Antivirus, Information Security, Malware and Passwords

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. It is also recommendable to check the virus vault of your antivirus.

Ransomware

Ransomware Malware Antivirus Encryption

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware

Malware Encryption Antivirus Passwords

Anti-malware firm Emsisoft accidentally exposes internal DB

Security Affairs

FEBRUARY 10, 2021

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs. The anti-malware solutions provider Emsisoft disclosed last week a data breach. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Malware

Malware Data breaches Antivirus Passwords

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. Recently security experts from Sucuri, spotted JavaScript injections targeting WordPress sites to display fake DDoS Protection pages which lead victims to download remote access trojan malware. Pierluigi Paganini.

DDOS

DDOS Malware Antivirus Firewall

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Malware

Malware Government Passwords System Administration

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) is warning of a notable increase in the use of LokiBot malware by threat actors since July 2020. The Agency’s EINSTEIN Intrusion Detection System has detected persistent malicious activity associated with the LokiBot malware. Enforce a strong password policy.

Malware

Malware Passwords Advertising Antivirus

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

And the malware that subsequently gets installed continues to get more stealthy and capable with each advancing iteration. Researchers recently flushed out a new variety of the Xbash family of malware tuned to seek out administrators’ rights and take control of Linux servers. Use a password manager.

Passwords

Passwords Password Management Antivirus Internet

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Regularly back up data, air gap, and password-protect backup copies offline.

Ransomware

Ransomware Antivirus Passwords Malware

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. Pierluigi Paganini.

Ransomware

Ransomware Encryption Healthcare Education

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The operations behind the DirtyMoe botnet rapidly changed since the end of 2020, when the malware authors added a worm module that could increase their activity by spread via the internet to other Windows systems. ” continues the report.

DNS

DNS Cryptocurrency Internet Internet

Security Affairs newsletter Round 381

Security Affairs

AUGUST 28, 2022

Twilio hackers also breached the food delivery firm DoorDash Unprecedented cyber attack hit State Infrastructure of Montenegro Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus Critical flaw impacts Atlassian Bitbucket Server and Data Center Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access GoldDragon (..)

DDOS

DDOS Data breaches Malware Antivirus

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

If your friend or colleague is suddenly asking you for money or to change your password, call them on the phone and ask if they really sent the message. Use a strong password and store it correctly: Strong passwords consist of a combination of uppercase and lowercase letters, numbers, and special symbols such as punctuation.

Social Engineering

Social Engineering Ransomware Engineering Phishing

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

The threat actors employed two previosuly undetected piece of malware dubbed Mail-O and Webdav-O. “Webdav-O is another malware that has never been described before. The malware supports two authentication methods: basic (with login and password) and oauth (with using a token).”

Computers and Electronics

Computers and Electronics Malware Antivirus Government

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. “When pursuing cases against malware authors, prosecutors typically need to demonstrate the author’s intent for the malware. There is the name of the malware itself.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Government

Government Banking Advertising Malware

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware is a modular malware that is more evasive than its previous versions, its shared similarities with Blackmatter and Blackcat ransomware. ransomware, then a password argument is mandatory during the execution of the ransomware.” It also supports a Safe Mode feature to bypass endpoint antivirus and detection.

Ransomware

Ransomware Penetration Testing Encryption Accountability

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.”

Cybercrime

Cybercrime Antivirus Marketing Accountability

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The Portdoor backdoor implements multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration.

Encryption

Encryption Antivirus Malware Hacking

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. The malicious code appended the extension.

Ransomware

Ransomware Penetration Testing Healthcare Government

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . “As with just about every piece of malware, InnfiRAT is designed to access and steal personal information on a user’s computer.” ” concludes the researchers.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

Common Types of Cyber Attacks Common techniques that criminal hackers use to penetrate systems include social engineering, password attacks, malware, and exploitation of software vulnerabilities. Password Attacks Password attacks involve guessing or cracking passwords to gain access to systems.

Social Engineering

Social Engineering Passwords Engineering Software

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database. The malicious code appended the extension .

Education

Education Ransomware Encryption Antivirus

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Regularly back up data, air gap, and password protect backup copies offline. Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts. .

Passwords

Passwords Government Firmware Accountability

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

Our investigation showed that the samples had leaked accounts, customer passwords, and unique company IDs used as extensions of encrypted files.” Experts noticed that Agenda changes the default user’s password and enables automatic login with the new login credentials to evade detection.

Ransomware

Ransomware Encryption Accountability Antivirus

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

The malware was named ‘Lampion’ as this is the name used as part of its internal name. In brief, when the victim clicks on the links available in the email body the malware is downloaded from the online server. dll) was sent to the VirusTotal by SI-LAB, and 12 from 71 engines classified it as malware. Lampion trojan (P-19-2.dll)

Malware

Malware Internet Internet Antivirus

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware

Malware Antivirus Hacking Accountability

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “A well-rounded security program is essential to mitigate risk from sophisticated groups such as UNC2465 as they continue to adapt to a changing security landscape.”

Cybercrime

Cybercrime Ransomware Antivirus Software

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware Firmware Antivirus Accountability

SSH-backdoor Botnet With ‘Research’ Infection Technique

Security Affairs

NOVEMBER 26, 2020

Security expert Tolijan Trajanovski analyzed an SSH-backdoor Botnet that implements an interesting ‘Research’ infection technique. In a recent tweet , the malware researcher @ 0xrb shared a list containing URLs of recently captured IoT botnet samples. This botnet malware backdoors Linux devices with SSH access by adding users.

IoT

IoT Malware Antivirus Engineering

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Symbiote, a nearly-impossible-to-detect Linux malware?

Trending Sources

Linksys force password reset to prevent Router hijacking

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Ezuri memory loader used in Linux and Windows malware

Anti-malware firm Emsisoft accidentally exposes internal DB

Mysterious custom malware used to steal 1.2TB of data from million PCs

Info stealers and how to protect against them

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

US govt agencies share details of the China-linked espionage malware Taidoor

CISA’s advisory warns of notable increase in LokiBot malware

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Woody RAT: A new feature-rich malware spotted in the wild

BlackCat Ransomware gang breached over 60 orgs worldwide

Experts spotted a variant of the Agenda Ransomware written in Rust

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Avoslocker ransomware gang targets US critical infrastructure

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs newsletter Round 381

Ransomware realities in 2023: one employee mistake can cost a company millions

Woody RAT: A new feature-rich malware spotted in the wild

Foreign hackers breached Russian federal agencies, said FSB

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Ransomware Revival: Troldesh becomes a leader by the number of attacks

CISA alert warns of Emotet attacks on US govt entities

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

15 billion credentials available in the cybercrime marketplaces

Chinese actors behind attacks on industrial enterprises and public institutions

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

PYSA ransomware gang is the most active group in November

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

New Agenda Ransomware appears in the threat landscape

A new trojan Lampion targets Portugal

Microsoft: North Korea-linked Zinc APT targets security experts

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Ranzy Locker ransomware hit tens of US companies in 2021

SSH-backdoor Botnet With ‘Research’ Infection Technique

Stay Connected