Antivirus, Download and Information Security

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Security Affairs

JANUARY 4, 2021

Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security expert discovered a new piece of malware uses weaponized Word documents to download a PowerShell script from GitHub. ” reported Ax Sharma on Bleeping Computer.

Antivirus

Antivirus Malware Accountability Hacking

Fleckpe Android malware totaled +620K downloads via Google Play Store

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware

Malware Mobile Antivirus Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. The initial stage of these trojans is generally the execution of a dropper in a form of a VBS, JScript, or MSI file that downloads from the Cloud (AWS, Google, etc.) the trojan loader/injector.

Antivirus

Antivirus Malware Banking Internet

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store. The Android.Spy.4498

Adware

Adware Antivirus Malware Software

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. The attack chain starts when a user downloads PrivateLoader, usually through pirated software, then the NetDooka malware is installed to act as a dropper for additional components. ” concludes the analysis.

Malware

Malware Antivirus DDOS Hacking

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Mobile

Mobile Government Data collection Antivirus

Grandoreiro Banking Trojan is back and targets banks worldwide

Security Affairs

MAY 19, 2024

If the user is in a targeted country (Mexico, Chile, Spain, Costa Rica, Peru, or Argentina), they are redirected to an image of a PDF icon, while a ZIP file is downloaded in the background. Finally the loader downloads, decrypts and executes the Grandoreiro banking trojan.

Banking

Banking Malware Antivirus Accountability

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware

Ransomware Malware Antivirus Phishing

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers. .”

Banking

Banking Antivirus Mobile Malware

Avast disables the JavaScript engine component due to a severe issue

Security Affairs

MARCH 11, 2020

Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. Ormandy pointed out that the main Avast antivirus process, AvastSvc.exe, which, runs as SYSTEM.

Engineering

Engineering Antivirus Advertising Hacking

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit. The messages urge the recipients to download an application. ” reads the report published by Morphisec.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

GuLoader implements new evasion techniques

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). an ieinstal.exe) and injects the same shellcode into the new process.

Malware

Malware Antivirus Hacking Cybersecurity

Tens of malicious NPM packages caught hijacking Discord servers

Security Affairs

DECEMBER 9, 2021

“Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed.”

Antivirus

Antivirus Malware Accountability Firewall

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. Most of the victims are located in Italy and the UK.

Banking

Banking Antivirus Malware Accountability

Bitdefender released a free decryptor for the MegaCortex ransomware

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free.

Ransomware

Ransomware Antivirus Encryption Backups

Clipper attacks use Trojanized TOR Browser installers

Security Affairs

MARCH 29, 2023

The attackers take advantage of the fact that the official Tor Project has been banned in Russia since the end of 2021, so users in Russia search for third-party repositories to download the Tor browser. The victims download the Tor Browser from a third-party server and execute it as torbrowser.exe. ” concludes the report.

Malware

Malware Passwords Cryptocurrency Antivirus

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

The CVE-2018-13379 is a path traversal vulnerability in the FortiOS SSL VPN web portal that could be exploited by an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests. The #CRING #ransomware is then downloaded via certutill. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

” The infection chain begins with a spear-phishing message written in Spanish that includes a link that points to a website that further downloads a malicious ZIP archive on the victim’s machine. .” ” reads the post published by Zscaler. That’s not all. ” concludes the report.

Banking

Banking Malware Antivirus Phishing

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Security Affairs

MARCH 9, 2021

If you are already mid-update to a later CU, you should continue with that update.” You might be prompted by the installer to restart.). Microsoft has also updated its Microsoft Safety Scanner (MSERT) tool to detect web shells employed in the recent Exchange Server attacks.

Antivirus

Antivirus Accountability Software Hacking

Joker malware infected 538,000 Huawei Android devices

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ltd, the remaining 2 by the developer ??.

Malware

Malware Spyware Mobile Antivirus

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Security Affairs

AUGUST 23, 2022

This backdoor allows operators to download and install additional malicious modules. “To download modules, Android.Backdoor.854.origin In response, the server sends a list of plugins that the trojan will download, decrypt and run.” ” reads the analysis. 3104 starts a local server. . ” concludes Dr.Web.

Mobile

Mobile Firmware Malware Wireless

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

The phishing emails contain a Microsoft Office attachment that includes an external reference in its metadata which downloads a malicious template file. Upon opening the document, a malicious template file is downloaded and saved on the system. jpg” that appears as an image of the First Deep Field captured by JWST is downloaded.

Malware

Malware DNS Antivirus Encryption

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. “Unfortunately, attackers have begun leveraging these familiar security assets in their own malware campaigns.

DDOS

DDOS Malware Antivirus Firewall

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021.

Antivirus

Antivirus Security Intelligence Malware Insurance

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

and is delivered through a Java downloader embedded in the.jar file, Trend Micro warns. . “Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as “QNodeService”.” However, the use of an uncommon platform may have helped evade detection by antivirus software.”

Malware

Malware Phishing Advertising Antivirus

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection. The macro is triggered automatically when the victim opens the document, and downloads a BAT file from cutt.ly.”

Malware

Malware Antivirus Phishing Cryptocurrency

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

An HTML file downloads a.lnk file mascaraed of an MSI file that takes advantage of the LoL bins to execute an MSI file (segunda.msi). segunda.msi” downloads and executes an EXE file that will drop the final stage. The URL available on the email templates downloads an HTML file called “ Dividas 2021.html Playing with LOL bins .

Banking

Banking Encryption Malware Phishing

njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection

Security Affairs

DECEMBER 10, 2020

. “In observations collected since October 2020, Unit 42 researchers have found that malware authors have been leveraging njRAT (also known as Bladabindi), a Remote Access Trojan, to download and deliver second-stage payloads from Pastebin, a popular website that is well-known to be used to store data anonymously.”

