Antivirus, Information Security, Malware and Phishing

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

A flaw in Kaspersky Antivirus allowed tracking its users online

Security Affairs

AUGUST 15, 2019

A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years.

Antivirus

Antivirus Advertising Software Internet

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported. TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. ” continues the report. ” concludes the report.

Malware

Malware Antivirus Manufacturing Healthcare

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. An attacker could exploit the weakness to carry out spear-phishing campaigns using messages that include links to malicious files hosted on Google Drive. ” reads the post published by THN. Pierluigi Paganini.

Malware

Malware Phishing Advertising Antivirus

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey.

Phishing

Phishing Social Engineering Malware Advertising

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Updated MATA attacks industrial companies in Eastern Europe

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser.

Malware

Malware Phishing Internet Internet

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation.

Malware

Malware Passwords Advertising Antivirus

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers.

Banking

Banking Antivirus Mobile Malware

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware

Ransomware Malware Antivirus Phishing

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Security Affairs

FEBRUARY 28, 2023

Antivirus company Bitdefender has released a free decryptor for the recently discovered ransomware family MortalKombat. Good news for the victims of the recently discovered MortalKombat ransomware , the antivirus firm Bitdefender has released a free decryptor that will allow them to recover their file without paying the ransom.

Ransomware

Ransomware Antivirus Backups Malware

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

We believe that these archive files have been distributed using spear phishing emails. The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests.

Malware

Malware Encryption Antivirus Architecture

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. .”

Phishing

Phishing Malware Antivirus Encryption

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware

Malware Phishing Antivirus Hacking

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

MAY 11, 2021

“The Australian Cyber Security Centre (ACSC) is aware an ongoing ransomware campaign utilising the Avaddon Ransomware malware. The ACSC also provided the following recommendations: Patch operating systems and applications, and keep antivirus signatures up to date. ” reads the alert published by ACSC.

Ransomware

Ransomware Backups Antivirus DDOS

Security Affairs newsletter Round 381

Security Affairs

AUGUST 28, 2022

Twilio hackers also breached the food delivery firm DoorDash Unprecedented cyber attack hit State Infrastructure of Montenegro Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus Critical flaw impacts Atlassian Bitbucket Server and Data Center Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access GoldDragon (..)

DDOS

DDOS Data breaches Malware Antivirus

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Why should employers educate employees about cyber security? This method was identified as vishing – a voice-based phishing attack.

Social Engineering

Social Engineering Ransomware Engineering Phishing

CISA and FBI warn of potential data wiping attacks spillover

Security Affairs

MARCH 1, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide. Enable strong spam filters to prevent phishing emails from reaching end users.

Antivirus

Antivirus Architecture Malware Cybersecurity

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

The attack described by Microsoft begun with a phishing message that was opened by an internal employee, the malware infected its systems and made lateral movements infected other systems in the same network. The virus halted core services by saturating the CPU usage on Windows devices. ” reads the Microsoft DART announcement.

Antivirus

Antivirus Malware Phishing Advertising

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

. “They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks , and to develop an incident response plan which they regularly test.” The agency recommends to implement an effective vulnerability management and patch management process, and of course to secure RDP services.

Education

Education Ransomware Antivirus Backups

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

Experts spotted a new malware dubbed QNodeService that was involved in Coronavirus-themed phishing campaign, crooks promise victims COVID-19 tax relief. Researchers uncovered a new malware dubbed QNodeService that was employed in a Coronavirus-themed phishing campaign. malware file (either “qnodejs-win32-ia32.js”

Malware

Malware Phishing Advertising Antivirus

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. Apps from other sources can carry malware or spyware.

Passwords

Passwords Password Management Antivirus Internet

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

We believe that these archive files have been distributed using spear phishing emails. The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The malware communicates with its C2 using HTTP requests. Archive files.

Malware

Malware Encryption Antivirus Architecture

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.” The malware changes the extension of the encrypted files to ‘.royal’. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Healthcare Antivirus Encryption

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Retail Advertising Antivirus

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

A joint report published by Rostelecom-Solar and the FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have stolen information from Russian federal agencies. The threat actors employed two previosuly undetected piece of malware dubbed Mail-O and Webdav-O.

Computers and Electronics

Computers and Electronics Malware Antivirus Government

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Security Affairs

NOVEMBER 3, 2022

It focused on deploying POS malware and launching targeted spear-phishing attacks against organizations worldwide. The DisableAntiSpyware parameter allows disabling the Windows Defender Antivirus in order to deploy another security solution.

Cybercrime

Cybercrime Ransomware Antivirus Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install and regularly update antivirus software on all hosts, and enable real time detection. ransomware and phishing scams).

