Accountability, Antivirus, Information Security and Malware

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Anti-malware firm Emsisoft accidentally exposes internal DB

Security Affairs

FEBRUARY 10, 2021

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Malware

Malware Data breaches Antivirus Passwords

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. Crooks are using compromised devices to access the banking portal in order to make online bank transfers to accounts they are controlling. com/P-14-7.dll

Malware

Malware Banking Antivirus Advertising

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. SharkBot is a banking trojan that has been active since October 2021, it allows to steal banking account credentials and bypass multi-factor authentication mechanisms. sellsourcecode.supercleaner).

Banking

Banking Antivirus Mobile Malware

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches

Data breaches Accountability Mobile Phishing

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. This is the exact case we observed with the Sharkbot malware.”

Banking

Banking Antivirus Malware Accountability

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware

Malware Banking Mobile Spyware

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Digital transformation Retail Antivirus

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection.

Antivirus

Antivirus Malware Cryptocurrency Software

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. is clearly failing to protect cardholder account details effectively in today’s environment. Install and maintain network security controls.

Antivirus

Antivirus Retail Software Accountability

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. SecurityAffairs – hacking, malware).

Ransomware

Ransomware Encryption Healthcare Education

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware

Ransomware System Administration Antivirus Malware

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The malware has been active at least since late October 2021, it targeting the mobile users of banks in Italy, the UK, and the US. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. login credentials, personal information, current balance, etc.).

Banking

Banking Mobile Social Engineering Malware

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Security Affairs

OCTOBER 13, 2022

Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. “To use the WhatsApp mod, users need to log in to their account of the legitimate app. steals WhatsApp keys, allowing threat actors to take over users’ accounts.

Mobile

Mobile Accountability Advertising Antivirus

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to the victim’s Discord account. PirateStealer (Discord malware) Trojan wafer-bind 1.1.2 JFrog researchers have discovered 17 malicious packages in the NPM (Node.js ” concludes the report.

Antivirus

Antivirus Malware Accountability Firewall

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

Experts spotted an upgraded version of the SharkBot malware that was uploaded to the official Google Play Store. While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus.

Banking

Banking Malware Mobile Accountability

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. .

Antivirus

Antivirus Small Business Security Intelligence Hacking

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. percent, according to tech consultancy Gartner.

Passwords

Passwords Password Management Antivirus Internet

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Security Affairs

OCTOBER 19, 2023

The malicious payloads were used in DLL search-order hijacking attacks to execute a next-stage malware or a remote access trojan (RAT). Then the threat actor added the account to the Local Administrators Group through net use and ran several system discovery commands on compromised systems.

Artificial Intelligence

Artificial Intelligence Accountability Antivirus Authentication

Updated MATA attacks industrial companies in Eastern Europe

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser.

Malware

Malware Phishing Internet Internet

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install and regularly update antivirus software on all hosts, and enable real time detection. ransomware and phishing scams).

Ransomware

Ransomware DDOS Passwords Backups

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

Security Affairs

DECEMBER 12, 2021

Russian national Oleg Koshkin was convicted in January for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale.

Antivirus

Antivirus Malware Cybercrime Cyber threats

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” continues the report.

Encryption

Encryption Malware Cryptocurrency Software

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” The malware changes the extension of the encrypted files to ‘.royal’. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Healthcare Antivirus Encryption

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. ” reads the report published by the experts.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

The threat actors employed two previosuly undetected piece of malware dubbed Mail-O and Webdav-O. Cloud associated with account sewn into the sample. “Webdav-O is another malware that has never been described before. Such malware has never been encountered anywhere before;” continues the report.

Computers and Electronics

Computers and Electronics Malware Antivirus Government

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Security Affairs

MARCH 9, 2021

Now Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions that are affected by the above vulnerabilities, collectively tracked as ProxyLogon. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Antivirus

Antivirus Accountability Software Hacking

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another trend was disguising malware in emails. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware is a modular malware that is more evasive than its previous versions, its shared similarities with Blackmatter and Blackcat ransomware. ” By protecting the code with encryption, the latest LockBit version can avoid the detection of signature-based anti-malware solutions. The LockBit 3.0 The LockBit 3.0

Ransomware

Ransomware Penetration Testing Encryption Accountability

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. “The lack of timely antivirus database updates for the security solution used on attacked systems also played a key role, preventing the solution from detecting and blocking the threat. .

VPN

VPN Ransomware Antivirus Firmware

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

The attack described by Microsoft begun with a phishing message that was opened by an internal employee, the malware infected its systems and made lateral movements infected other systems in the same network. The virus halted core services by saturating the CPU usage on Windows devices. ” reads the Microsoft DART announcement.

Antivirus

Antivirus Malware Phishing Advertising

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. According to the report issued by the CERT-FR, operators behind the Pysa ransomware launched brute-force attacks against management consoles and Active Directory accounts.

Ransomware

Ransomware Penetration Testing Healthcare Government

Info stealers and how to protect against them

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Trending Sources

Akira ransomware received $42M in ransom payments from over 250 victims

Mysterious custom malware used to steal 1.2TB of data from million PCs

Anti-malware firm Emsisoft accidentally exposes internal DB

Wannacry, the hybrid malware that brought the world to its knees

Lampion malware v2 February 2020

SharkBot, the new generation banking Trojan distributed via Play Store

Cactus ransomware gang claims the Schneider Electric hack

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

SharkBot Banking Trojan spreads through fake AV apps on Google Play

New Android BlackRock malware targets hundreds of apps

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Woody RAT: A new feature-rich malware spotted in the wild

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Threat actors target crypto and NFT communities with Babadeda crypter

The Five-Step PCI DSS 4.0 Transition Checklist

BlackCat Ransomware gang breached over 60 orgs worldwide

Experts spotted a variant of the Agenda Ransomware written in Rust

FBI and CISA published a new advisory on AvosLocker ransomware

SharkBot, a new Android Trojan targets banks in Europe

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Tens of malicious NPM packages caught hijacking Discord servers

A new SharkBot variant bypassed Google Play checks again

Microsoft Defender can now protect servers against ProxyLogon attacks

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Updated MATA attacks industrial companies in Eastern Europe

Avoslocker ransomware gang targets US critical infrastructure

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Woody RAT: A new feature-rich malware spotted in the wild

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

The U.S. CISA and FBI warn of Royal ransomware operation

15 billion credentials available in the cybercrime marketplaces

Foreign hackers breached Russian federal agencies, said FSB

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Ransomware Revival: Troldesh becomes a leader by the number of attacks

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Microsoft’s case study: Emotet took down an entire network in just 8 days

PYSA ransomware gang is the most active group in November

Stay Connected