Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware.

DDOS 91

DDOS Malware Antivirus Firewall 91

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 82

Malware DNS Antivirus Encryption 82

Security Affairs

MARCH 4, 2021

Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle , and it was “uploaded by a U.S.-based ” continues FireEye.

Malware 115

Malware Hacking Antivirus Information Security 115

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware 129

Ransomware Malware Antivirus Phishing 129

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware 114

Malware Passwords Advertising Antivirus 114

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An investigation conducted by the antivirus firm Dr. Web in May resulted in the discovery of multiple adware and information-stealing malware on the official Google Play Store.

Adware 86

Adware Antivirus Malware Software 86

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware 112

Malware Computers and Electronics Software Financial Services 112

Security Affairs

AUGUST 15, 2022

The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since August 6, 2020. “On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.”

Malware 73

Malware Antivirus Engineering Hacking 73

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers.

Banking 79

Banking Antivirus Mobile Malware 79

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . “While the Windows system is in safe mode antivirus software doesn’t work. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus 108

Antivirus Cryptocurrency Malware Software 108

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware 105

Malware Hacking Government Telecommunications 105

Security Affairs

AUGUST 23, 2020

Experts pointed out that Google Chrome appears to implicitly trust any file downloaded from Google Drive, even if they are flagged and “malicious” by antivirus software as malicious. The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. Pierluigi Paganini.

Malware 131

Malware Phishing Advertising Antivirus 131

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. 2020-02-13] #Lampion v2 #portugal #malware #ATA 0998f6473004e0ba54ead5784ba62db8 h}//vrau-x.s3.us-east-2.amazonaws.[com/0.zip zip h//oiurx14x.s3.us-east-2.amazonaws.}com/P-14-7.dll

Malware 77

Malware Banking Antivirus Advertising 77

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency 120

Cryptocurrency Malware Antivirus Phishing 120

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware 103

Malware Adware Architecture Antivirus 103

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). ” reads the analysis published by CrowdStrike.

Malware 95

Malware Antivirus Hacking Cybersecurity 95

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware 89

Ransomware Antivirus Backups Malware 89

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware 106

Malware Government Passwords System Administration 106

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 110

Malware Encryption Antivirus Architecture 110

Security Affairs

MARCH 24, 2020

ch launched the MalwareBazaar service, a malware repository to allow experts to share known malware samples and related info. ch launched a malware repository, called MalwareBazaar , to allow experts to share known malware samples and related analysis. Malware batches are available for download on a daily base.

Malware 52

Malware Adware Cyber threats Advertising 52

Security Affairs

APRIL 9, 2022

Experts discovered malicious Android apps on the Google Play Store masqueraded as antivirus solutions spreading the SharkBot Trojan. Sharkbot is an information stealer steals used by crooks to siphon credentials and banking information. This is the exact case we observed with the Sharkbot malware.”

Banking 87

Banking Antivirus Malware Accountability 87

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” continues the report.

Encryption 86

Encryption Malware Cryptocurrency Software 86

Security Affairs

DECEMBER 9, 2021

“Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed.”

Antivirus 87

Antivirus Malware Accountability Firewall 87

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware 107

Malware Phishing Advertising Antivirus 107

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. See Protecting Against Malicious Code.

Malware 65

Malware Passwords Advertising Antivirus 65

Security Affairs

JANUARY 6, 2023

Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware allowing its victims to restore their data for free. Antivirus firm Bitdefender released a decryptor for the MegaCortex ransomware , which can allow victims of the group to restore their data for free. The group typically asked ransoms between $20,000 to $5.8

Ransomware 95

Ransomware Antivirus Encryption Backups 95

Security Affairs

AUGUST 23, 2022

The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct multiple malicious activities. “Among them is the interception of chats and the theft of the confidential information that could be found in them; this malware can also execute spam campaigns and various scam schemes.

Mobile 92

Mobile Firmware Malware Wireless 92

Security Affairs

DECEMBER 10, 2020

“In observations collected since October 2020, Unit 42 researchers have found that malware authors have been leveraging njRAT (also known as Bladabindi), a Remote Access Trojan, to download and deliver second-stage payloads from Pastebin, a popular website that is well-known to be used to store data anonymously.”

Malware 78

Malware Antivirus Encryption Hacking 78

Security Affairs

JUNE 14, 2021

Microsoft 365 Defender data shows that the SEO poisoning technique is effective, given that Microsoft Defender Antivirus has detected and blocked thousands of these PDF documents in numerous environments. — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft.

Antivirus 68

Antivirus Security Intelligence Malware Insurance 68

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser.

Malware 98

Malware Phishing Internet Internet 98

Security Affairs

MAY 22, 2021

The threat actors employed two previosuly undetected piece of malware dubbed Mail-O and Webdav-O. “Mail-O is a downloader program that accesses the Mail.ru “Webdav-O is another malware that has never been described before. Group to download the collected data. .” Group to download the collected data.

Computers and Electronics 111

Computers and Electronics Malware Antivirus Government 111

Security Affairs

MARCH 14, 2022

An HTML file downloads a.lnk file mascaraed of an MSI file that takes advantage of the LoL bins to execute an MSI file (segunda.msi). segunda.msi” downloads and executes an EXE file that will drop the final stage. The URL available on the email templates downloads an HTML file called “ Dividas 2021.html Phishing wave.

Banking 86

Banking Encryption Malware Phishing 86

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). ” reads the analysis published by CrowdStrike.

Malware 52

Malware Antivirus Hacking Cybersecurity 52

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware. ” continues the report.

Mobile 86

Mobile Advertising Malware Cybercrime 86

Security Affairs

OCTOBER 13, 2022

Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” The experts also discovered the adv for software development kit (SDK) that included the downloader for the malicious payload. ” reported Kaspersky.

Mobile 105

Mobile Accountability Advertising Antivirus 105

Security Affairs

APRIL 7, 2021

The CVE-2018-13379 is a path traversal vulnerability in the FortiOS SSL VPN web portal that could be exploited by an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests. The #CRING #ransomware is then downloaded via certutill. ” reads the post published by Kaspersky.

VPN 95

VPN Ransomware Antivirus Firmware 95

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 63

Malware Encryption Antivirus Architecture 63