Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware 84

Malware Antivirus DDOS Hacking 84

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking 85

Banking Malware Antivirus Phishing 85

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. on September 4, 2022. Microsoft addressed the issue with the release of Version: 1.373.1537.0

Antivirus 90

Antivirus Ransomware Malware Software 90

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware 91

Malware Banking Antivirus Phishing 91

Security Affairs

APRIL 28, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 90

Cybercrime Spyware Data breaches Antivirus 90

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. ” concludes the report.”Once

Software 98

Software Malware Telecommunications Antivirus 98

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance 85

Surveillance Malware Authentication DNS 85

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 77

Malware DNS Antivirus Encryption 77

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware 96

Malware DNS Government Software 96

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.

Malware 105

Malware Phishing Internet Internet 105

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware 85

Ransomware Antivirus Backups Malware 85

Security Affairs

DECEMBER 6, 2023

“While Lockdown Mode effectively reduces the attack surface on an iOS device, it’s important to remember that once a device is already compromised, Lockdown Mode doesn’t stop malware from operating.” The researchers pointed out that even malware lacking a persistence mechanism can persistently run and spy on the user.

Malware 102

Malware Antivirus Mobile Internet 102

Malwarebytes

AUGUST 3, 2022

docx ) that has weaponized with the Follina (CVE-2022-30190) vulnerability to drop Woody Rat. The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests.

Malware 112

Malware Encryption Antivirus Architecture 112

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware 124

Ransomware Malware Antivirus Phishing 124

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store.

Adware 82

Adware Antivirus Malware Software 82

SecureList

MAY 11, 2023

In 2022, Kaspersky solutions detected over 74.2M On the eve of the global Anti-Ransomware Day, Kaspersky looks back on the events that shaped the ransomware landscape in 2022, reviews the trends that were predicted last year, discusses emerging trends, and makes a forecast for the immediate future.

Ransomware 121

Ransomware Malware Architecture Telecommunications 121

Security Affairs

MAY 4, 2022

The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption. “Conti looks for and executes DLLs in its current directory.

Ransomware 97

Ransomware Antivirus Malware Encryption 97

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. This is the exact case we observed with the Sharkbot malware.”

Banking 83

Banking Antivirus Malware Accountability 83

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. This joint CSA updates the advisory published by the US Government on March 17, 2022. AvosLocker affiliates were observed using custom PowerShell [T1059.001] and batch (.bat)

Ransomware 111

Ransomware System Administration Antivirus Malware 111

Security Affairs

NOVEMBER 3, 2022

Further evidence linking the two includes IP addresses and specific TTPs (tactics, techniques, and procedures) used by FIN7 in early 2022 and seen months later in actual Black Basta attacks. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Cybercrime 90

Cybercrime Ransomware Antivirus Malware 90

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” continues the report.

Encryption 82

Encryption Malware Cryptocurrency Software 82

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware 98

Ransomware Antivirus Passwords Malware 98

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. 2/4 — Emsisoft (@emsisoft) July 7, 2022. The Yashma decryptor is for the Chaos-based one using.AstraLocker or a random.[a-z0-9]{4}

Ransomware 117

Ransomware Encryption Malware Accountability 117

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” SecurityAffairs – hacking, ZLoader malware). ” concludes Microsoft.

Banking 107

Banking Malware Telecommunications Antivirus 107

Security Affairs

MARCH 3, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has demanded ransoms up to millions of dollars. ” reads the alert. ” continues the alert.

Ransomware 85

Ransomware Healthcare Antivirus Encryption 85

Security Affairs

JULY 22, 2022

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. The flaw, which was fixed by Google on July 4, 2022, is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by Google in 2022.

Spyware 85

Spyware Surveillance Antivirus Malware 85

Security Affairs

FEBRUARY 19, 2023

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers GoDaddy discloses a new data breach Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb German airport websites hit by DDos attacks once again Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine CISA adds Cacti, Office, Windows (..)

DDOS 79

DDOS Data breaches Surveillance Ransomware 79

CyberSecurity Insiders

JANUARY 6, 2023

The Council gathered input from 200+ organizations and announced the updated requirements in March 2022, which will become mandatory on March 31, 2024. The full timeline can be found on the PCI Security Council website. Test security of systems and networks regularly. The current version, PCI DSS v3.2.1, Changes in PCI DSS 4.0.

Antivirus 138

Antivirus Retail Software Accountability 138

Security Affairs

SEPTEMBER 5, 2022

Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus.

Banking 86

Banking Malware Mobile Accountability 86

Malwarebytes

AUGUST 3, 2022

docx ) that has weaponized with the Follina (CVE-2022-30190) vulnerability to drop Woody Rat. The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests.

Malware 66

Malware Encryption Antivirus Architecture 66

eSecurity Planet

NOVEMBER 7, 2022

In the ever-evolving world of malware , rootkits are some of the most dangerous threats out there. Because of how deeply embedded kernel-mode rootkits are within a computer’s system, they can be one of the most damaging types of malware out there. Looking for More About Malware? Check Out What is Malware?

Firmware 114

Firmware Malware Antivirus Firewall 114

Security Affairs

MAY 9, 2023

The flaw can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm, a circumstance that suggests it was used as part of an exploit chain to deliver malware. This vulnerability is actively exploited in attacks.

Antivirus 94

Antivirus Malware Hacking Cybersecurity 94

Security Affairs

DECEMBER 19, 2022

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. The researchers observed a new campaign that started in June 2022 after the Google lawsuit and is still ongoing. ” The graph shows the transaction to and from the addresses involved in the 2022 campaign.

DNS 93

DNS Antivirus Cryptocurrency Software 93

Security Affairs

MARCH 29, 2023

Researchers discovered malware-laced installers for the TOR browser that is spreading clipper malware in Russia and Eastern Europe. Kaspersky researchers discovered a Trojanized version of the Tor Browser that is spreading a clipper malware in Russia and Eastern Europe. The malware spread to at least 52 countries worldwide.

Malware 81

Malware Passwords Cryptocurrency Antivirus 81

Security Boulevard

MARCH 24, 2022

RUSSO-UKRAINIAN WAR 2022: Cyberattacks Reported At High Frequency. On March 15th, research firm ESET reported a new data-wiping malware targeting Ukraine named CaddyWiper. [ 1 ] The malware “destroys user data and partitions information from attached drives”. The UA-Cert attributes the activity to UAC-0056. Viasat Inc.,

Ransomware 59

Ransomware Malware Government Antivirus 59

Security Affairs

MAY 8, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

IoT 78

IoT DNS Antivirus DDOS 78

Security Affairs

SEPTEMBER 29, 2022

Scandinavian_Defense.tar.gz" [link] h/t @darkcoders_mrx for the pic pic.twitter.com/OhfRMZBzVl — Will (@BushidoToken) September 28, 2022. The tool was specifically designed to avoid detection by security solutions such as endpoint detection and response (EDR) and antivirus (AV). ” wrote Thomas.

Hacking 98

Hacking Cybercrime Ransomware Antivirus 98