Krebs on Security

AUGUST 3, 2023

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. “We are investigating possible fixes for developer tools and plan to update our documentation accordingly,” Google’s statement continued. .

Mobile 197

Mobile Malware Banking Cybercrime 197

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with.

Malware 98

Malware Social Engineering Engineering Education 98

Security Affairs

APRIL 18, 2024

In the attacks analyzed by BlackBarry, threat actors used a typosquatting technique, they used a malicious URL “advanced-ip-sccanner[.]com” In the attacks analyzed by BlackBarry, threat actors used a typosquatting technique, they used a malicious URL “advanced-ip-sccanner[.]com” com”, which is a free online scanner.

Phishing 106

Phishing Cybercrime Manufacturing Hacking 106

Elie

FEBRUARY 24, 2020

Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones.

118

118

Lenny Zeltser

JANUARY 6, 2021

As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started. There are several ways to describe the skills you to analyze malicious software. Understand Where You Currently Fit Into the Malware Analysis Process.

Malware 145

Malware Software Engineering Information Security 145

Malwarebytes

MARCH 28, 2024

That’s according to a court document filed March 23, 2024. The document mentions Facebook’s so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019. According to the court documents, advertisers suing Meta claim that Facebook later expanded the program to Amazon and YouTube.

Encryption 109

Encryption VPN Technology Mobile 109

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. According to Google, since the end of 2019, the use of the new scanners allowed to increase the daily detection of weaponized Office documents by 10%. of threats that attempt to target Gmail users.

Malware 111

Malware Advertising Technology Engineering 111

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. What’re malicious files?

Malware 103

Malware Education Hacking Internet 103

Security Affairs

FEBRUARY 12, 2024

According to court documents, the FBI covertly purchased and analyzed the Warzone RAT. and three related domains, which together offered for sale the Warzone RAT malware — a sophisticated remote access trojan (RAT) capable of enabling cybercriminals to surreptitiously connect to victims’ computers for malicious purposes.”

Malware 100

Malware Hacking Cybercrime Advertising 100

Malwarebytes

DECEMBER 23, 2021

The recent malicious spam campaigns (malspam) we and others have observed appear to have been created by someone who wants to play Scrooge and add onto people’s already heightened state of anxiety. Opening at the so-called test results in the attached document delivers malware. Malicious documents. TermLetter.xls.

Malware 124

Malware Passwords Ransomware 124

eSecurity Planet

NOVEMBER 7, 2022

Python, PowerShell , Java) Analyzing memory for code injections and other malicious activities Examining suspicious documents (such as PDFs, Microsoft Office, emails). We’ll examine the pros and cons, but REMnux is definitely a great asset for those who want to focus on their work and skip the “installation hell.”. REMnux Pros.

Engineering 130

Engineering Malware Penetration Testing Technology 130

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. The mass hack was the result of the availability of 4000 malicious apps in the App Store, the apps were found containing the XCodeGhost Malware.

Malware 110

Malware Hacking Mobile Passwords 110

Security Boulevard

MARCH 1, 2023

Attackers are increasingly using OneNote documents to distribute malware, due to the heightened security measures against macro-based attacks and the widespread adoption and popularity of the platform. Key Takeaways: Threat actors are increasingly using Microsoft OneNote documents to deliver malware via phishing emails. Why OneNote?

Malware 78

Malware Phishing Threat Detection Encryption 78

Security Affairs

NOVEMBER 21, 2021

The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick victims opening the malicious email used as the attack vector. The attacks were orchestrated by Squirrelwaffle , a threat actor known for sending malicious spam as replies to existing email chains. ” concludes the analysis.

Malware 138

Malware Hacking Cybercrime Information Security 138

Malwarebytes

MARCH 12, 2024

February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. The other type of redirect was using subdomains from expired and sitting.com domains reassigned for malicious purposes. top ads-analyze[.]top This is a common trick to give the illusion of credibility.

DNS 114

DNS Malware Software Hacking 114

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link. The group is also known to register malicious domains that mimic legitimate organizations.

Social Engineering 97

Social Engineering Government Media DNS 97

Security Affairs

MARCH 31, 2022

The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer. . Morphisec Labs recently discovered the Mars stealer that was spreading masqueraded as malicious software cracks and keygens. The malicious code was offered only $160 for a lifetime subscription.

Cryptocurrency 82

Cryptocurrency Malware Cybercrime Advertising 82

Security Affairs

JUNE 12, 2020

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. OTM file) that was specifically designed to target Microsoft Outlook email client with malicious macro scripts. ” read the post published by ESET.

Malware 105

Malware Phishing Advertising Government 105

Security Affairs

NOVEMBER 9, 2022

“Amadey Bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon.” The malicious Microsoft Word document (“ ???.docx ” concludes the report.

Malware 91

Malware Ransomware Cybercrime Phishing 91

Malwarebytes

MARCH 5, 2021

We recently observed a malicious Word file that uses this technique to drop a Remote Administration Trojan (RAT) that was new to us. Based on the decoy document, we assess that this attack is targeting the government and military of Azerbaijan. The malicious document contains a macro that is obfuscated. Maldoc analysis.

