ” Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Spyware Phishing Government

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

Germany declares country’s first Cyber Catastrophe

CyberSecurity Insiders

JULY 12, 2021

As the municipality was using obsolete hardware and software in the office, hackers easily gained access into the network and disrupted the digital operations so much that the Federal Office for Information Security aka BSI Cybersecurity watchdog was on the verge to declare an emergency in the entire region that has a population of 156,890 people.

Cyber Attacks

Cyber Attacks Encryption Ransomware Malware

Vice Society ransomware gang is using a custom locker

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware

Ransomware Encryption Malware Education

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

pic.twitter.com/YJavUu53v3 — vx-underground (@vxunderground) October 7, 2023 BleepingComputer was able to verify with the help of the popular malware researcher Michael Gillespie that that source code is legitimate and is related to the first version of the ransomware that was employed in 2020.

Cybercrime

Cybercrime Ransomware DDOS Encryption

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. pancak3lullz) October 29, 2021. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground.

Ransomware

Ransomware Encryption Malware Cybercrime

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware

Malware Adware Architecture Antivirus

HelloKitty ransomware now targets VMware ESXi servers

Security Affairs

JULY 15, 2021

HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. Targeting VMware ESXi systems, threat actors could encrypt as many virtual machines as possible with a significant impact on the victims. Once the virtual machines are shut down, the ransomware will encrypt .vmdk

Ransomware

Ransomware Encryption Malware Hacking

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021. It does indeed encrypt files.

Ransomware

Ransomware Encryption VPN Malware

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. as the suffix name. . ” reported The Record.

Ransomware

Ransomware Encryption Backups Malware

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. The malware also drops a ransom note that requests the payment of the ransom in Bitcoin. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES.

Ransomware

Ransomware Encryption Engineering Malware

SOVA Android malware now also encrypts victims’ files

New Vultur malware version includes enhanced remote control and evasion capabilities

Webinars

Trending Sources

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

Earth Lusca expands its arsenal with SprySOCKS Linux malware

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

New Hive ransomware variant is written in Rust and use improved encryption method

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains

New RedLine malware version distributed as fake Omicron stat counter

Who and What is Behind the Malware Proxy Service SocksEscort?

Top 10 web application vulnerabilities in 2021–2023

BlackCocaine Ransomware, a new malware in the threat landscape

TeamTNT is back and targets servers to run Bitcoin encryption solvers

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

GravityRAT returns disguised as an end-to-end encrypted chat app

The worst cyber attacks of 2021

LockFile Ransomware uses a new intermittent encryption technique

New enhanced Joker Malware samples appear in the threat landscape

Google discloses a severe flaw in widely used Libgcrypt encryption library

BlackCat ransomware, a very sophisticated malware written in Rust

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Zoom now supports end-to-end encrypted (E2EE) calls

Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day

YTStealer info-stealing malware targets YouTube content creators

Cyber espionage campaign targets Asian countries since 2021

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Malware campaign hides a shellcode into Windows event logs

US arrested Latvian woman who developed part of Trickbot malware

Donot Team cyberespionage group updates its Windows malware framework

XCSSET malware now targets macOS 11 and M1-based Macs

Germany declares country’s first Cyber Catastrophe

Vice Society ransomware gang is using a custom locker

APWG: Phishing maintained near-record levels in the first quarter of 2021

Two PoS Malware used to steal data from more than 167,000 credit cards

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

AvosLocker ransomware now targets Linux systems, including ESXi servers

Victims of FonixCrypter ransomware could decrypt their files for free

Info stealers and how to protect against them

New variant for Mac Malware XCSSET compiled for M1 Chips

HelloKitty ransomware now targets VMware ESXi servers

Black Kingdom ransomware is targeting Microsoft Exchange servers

Experts warn of attacks using a new Linux variant of SFile ransomware

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Stay Connected