2022, Encryption, Information Security and Malware

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time.

Encryption

Encryption Malware Banking Ransomware

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Hacking

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. Starting from September 2022, the note was changed to Royal.

Encryption

Encryption Ransomware Malware Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 4 Run a Linux command in a separate thread.

Malware

Malware VPN Encryption Hacking

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware

Ransomware Encryption Malware Hacking

FUD Malware obfuscation engine BatCloak continues to evolve

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering

Engineering Malware Encryption Hacking

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware

Malware Encryption Telecommunications Authentication

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The most important change in the latest Hive variant is the encryption mechanism it adopts. ” reads the post published by Microsoft. ” continues Microsoft. .

Encryption

Encryption Ransomware Cybercrime Malware

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption

Encryption Ransomware Cybercrime Engineering

Top Cybersecurity Companies for 2022

eSecurity Planet

JUNE 7, 2022

They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. Get started today! CyberProof.

Cybersecurity

Cybersecurity Identity Theft Encryption Antivirus

Ransomware attacks hit 105 US local governments in 2022

Security Affairs

JANUARY 2, 2023

In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. The only local government known to have paid a ransom in 2022 was Quincy, MA., In at least 17 incidents (68 percent), threat actors exfiltrated data including Protected Health Information (PHI).

Government

Government Ransomware Healthcare Education

Researchers released a free decryptor for Black Basta ransomware

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware

Ransomware Encryption Insurance Malware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.

Ransomware

Ransomware Malware Antivirus Encryption

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

” Also read: Cybersecurity Employment in 2022: Solving the Skills Gap. How to Choose a Security Certification. Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

HardBit ransomware demands ransom based on insurance cover

CyberSecurity Insiders

FEBRUARY 21, 2023

But now a new file encrypting malware variant has emerged onto the block that demands ransom, based on the insurance cover. From Cyber Insurance POV, this seems like a scam stuck between the victim and those spreading the malware….

Insurance

Insurance Ransomware Cyber Insurance Encryption

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

docx ) that has weaponized with the Follina (CVE-2022-30190) vulnerability to drop Woody Rat. The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests.

Malware

Malware Encryption Antivirus Architecture

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. which contains Cobalt Strike and Silent Break.

Malware

Malware Encryption Hacking Cybersecurity

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.

Hacking

Hacking Encryption Ransomware Insurance

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Facebook warns of a new information-stealing malware dubbed NodeStealer

Security Affairs

MAY 4, 2023

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook.

Malware

Malware Accountability Advertising Education

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT.

Ransomware

Ransomware Encryption Backups Manufacturing

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

Security Affairs

NOVEMBER 30, 2022

When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a third-party vendor – ENC Security. The data was accessible from 27 May 2021 up until 9 November 2022. SecurityAffairs – hacking, ENC Security).

Encryption

Encryption Phishing Marketing Software

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “The JScript file then drops a Base64-encrypted file and a batch file. ” concludes the report.

Malware

Malware Encryption Manufacturing Phishing

Two PoS Malware used to steal data from more than 167,000 credit cards

Security Affairs

OCTOBER 25, 2022

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. MajikPOS is written using the “.NET

Malware

Malware Cybercrime Banking Marketing

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts. BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering

Engineering Phishing Malware Hacking

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” reads the report. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Healthcare

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The compromised devices were recruited in the 911 S5 residential proxy service. ” reads the press release published by DoJ. based online service providers.

VPN

VPN Cryptocurrency Malware Software

Bumblebee, a new malware loader used by multiple crimeware threat actors

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware

Malware Cybercrime Encryption Hacking

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

ESET first discovered a new Linux version of DinodasRAT in October 2023, but experts believe it has been active since 2022. The campaign seems active since at least early 2022 and focuses primarily on government organizations. The malware establishes persistence on the host by using SystemV or SystemD startup scripts.

Encryption

Encryption Malware Government Hacking

North Korea-linked Lazarus continues to target job seekers with macOS malware

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware

Malware Cryptocurrency Architecture Advertising

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Security Affairs

NOVEMBER 28, 2022

While the malware written in.NET is new, its deployment is similar to previous attacks attributed to #Sandworm. 1/9 pic.twitter.com/WyxzCZSz84 — ESET research (@ESETresearch) November 25, 2022. In September 2022, Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware.