Encryption 126

Encryption Phishing Security Defenses Government 126

Malwarebytes

JULY 13, 2022

We have been closely monitoring this threat actor and noticed changes in their macro-based documents as well as their final payloads. UA-CERT has attributed the document named “ Information on the availability of vacancies and their staffing.xls ” to UAC-0056. The document will download an executable file named write.bin.

Government 128

Government Cyber Attacks Phishing Malware 128

The Last Watchdog

OCTOBER 20, 2023

“Unauthorised transactions made with the help of lost or stolen credit cards, counterfeit cards, ID document forgery and identity theft, fake identification, email phishing, and imposter scams are among the most common types of payment fraud today.” Cloud technologies also play an important role in the latest anti-fraud developments.

Artificial Intelligence 100

Artificial Intelligence Identity Theft Telecommunications Big data 100

Malwarebytes

APRIL 18, 2022

VirusTotal is now part of Google Cloud and its goal is to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats. But in the context of this article it is even more important to realize that VirusTotal was not designed to check whether an attachment is malicious. VirusTotal.

Malware 128

Malware Engineering Technology Cybersecurity 128

Hot for Security

JUNE 3, 2021

The 20-page analysis contains a set of mappings to develop adversary profiles, analyze trends and detect, respond to and mitigate threats. “An Finally, the document includes a hefty list of mitigations that network defenders can use to strengthen the security posture of their organizations’ systems.

InfoSec 119

InfoSec System Administration Malware Engineering 119

Security Affairs

JANUARY 7, 2021

The experts found a malicious document uploaded to Virus Total related to a meeting request dated 23 Jan 2020, a circumstance that suggests the attack took place a year ago. A malicious macro is encoded within another that is dynamically decoded and executed. ” reads the post published by Malwarebytes. Pierluigi Paganini.

Government 95

Government Phishing Encryption Malware 95

Security Affairs

JUNE 17, 2021

The decoy content displayed by the malicious files employed in the attacks often made use of political themes and involved images or videos of resistance bases or strikes against the Iranian regime, a circumstance that suggests the attack is aimed at potential supporters of such movements within the country.

VPN 124

VPN Internet Internet Software 124

Security Affairs

MARCH 27, 2023

In a recent campaign analyzed by Trend Micro, the threat actors used spear-phishing emails and Google Drive links as attack vectors. To bypass email-scanning services, the threat actors started embedding the Google Drive link in a lure document. The link points to a password-protected archive, the document also includes the password.

Malware 85

Malware Phishing Passwords Government 85

Security Affairs

NOVEMBER 27, 2021

Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” reads the emails sent by IKEA to its employees. The emails use weaponized Office documents or include a link to them.

Cyber Attacks 136

Cyber Attacks Phishing Malware Hacking 136

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent attacks, Malwarebytes researchers reported. Both documents were compiled on 2020-04-24, but experts believe that they have been used in a campaign around late December 2021 and early 2022.

Malware 79

Malware Hacking Phishing Ransomware 79

Security Affairs

JANUARY 7, 2023

Experts at IBM X-Force that first analyzed it noticed that the threat does not borrow code from other banking malware, but the malicious code implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. com/products/app/ZoomInstallerFull[.]exe.

Malware 89

Malware Phishing Banking Hacking 89

Security Affairs

SEPTEMBER 4, 2022

SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. The attackers used a Microsoft Word document that included a Microsoft Dynamic Data Exchange (DDE) exploit along with a previously undiscovered remote access trojan (RAT), tracked as CodeRAT by SafeBreach Labs researchers.

Malware 98

Malware Surveillance Government Hacking 98

Security Affairs

MARCH 3, 2020

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. The Kimsuky APT group has been analyzed by several security teams. By analyzing its contents, we noticed that it is used to delete the initial artifact (scr) and file itself. I ntroduction.

Malware 127

Malware Advertising Hacking Information Security 127

Malwarebytes

DECEMBER 5, 2022

In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme. Why the group used this method instead of dropping a malicious dui70.dll Lazarus Group. dll in that directory is unclear.

Cryptocurrency 81

Cryptocurrency Malware Scams Cybercrime 81

Malwarebytes

JULY 19, 2021

Remcos is often delivered via malicious documents or archive files containing scripts or executables. Unlike most RATs used by malicious actors however, Remcos is marketed as an administrative tool by the company Breaking Security which sells it openly on their website. Distribution. zip Report-11003456773312.vbs.

Malware 145

Malware DNS Software Marketing 145

SecureList

APRIL 12, 2023

In mid-October 2019, we came across a suspicious document uploaded to VirusTotal. Upon further investigation, we discovered that the actor behind this weaponized document had been using similar malicious Word documents since October 2018. In this initial discovery, the actor used two types of second-stage payload.

Malware 127

Malware Cryptocurrency Software Encryption 127

Security Affairs

MARCH 14, 2024

In the campaign observed by ZDI, threat actors used PDF documents lures that contained Google DoubleClick Digital Marketing (DDM) open redirects. The victims were redirected to compromised sites hosting the exploit for the Microsoft Windows SmartScreen bypass flaw CVE-2024-21412 that led to malicious Microsoft (.MSI) MSI) installers.

Phishing 105

Phishing Malware Software Internet 105

Security Affairs

OCTOBER 1, 2020

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Malware 137

Malware Advertising Banking Passwords 137