Advertising, Antivirus, Information Security and Malware

Experts warn of flaws in popular Antivirus solutions

Security Affairs

OCTOBER 5, 2020

Researchers disclosed details of security flaws in popular antivirus software that could allow threat actors to increase privileges. Antivirus solutions that are supposed to protect the systems from infection may unintentionally allow malware in escalating privileges on the system. .

Antivirus

Antivirus Malware Advertising Software

Comodo Antivirus is affected by several vulnerabilities

Security Affairs

JULY 23, 2019

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. We recommend to keep updated on future Comodo Antivirus releases.”

Antivirus

Antivirus Advertising Hacking Malware

BlackBerry Cylance addresses AI-based antivirus engine bypass

Security Affairs

JULY 22, 2019

BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. “We verified the issue was not a universal bypass as reported, but rather a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances.

Antivirus

Antivirus Engineering Advertising Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A flaw in Kaspersky Antivirus allowed tracking its users online

Security Affairs

AUGUST 15, 2019

A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years.

Antivirus

Antivirus Advertising Software Internet

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware

Malware Banking Mobile Spyware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Experts pointed out that Google Chrome appears to implicitly trust any file downloaded from Google Drive, even if they are flagged and “malicious” by antivirus software as malicious. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Google Drive).

Malware

Malware Phishing Advertising Antivirus

Lampion malware v2 February 2020

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. 2020-02-13] #Lampion v2 #portugal #malware #ATA 0998f6473004e0ba54ead5784ba62db8 h}//vrau-x.s3.us-east-2.amazonaws.[com/0.zip zip h//oiurx14x.s3.us-east-2.amazonaws.}com/P-14-7.dll

Malware

Malware Banking Antivirus Advertising

Nemty Ransomware, a new malware appears in the threat landscape

Security Affairs

AUGUST 26, 2019

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. ” Victims could upload their configuration file, in turn, the operators behind the ransomware will provide with the link to another website that comes with a chat function and more information on the demands.

Ransomware

Ransomware Malware Antivirus Encryption

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. See Protecting Against Malicious Code.

Malware

Malware Passwords Advertising Antivirus

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

The Uptycs Threat Research team discovered the QwixxRAT (aka Telegram RAT) in early August 2023 while it was advertised through Telegram and Discord platforms. ” reads a new report published by security firm Uptycs. ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware

Ransomware System Administration Antivirus Malware

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader.

Ransomware

Ransomware Malware Antivirus Phishing

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Retail Advertising Antivirus

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

MARCH 24, 2020

ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. Malware batches are available for download on a daily base.

Malware

Malware Adware Cyber threats Advertising

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware. The threat actors infected at least 8.9

Mobile

Mobile Advertising Malware Cybercrime

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Security Affairs

OCTOBER 13, 2022

Mod apps are advertised as unofficial versions of legitimate apps that have features that the official one does not supports. The YoWhatsApp Android app was advertised in the official Snaptube app. In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam.”

Mobile

Mobile Accountability Advertising Antivirus

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

“They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks , and to develop an incident response plan which they regularly test.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the advisory. Pierluigi Paganini.

Education

Education Ransomware Antivirus Backups

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Malware Hacking Banking

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Review antivirus logs for indications they were unexpectedly turned off.

Ransomware

Ransomware Antivirus Passwords Malware

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

He allegedly subscribed the GandCrab ransomware-as-a-service to create his own version of the malware and spread it running a spam campaign. The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection.

Ransomware

Ransomware Advertising Malware Hacking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Pierluigi Paganini.

Government

Government Banking Advertising Malware

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

The attack described by Microsoft begun with a phishing message that was opened by an internal employee, the malware infected its systems and made lateral movements infected other systems in the same network. The virus halted core services by saturating the CPU usage on Windows devices. ” reads the Microsoft DART announcement.

Antivirus

Antivirus Malware Phishing Advertising

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

In the middle-August, the Emotet malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Send the samples (.doc

Malware

Malware Advertising Antivirus Banking

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

Malware researcher Brad Duncan first observed a new variant of Dridex on June 17 that leverage an Application Whitelisting technique to bypass mitigation via disabling or blocking of Windows Script Host. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior [ 2 ].

Banking

Banking Antivirus Advertising Encryption

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware

Malware Phishing Advertising Antivirus

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

APT group targets high profile networks in Central Asia

Security Affairs

MAY 16, 2020

Security firms have foiled an advanced cyber espionage campaign carried out by Chinese APT and aimed at infiltrating a governmental institution and two companies. Antivirus firms have uncovered and foiled an advanced cyber espionage campaign aimed at a governmental institution and two companies in the telecommunications and gas sector.

Telecommunications

Telecommunications Malware Advertising Antivirus

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install and regularly update antivirus software on all hosts, and enable real time detection. ransomware and phishing scams).