Ransomware

Ransomware Encryption Telecommunications Malware

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware

Malware DNS Government Software

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language. The main reason to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in more common languages.

Ransomware

Ransomware Encryption Malware Manufacturing

RedAlert, LILITH, and 0mega, 3 new ransomware in the wild

Security Affairs

JULY 15, 2022

RedAlert is human-operated ransomware, the ransomware uses NTRUEncrypt public key encryption algorithm for encryption. crypt[Random number] ” extension to the filenames of encrypted files. The malware appends the “.lilith” lilith” extension to the filenames of encrypted files. log), swap files(.vswp),

Ransomware

Ransomware Encryption Malware Hacking

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

docx ) that has weaponized with the Follina (CVE-2022-30190) vulnerability to drop Woody Rat. The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests.

Malware

Malware Encryption Antivirus Architecture

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. Recently, TAG has observed COLDRIVER delivering custom malware via phishing campaigns using PDFs as lure documents. When the victims opens the PDF, an encrypted text is displayed. ” concludes the report.

Phishing

Phishing Malware Encryption Accountability

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

The source code of Zeppelin Ransomware sold on a hacking forum

Security Affairs

JANUARY 5, 2024

The seller, who goes online with moniker RET, explained that it wasn’t the author of the ransomware malware, it had acquired the package without a license and cracked the builder version. To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. reads the joint advisory.

Ransomware

Ransomware Hacking Encryption Malware

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Thu, 03/24/2022 - 05:00. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes. 2022 Report. The quantum computing threat.

Risk

Risk Encryption Ransomware Technology

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

Security Affairs

NOVEMBER 21, 2022

The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The malware only targets specific file extensions and excludes a list of directories from the encryption process. The malware appeared in the threat landscape around October 2022 and is offered for USD400.

Ransomware

Ransomware Encryption Malware Hacking

SOVA Android malware now also encrypts victims’ files

Black Basta ransomware now supports encrypting VMware ESXi servers

Webinars

Trending Sources

Royal Ransomware adds support for encrypting Linux, VMware ESXi systems

Webinars

Magnet Goblin group used a new Linux variant of NerbianRAT malware

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Who and What is Behind the Malware Proxy Service SocksEscort?

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

FUD Malware obfuscation engine BatCloak continues to evolve

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Rorschach ransomware has the fastest file-encrypting routine to date

New Hive ransomware variant is written in Rust and use improved encryption method

New Linux variant of Clop Ransomware uses a flawed encryption algorithm

Top Cybersecurity Companies for 2022

Ransomware attacks hit 105 US local governments in 2022

Researchers released a free decryptor for Black Basta ransomware

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

15 Top Cybersecurity Certifications for 2022

HardBit ransomware demands ransom based on insurance cover

Woody RAT: A new feature-rich malware spotted in the wild

Malware campaign hides a shellcode into Windows event logs

Black Basta gang claims the hack of the UK water utility Southern Water

3CX Breach Was a Double Supply Chain Compromise

Facebook warns of a new information-stealing malware dubbed NodeStealer

8Base ransomware operators use a new variant of the Phobos ransomware

ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

StrelaStealer targeted over 100 organizations across the EU and US

Two PoS Malware used to steal data from more than 167,000 credit cards

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Law enforcement operation dismantled 911 S5 botnet

Bumblebee, a new malware loader used by multiple crimeware threat actors

DinodasRAT Linux variant targets users worldwide

North Korea-linked Lazarus continues to target job seekers with macOS malware

RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia

Tomiris called, they want their Turla malware back

Experts show how to run malware on chips of a turned-off iPhone

RansomExx Ransomware upgrades to Rust programming language

RedAlert, LILITH, and 0mega, 3 new ransomware in the wild

Woody RAT: A new feature-rich malware spotted in the wild

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

The source code of Zeppelin Ransomware sold on a hacking forum

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild

Stay Connected