eSecurity Planet

APRIL 21, 2025

A notorious Russian hosting service provider known as Proton66 is at the center of a series of widespread cyberattacks and malware campaigns targeting organizations and users worldwide, according to fresh findings from cybersecurity experts. hadnt been flagged for malicious activity since November 2021. One such address, 45.134.26.8,

Malware 70

Malware Phishing VPN Ransomware 70

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. 1/6 pic.twitter.com/dBw0E5pj6r — ESET research (@ESETresearch) October 29, 2021.

Encryption 140

Encryption Ransomware Spyware Malware 140

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 329

Antivirus VPN Encryption Malware 329

SecureList

APRIL 17, 2025

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny while the use of some malware families is reported for decades, information about others disappears after days, months or several years. com leotolstoys[.]com

Malware 94

Malware Encryption Architecture Engineering 94

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption 141

Encryption Ransomware Cybercrime Malware 141

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies.

Encryption 145

Encryption Ransomware Malware Hacking 145

Hacker Combat

MAY 10, 2022

A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Malvuln is a project developed by the researcher that catalogs vulnerabilities uncovered in various malware.

Encryption 132

Encryption Ransomware Malware Cyber Attacks 132

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

Encryption 135

Encryption Ransomware Backups Advertising 135

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021. In addition to utilizing custom backdoors.

DNS 139

DNS Malware Media Encryption 139

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. NSO Group reverse engineered WhatsApp’s software and developed its own software and servers to send messages to victims via the WhatsApp service that contained malware.

Spyware 111

Spyware Hacking Surveillance Government 111

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption 144

Encryption Ransomware Financial Services Antivirus 144

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 138

Malware Cryptocurrency Encryption Software 138

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 244

Malware VPN Internet Internet 244

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? Microsoft confirmed the attacks against the Exchange servers that aimed at stealing emails and install malware to gain persistence in the target networks.

Cyber Attacks 143

Cyber Attacks Ransomware Hacking Insurance 143

SecureList

JUNE 8, 2022

During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021. Distribution of router vulnerabilities by priority, 2021 ( download ). Router-targeting malware.

DDOS 133

DDOS Passwords IoT Firmware 133

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

CyberSecurity Insiders

JUNE 9, 2022

Cybersecurity researchers from Blackberry and Intezer labs have discovered a new Linux malware that is hard to detect. They have dubbed the malware Symbiote and are said to be mostly targeting backdoor infected systems. In this modus operandi, people buy file-encrypting malware to infect victims of their choice.

Malware 130

Malware Encryption Ransomware Cybersecurity 130

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 131

Malware Encryption Telecommunications Authentication 131

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. dex file as before.

Malware 145

Malware Mobile Spyware Encryption 145

SecureList

MARCH 31, 2022

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. Infection timeline.

Malware 145

Malware Encryption Cryptocurrency Architecture 145

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 123

Software Cryptocurrency Malware DNS 123

SecureList

APRIL 7, 2025

Schematic of DLL proxying However, this is not enough to launch malware. ToddyCat created the TCESB DLL on its basis, modifying the original code to extend the malware’s functionality. sys driver, which contains the CVE-2021-36276 vulnerability. Kaspersky solutions detect it with the verdict HEUR:HackTool.Win64.EDRSandblast.a.

Software 107

Software Encryption Malware Firmware 107

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive.

Malware 118

Malware Government Software Spyware 118

SecureList

NOVEMBER 29, 2024

Ransomware Quarterly trends and highlights Progress in law enforcement In August, Spain arrested a cybercriminal who founded Ransom Cartel in 2021 and set up a malvertizing campaign. This type of cyberextortion predated Trojans, which encrypt the victim’s files. Reveton was among the most notorious PC screen lockers.

Mobile 106

Mobile Adware Ransomware Malware 106

SecureWorld News

JANUARY 16, 2025

These plans should include: Regular backups of critical data Disaster recovery exercises to test response readiness Colonial Pipeline attack (2021) One of the most significant incidents highlighting vulnerabilities in the oil and gas sector was the Colonial Pipeline ransomware attack in May 2021.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Security Affairs

MARCH 10, 2025

@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty.

Hacking 120

Hacking Healthcare Backups Ransomware 120

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates.

Cybercrime 119

Cybercrime Ransomware Healthcare Education 119

Security Affairs

APRIL 1, 2024

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC. In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials.

Malware 139

Malware Banking Engineering Encryption 139

SecureList

MAY 4, 2022

Dropper modules also patch Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to make the infection process stealthier. Keeps Cobalt Strike module encoded several times, and AES256 CBC encrypted blob. The earliest phase of attack we observed took place in September 2021.

Malware 145

Malware Encryption Architecture Technology 145

eSecurity Planet

AUGUST 13, 2021

The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Get started today! Learn more about ESET PROTECT Advanced. Visit website.

Cybersecurity 145

Cybersecurity Firewall Marketing Encryption 145

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities 106

Energy and Utilities Ransomware Malware Government 106

SecureList

JUNE 1, 2023

Forensic methodology It is important to note, that, although the malware includes portions of code dedicated specifically to clear the traces of compromise, it is possible to reliably identify if the device was compromised. WIFI OUT: 0.0 - WWAN IN: 76281896.0, WWAN OUT: 100956502.0 WIFI OUT: 0.0 - WWAN IN: 734459.0, WWAN OUT: 287912.0

Malware 145

Malware Backups Mobile DNS 145

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. The malware is developed through Apache Maven, it was built on June 3, 2024, and attaches itself to the Apache Tomcat process on execution.

VPN 127

VPN Government Malware Manufacturing 127

CyberSecurity Insiders

SEPTEMBER 21, 2022

Coming to the third news related to malware, Vmware and Microsoft have jointly issued a warning against Chromeloader Malware that has evolved into a major threat in recent times. Hackers are seen using this malware to exploit browsers leading to advertising and affiliate frauds. Last is the news about the Russian-Ukraine war.

Malware 121

Malware Telecommunications Insurance Ransomware 121

Security Affairs

APRIL 13, 2025

RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection. Victims include AMD and Keralty.

Data breaches 132

Data breaches Unstructured Data Identity Theft Healthcare 132