Ransomware

Ransomware DDOS Passwords Backups

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

“Account accesses for antivirus programs garner the second-highest prices: around $21.67. The cost for antivirus accounts is just over $20, while other types of accounts (cable, social media, VPN, streaming, adult, music, file sharing, and video game accounts) typically go for less than $10. ” continues the report.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Security Affairs newsletter Round 285

Security Affairs

OCTOBER 11, 2020

ransomware displays ransom note in innovative way Carnival confirms data breach as a result of the August ransomware attack Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP) Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns. Pierluigi Paganini.

Advertising

Advertising Antivirus Data privacy Ransomware

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . “As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” concludes the researchers.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan. Pierluigi Paganini.

Antivirus

Antivirus Malware Advertising Security Intelligence

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

Experts found DLL Hijacking issues in Avast, AVG, and Avira solutions

Security Affairs

OCTOBER 23, 2019

Flaws in Avast, AVG, and Avira Antivirus could be exploited by an attacker to load a malicious DLL file to bypass defenses and escalate privileges. The Antivirus implements a self-defense mechanism that prevents malicious code to write and implant a DLL to its folders. This trick could allow hackers to evade detection.

Antivirus

Antivirus Advertising Security Defenses Hacking

Security Affairs newsletter Round 248

Security Affairs

JANUARY 26, 2020

Malware attack took down 600 computers at Volusia County Public Library. Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Antivirus DDOS

Android Apps containing Clicker Trojan installed on over 100M devices

Security Affairs

AUGUST 10, 2019

Malware researchers at antivirus firm Dr Web discovered more than 33 Android Apps in the Google Play Store with over 100 million installations that contain a clicker Tojan tracked as Android. origin gather information about the infected system and sent it back to the C2. Once executed, Android. Pierluigi Paganini.

Mobile

Mobile Advertising Malware Data collection

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

Security Affairs

MAY 27, 2019

The website was used by attackers to redirect traffic to advertising sites that attempted to deliver malware. pw /XcTyTp advertisement website. A warning message from endpoint antivirus software when users try to visit malicious site redirected by Joomla and WordPress sites. htaccess code injection. Pierluigi Paganini.

Advertising

Advertising Malware Antivirus Software

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Security Affairs

DECEMBER 29, 2019

The BIOLOAD loader shares similarities with BOOSTWRITE , another loader associated with the FIN7 group that is able to drop the malware directly in memory. Experts pointed out that the BIOLOAD’s WinBio.dll is still detected by a limited number of antivirus on VirusTotal scanning platform despite it was compiled nine months ago.

Cybercrime

Cybercrime Antivirus Identity Theft Advertising

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider. The version 4.0 The image is stored in a file called SC4.P7D

eCommerce

eCommerce Advertising Malware Spyware

Experts warn of flaws in popular Antivirus solutions

Comodo Antivirus is affected by several vulnerabilities

Webinars

Trending Sources

BlackBerry Cylance addresses AI-based antivirus engine bypass

Webinars

A flaw in Kaspersky Antivirus allowed tracking its users online

Mysterious custom malware used to steal 1.2TB of data from million PCs

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

New Android BlackRock malware targets hundreds of apps

US govt agencies share details of the China-linked espionage malware Taidoor

A Google Drive weakness could allow attackers to serve malware

Lampion malware v2 February 2020

Nemty Ransomware, a new malware appears in the threat landscape

CISA’s advisory warns of notable increase in LokiBot malware

QwixxRAT, a new Windows RAT appears in the threat landscape

FBI and CISA published a new advisory on AvosLocker ransomware

DEV-0569 group uses Google Ads to distribute Royal Ransomware

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Report: Threat of Emotet and Ryuk

MalwareBazaar – welcome to the abuse-ch malware repository

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

NCSC warns of a surge in ransomware attacks on education institutions

Crooks made more than $560K with a simple clipboard hijacker

BlackCat Ransomware gang breached over 60 orgs worldwide

Belarussian authorities arrested GandCrab ransomware distributor

CISA alert warns of Emotet attacks on US govt entities

Microsoft’s case study: Emotet took down an entire network in just 8 days

France national cyber-security agency warns of a surge in Emotet attacks

New variant of Dridex banking Trojan implements polymorphism

QNodeService Trojan spreads via fake COVID-19 tax relief

Linksys force password reset to prevent Router hijacking

APT group targets high profile networks in Central Asia

Avoslocker ransomware gang targets US critical infrastructure

15 billion credentials available in the cybercrime marketplaces

Security Affairs newsletter Round 285

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

A new Astaroth Trojan Campaign uncovered by Microsoft

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Experts found DLL Hijacking issues in Avast, AVG, and Avira solutions

Security Affairs newsletter Round 248

Android Apps containing Clicker Trojan installed on over 100M devices

Crooks leverages.htaccess injector on Joomla and WordPress sites for malicious redirects

A previously undetected FIN7 BIOLOAD loader drops new Carbanak Backdoor

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Evilnum Group targets European and British fintech companies

Stay Connected