Remove 2024 Remove Antivirus Remove Encryption
article thumbnail

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware 122
article thumbnail

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

The Hacker News

Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. This development allows it to

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

article thumbnail

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 20

Security Affairs

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware 116
article thumbnail

Play ransomware group hit 900 organizations since 2022

Security Affairs

Recently, actors linked to Play have also exploited a new SimpleHelp vulnerability ( CVE-2024-57727 ) to remotely execute malicious code, expanding their attack methods and reach in 2025. Each ransomware binary is recompiled, making detection harder. ” concludes the report.

article thumbnail

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

The campaign has been active since at least November 2024, the PowerShell downloader connects to geo-fenced servers in Russia and Germany to retrieve a ZIP file with the Remcos backdoor. The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. ” reads the Talos report.

Phishing 114
article thumbnail

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. In May 2024, an international law enforcement operation led by the U.S.