Malware

Malware Antivirus Encryption Hacking

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Security Affairs

OCTOBER 13, 2022

Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” The experts also discovered the adv for software development kit (SDK) that included the downloader for the malicious payload. ” reported Kaspersky.

Mobile

Mobile Accountability Advertising Antivirus

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

One of the key steps performed by the malware before downloading a first-stage PowerShell loader is a series of anti-virtual machine, anti-monitoring, and anti-malware checks. ViperSoftX also checks for active antivirus products running on the machine. ” continues the report.

Encryption

Encryption Malware Cryptocurrency Software

GuLoader implements new evasion techniques

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). an ieinstal.exe) and injects the same shellcode into the new process.

Malware

Malware Antivirus Hacking Cybersecurity

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Security Affairs

MARCH 9, 2023

Upon successful exploitation of vulnerable Oracle WebLogic servers, it will download a PowerShell script, named “bypass.ps1,” which contains the ScrubCrypt crypter. The PowerShell script is encoded to avoid detection by AntiVirus solutions. This URI belongs to an Oracle Weblogic server.

Antivirus

Antivirus Encryption Hacking Cybercrime

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Security Affairs

FEBRUARY 20, 2021

“The novelty of this downloader arises primarily from the way it uses JavaScript for execution—something we hadn’t previously encountered in other macOS malware—and the emergence of a related binary compiled for Apple’s new M1 ARM64 architecture.” ” reads the analysis published by RedCanary. ” concludes the report.

Malware

Malware Adware Antivirus DDOS

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Security Affairs

OCTOBER 19, 2023

Then attackers used PowerShell to download two payloads from legitimate infrastructure they had previously compromised. Use Microsoft Defender Antivirus to protect from this threat. Microsoft attributes the recent attacks to two North Korean APT groups Diamond Sleet and Onyx Sleet, which operate under the Lazarus Group umbrella.

Artificial Intelligence

Artificial Intelligence Accountability Antivirus Authentication

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

. “Mandiant Consulting observed the Trojanized installer downloaded on a Windows workstation after the user visited a legitimate site that the victim organization had used before.” “Mandiant confirmed the user intended to download, install, and use the SmartPSS software. ” continues the analysis.

Cybercrime

Cybercrime Ransomware Antivirus Software

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

In order to weaken the security defenses installed on the target machine, Black Basta targets installed security solutions with specific batch scripts downloaded into the Windows directory. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

Security Affairs

MARCH 4, 2021

.” “Mandiant Threat Intelligence discovered a sample of the SUNSHUTTLE backdoor uploaded to an online multi-Antivirus scan service.” ” reads the analysis published by Fireeye. ” The SUNSHUTTLE backdoor was likely developed to conduct network reconnaissance alongside other SUNBURST -related tools.

Malware

Malware Hacking Antivirus Information Security

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Experts pointed out that Google Chrome appears to implicitly trust any file downloaded from Google Drive, even if they are flagged and “malicious” by antivirus software as malicious. ” reads the post published by THN.

Malware

Malware Phishing Advertising Antivirus

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

Security Affairs

MARCH 20, 2023

Upon providing the CAPTCHA, the victim will be asked to download a ZIP archive containing the Redline Trojan variant. This is not noticeable by the victim during the download, as the file is compressed and most of that artificial size has just been filled with zeros.” ” reads the anaysis published by Avast.

Antivirus

Antivirus Malware Engineering Hacking

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

On June 26, 2019, experts at eSentire Threat Intelligence discovered a C2 infrastructure pointing to a similar Dridex variant that was undetected by most of the antivirus listed in VirusTotal service. At the time of discovery, using data from VirusTotal, only six antivirus solutions of about 60 detected suspicious behavior [ 2 ].

Banking

Banking Antivirus Advertising Encryption

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

The malware abused living-off-the-land binaries (LOLbins) such as the command line interface of the Windows Management Instrumentation Console ( WMIC ) to download and install malicious payloads in the background. According to the experts, LOLbins are very effecting in evading antivirus software. .

Antivirus

Antivirus Malware Advertising Security Intelligence

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

New alleged MuddyWater attack downloads a PowerShell script from GitHub

Webinars

Trending Sources

Fleckpe Android malware totaled +620K downloads via Google Play Store

Webinars

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Malicious apps continue to spread through the Google Play Store

NetDooka framework distributed via a pay-per-install (PPI) malware service

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Grandoreiro Banking Trojan is back and targets banks worldwide

DEV-0569 group uses Google Ads to distribute Royal Ransomware

SharkBot, the new generation banking Trojan distributed via Play Store

Avast disables the JavaScript engine component due to a severe issue

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Threat actors target crypto and NFT communities with Babadeda crypter

Bitdefender released a free decryptor for the MortalKombat Ransomware family

GuLoader implements new evasion techniques

Tens of malicious NPM packages caught hijacking Discord servers

SharkBot Banking Trojan spreads through fake AV apps on Google Play

Bitdefender released a free decryptor for the MegaCortex ransomware

Clipper attacks use Trojanized TOR Browser installers

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Grandoreiro banking malware targets Mexico and Spain

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Joker malware infected 538,000 Huawei Android devices

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

SEO poisoning campaign aims at delivering RAT, Microsoft warns

QNodeService Trojan spreads via fake COVID-19 tax relief

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection

YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

GuLoader implements new evasion techniques

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

A Google Drive weakness could allow attackers to serve malware

Threat actors abuse Adobe Acrobat Sign to distribute RedLine info-stealer

New variant of Dridex banking Trojan implements polymorphism

A new Astaroth Trojan Campaign uncovered by Microsoft

Stay Connected