Ransomware

Ransomware DDOS Passwords Backups

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Government

Government Banking Advertising Malware

Security Affairs newsletter Round 302

Security Affairs

FEBRUARY 21, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Firmware

Firmware DNS Data breaches Antivirus

New RTF Template Inject technique used by APT groups in recent attacks

Security Affairs

DECEMBER 1, 2021

APT groups from China, India, and Russia have used a new RTF (rich text format) template injection technique in recent phishing attacks. The technique was first reported by the security firm Proofpoint spotted which observed phishing campaigns using the weaponized RTF template injection since March 2021.

Phishing

Phishing Antivirus Engineering Hacking

Android banking Trojan BrazKing is back with significant evasion improvements

Security Affairs

NOVEMBER 18, 2021

The detection of which app is being opened, is now done server side, and the malware regularly sends on-screen content to the C2. Credential grabbing is then activated from the C2 server, and not by an automatic command from the malware.” ” states the analysis published by IBM.

Banking

Banking Malware Antivirus Phishing

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The threat actors launched spear-phishing campaigns against the victims, in some cases, the messages contained information related to the victims which were not publicly available. Other malware employed in the attacks linked to TA428 are nccTrojan, Logtu, Cotx, and DNSep, and previously undetected malware named CotSam.

Encryption

Encryption Antivirus Malware Hacking

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

The trojan has been disseminated via phishing templates impersonating Tax services in Portugal. Phishing wave. The malware takes advantage of a template from the Portuguese Tax services (Autoridade Tributária e Aduaneira) to disseminate the threat in the wild. Key findings. name: teams.exe MD5 : ade4119d5fdf574ebe5055359ec7a5cd.

Banking

Banking Encryption Malware Phishing

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

Microsoft Defender ATP Research Team discovered a fileless malware campaign that was spreading the information stealing Astaroth Trojan. Experts at the Microsoft Defender ATP Research Team discovered a fileless malware campaign that is delivering the information stealing Astaroth Trojan.

Antivirus

Antivirus Malware Advertising Security Intelligence

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

ransomware is a modular malware that is more evasive than its previous versions, its shared similarities with Blackmatter and Blackcat ransomware. ” By protecting the code with encryption, the latest LockBit version can avoid the detection of signature-based anti-malware solutions. The LockBit 3.0 The LockBit 3.0

Ransomware

Ransomware Penetration Testing Encryption Accountability

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

The modus operandi of this piece of malware is not new in Portugal. One of the last occurrences was last December 2019, where the Lampion trojan operated in a very similar way, changing only the way the malware was distributed (via AWS S3 buckets and with the first stage encoded in a highly obfuscated VBS file).

Banking

Banking Malware Phishing Social Engineering

Grandoreiro banking malware targets Mexico and Spain

A flaw in Kaspersky Antivirus allowed tracking its users online

Trending Sources

TrickGate, a packer used by malware to evade detection since 2016

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

BRATA Android Malware evolves and targets the UK, Spain, and Italy

A Google Drive weakness could allow attackers to serve malware

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Info stealers and how to protect against them

Akira ransomware received $42M in ransom payments from over 250 victims

Wannacry, the hybrid malware that brought the world to its knees

Updated MATA attacks industrial companies in Eastern Europe

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

SharkBot, the new generation banking Trojan distributed via Play Store

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Bitdefender released a free decryptor for the MortalKombat Ransomware family

Woody RAT: A new feature-rich malware spotted in the wild

Threat actors target crypto and NFT communities with Babadeda crypter

China-linked APT uses a new backdoor in attacks at Russian defense contractor

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs newsletter Round 381

Ransomware realities in 2023: one employee mistake can cost a company millions

CISA and FBI warn of potential data wiping attacks spillover

Microsoft’s case study: Emotet took down an entire network in just 8 days

NCSC warns of a surge in ransomware attacks on education institutions

QNodeService Trojan spreads via fake COVID-19 tax relief

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Woody RAT: A new feature-rich malware spotted in the wild

The U.S. CISA and FBI warn of Royal ransomware operation

Report: Threat of Emotet and Ryuk

Foreign hackers breached Russian federal agencies, said FSB

Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Avoslocker ransomware gang targets US critical infrastructure

CISA alert warns of Emotet attacks on US govt entities

Security Affairs newsletter Round 302

New RTF Template Inject technique used by APT groups in recent attacks

Android banking Trojan BrazKing is back with significant evasion improvements

Chinese actors behind attacks on industrial enterprises and public institutions

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

A new Astaroth Trojan Campaign uncovered by Microsoft

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Brazilian trojan banker is targeting Portuguese users using browser overlay

Stay Connected