Security Affairs

JANUARY 14, 2022

A weakness in the Microsoft Defender antivirus can allow attackers to retrieve information to use to avoid detection. Threat actors can leverage a weakness in Microsoft Defender antivirus to determine in which folders plant malware to avoid the AV scanning. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 144

Malware Antivirus Hacking Information Security 144

Security Affairs

JULY 23, 2019

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. We recommend to keep updated on future Comodo Antivirus releases.”

Antivirus 81

Antivirus Advertising Hacking Malware 81

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware 145

Malware DNS Antivirus Passwords 145

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware 97

Malware Antivirus DDOS Hacking 97

Security Affairs

AUGUST 15, 2019

A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years.

Antivirus 96

Antivirus Advertising Software Internet 96

Security Affairs

JULY 22, 2019

BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. “We verified the issue was not a universal bypass as reported, but rather a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances.

Antivirus 79

Antivirus Engineering Advertising Hacking 79

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware 97

Ransomware Malware Antivirus Encryption 97

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking 98

Banking Malware Antivirus Phishing 98

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps. In case the subscription process requires a confirmation code, the malware is able to get it from the notifications.

Malware 88

Malware Mobile Antivirus Hacking 88

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” concludes the report.

Malware 95

Malware Antivirus Healthcare Manufacturing 95

Security Affairs

JULY 24, 2021

Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned p rivate US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. The malware only targets data under the Users folder, likely because it was designed to infect users who do not have administrator privileges.

Malware 141

Malware Antivirus Cyber Attacks Hacking 141

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. aliyuncs.com/ Android.Joker.531

Malware 141

Malware Spyware Mobile Antivirus 141

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware 106

Malware Banking Antivirus Phishing 106

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware 142

Malware Encryption Antivirus Passwords 142

Security Affairs

MARCH 4, 2021

Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle , and it was “uploaded by a U.S.-based ” continues FireEye.

Malware 115

Malware Hacking Antivirus Information Security 115

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware 120

Malware Antivirus Phishing Cryptocurrency 120

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. Pierluigi Paganini.

DDOS 97

DDOS Malware Antivirus Firewall 97

Security Affairs

SEPTEMBER 5, 2022

Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware. It has already happened in the past that the popular antivirus software has identified Chrome as a malicious code, the website The Register reported a similar problem in 2011.

Antivirus 97

Antivirus Ransomware Malware Software 97

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, is exploiting antivirus products to target the telecom sector in Asia. A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. ” concludes the report.”Once

Software 113

Software Malware Telecommunications Antivirus 113

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware 103

Malware Computers and Electronics Encryption Ransomware 103

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware 116

Malware Computers and Electronics Software Financial Services 116

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 91

Malware DNS Antivirus Encryption 91

Security Affairs

FEBRUARY 10, 2021

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Malware 127

Malware Data breaches Antivirus Passwords 127

Security Affairs

AUGUST 15, 2022

. “On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.” The post A new PyPI Package was found delivering fileless Linux Malware appeared first on Security Affairs.

Malware 83

Malware Antivirus Engineering Hacking 83

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . “While the Windows system is in safe mode antivirus software doesn’t work. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus 116

Antivirus Cryptocurrency Malware Software 116

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware 123

Malware Passwords Advertising Antivirus 123

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware 108

Malware Adware Architecture Antivirus 108

Security Affairs

FEBRUARY 24, 2020

Since end-December 2019 lampion malware has been noted as the most prominent malware targeting Portuguese organizations. Figure 1: Lampion malware email templates. 2020-02-13] #Lampion v2 #portugal #malware #ATA 0998f6473004e0ba54ead5784ba62db8 h}//vrau-x.s3.us-east-2.amazonaws.[com/0.zip zip h//oiurx14x.s3.us-east-2.amazonaws.}com/P-14-7.dll

Malware 79

Malware Banking Antivirus Advertising 79

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking 119

Banking Cybercrime Malware Accountability 119

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware 95

Malware Banking Mobile Spyware 95

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers.

Banking 89

Banking Antivirus Mobile Malware 89

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. Threat actors use FileZilla, WinRAR, WinSCP, and RClone for data exfiltration.

Ransomware 113

Ransomware Encryption Antivirus VPN 113

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware 111

Malware Hacking Government Telecommunications 111

Security Affairs

AUGUST 26, 2019

A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. ” Victims could upload their configuration file, in turn, the operators behind the ransomware will provide with the link to another website that comes with a chat function and more information on the demands.

Ransomware 99

Ransomware Malware Antivirus Encryption 99

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 107

Malware Encryption Antivirus Architecture 107

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware 111

Malware Government Passwords System Administration 111

Security Affairs

FEBRUARY 19, 2021

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets. The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip.

Malware 97

Malware Adware Engineering Antivirus 97