Security Affairs

APRIL 24, 2023

The malware environment checking and Anti-VM functions. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” The malware can steal sensitive data from the infected endpoint, including browser history and passwords, and cookies.

Cybercrime 89

Cybercrime Malware Education Phishing 89

Malwarebytes

AUGUST 3, 2022

This blog post was authored by Ankur Saini and Hossein Jazi. In this blog post, we will analyze Woody Rat’s distribution methods, capabilities as well as communication protocol. We believe that these archive files have been distributed using spear phishing emails. The malware communicates with its C2 using HTTP requests.

Malware 104

Malware Encryption Antivirus Architecture 104

Security Affairs

APRIL 6, 2023

The attack chain associated with ARCHIPELAGO starts with phishing emails that embed malicious links. The messages pose as sent by a representative of a media outlet or think tank and ask North Korea experts to participate in a media interview or request for information (RFI).

Phishing 82

Phishing Media Passwords Malware 82

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing 88

Phishing Education Accountability Telecommunications 88

Security Affairs

MAY 25, 2022

Researchers from Malwarebytes observed an unknown Advanced Persistent Threat (APT) group targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Russian invasion of Ukraine. exe for its malware. This campaign primarily targeted RT TV employees. ” concludes the report.

Government 107

Government Malware Phishing Hacking 107

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware 125

Malware Phishing Antivirus Hacking 125

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). ” reads the report published by Cyble.

Advertising 82

Advertising Passwords Malware Password Management 82

Security Affairs

MAY 28, 2022

The instances of the malware spotted by the experts were compiled in early March, a few days after the Russian invasion of Ukraine began. While monitoring the activity of the APT group, experts observed threat actors conducting multiple attacks, including phishing campaigns and malware attacks. caciques.gloritapa.** defective88.maizuko.**

DDOS 140

DDOS Malware Phishing Hacking 140

Security Affairs

APRIL 16, 2023

The phishing attacks began in February 2023, the IT giant reported. In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.

Accountability 90

Accountability Phishing Financial Services Surveillance 90

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware 131

Ransomware Malware Antivirus Phishing 131

Security Affairs

MAY 19, 2022

A previously unknown Chinese cyberespionage group, tracked as ‘Space Pirates’, targets enterprises in the Russian aerospace industry with spear-phishing attacks. The attacks were first discovered by researchers at Positive Technologies in 2019, the phishing messages contained a link to previously undetected malware.

Malware 128

Malware Phishing Government Hacking 128

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration 92

System Administration Government Phishing Malware 92

Security Affairs

MAY 27, 2022

According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. The malware is available for rent on underground forums for $5000 per month since March 2022. Researchers from Cyble analyzed the malware after the initial discovery made by ESET. A new #Android banker ERMAC 2.0 116, 193.106.191[.]148,

Banking 142

Banking Malware Cybercrime Phishing 142

Security Affairs

MAY 15, 2022

Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign conducted by Armageddon APT using GammaLoad.PS1_v2 malware. Ukraine Computer Emergency Response Team (CERT-UA) reported a phishing campaign using messages with subject “On revenge in Kherson!” To nominate, please visit:?

Phishing 94

Phishing Malware Government Hacking 94

Security Affairs

FEBRUARY 1, 2022

The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails. The spear-phishing campaigns try to lure vicitms with fake emails that impersonate the banking institutions. About the author: Pedro Tavarez. Follow me on Twitter: @securityaffairs and Facebook.

Social Engineering 96

Social Engineering Banking Engineering Phishing 96

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. In addition, the likelihood of the data being used for phishing and social engineering increases. . Changes in the number of ransomware blog posts in 2021–2022, worldwide ( download ).

Media 117

Media Social Engineering Ransomware Hacking 117

Security Affairs

JUNE 18, 2022

Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers spotted a new strain of Android malware, named Malibot, that is targeting online banking and cryptocurrency wallet customers in Spain and Italy. ” reads the advisory published by F5 Labs.

Banking 116

Banking Cryptocurrency Malware Mobile 116

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. ” reads the alert published by Ukraine’s CERT.

Malware 93

Malware Phishing VPN Accountability 93

Security Affairs

APRIL 17, 2023

The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. . ” continues the report. ” continues the report.

Media 94

Media Accountability Government Malware 94

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” ua,” the campaign aims at infecting the target systems with malware. To nominate, please visit:? Pierluigi Paganini.

Phishing 115

Phishing Government Hacking Malware 115

Malwarebytes

AUGUST 3, 2022

This blog post was authored by Ankur Saini and Hossein Jazi. In this blog post, we will analyze Woody Rat's distribution methods, capabilities as well as communication protocol. We believe that these archive files have been distributed using spear phishing emails. The malware communicates with its C2 using HTTP requests.

Malware 62

Malware Encryption Antivirus Architecture 62

Security Affairs

SEPTEMBER 16, 2022

In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. “Detecting malicious IMG and ISO archives served via phishing attachments is routine for Mandiant Managed Defense. The attackers are spreading tainted versions of the PuTTY SSH and Telnet client.

Phishing 123

Phishing Malware Internet Internet 123

Security Affairs

JUNE 11, 2022

” “The malware leverages a DNS attack technique called “DNS Hijacking” in which an attacker- controlled DNS server manipulates the response of DNS queries and resolve them as per their malicious requirements.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

DNS 144

DNS Telecommunications Malware Phishing 144

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. The end goal of the nation-state actors is to deploy the ROKRAT on the victims’ systems by using spear-phishing emails. ” concludes the report.

Malware 84

Malware Education Media Phishing 84

Security Affairs

MAY 3, 2022

Google TAG also observed Russia-linked APT28 (aka Fancy Bear) cyberespionage group targeting users in Ukraine with a new variant of a.Net malware distributed via email attachments inside of password protected zip files (ua_report.zip). The malware is able to steal cookies and saved passwords from Chrome, Edge and Firefox browsers.

Manufacturing 111

Manufacturing Government Phishing Passwords 111

Security Affairs

JULY 11, 2022

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Figure 1: High-level diagram of the ANUBIS phishing network and its components (2020). The Phishing template.

Phishing 100

Phishing Social Engineering Banking Engineering 100

Security Affairs

MAY 31, 2022

The first stage domains are used to host the first stage malware that speeds through spear-phishing messages, to receive collected information by first-stage malware, and to host the second stage payloads. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Encryption 97

Encryption Malware Phishing Hacking 97

Security Affairs

APRIL 17, 2023

The malware can exfiltrate collected data via Telegram chat using the Telegram Bot API. The experts believe that the tool is widely distributed and is likely paid malware. Typically, this type of tool would be used to hijack said services and use the infrastructure for mass spamming or opportunistic phishing campaigns.”

Mobile 87

Mobile Hacking Malware Accountability 87

Identity IQ

SEPTEMBER 21, 2023

This blog sheds light on what smart TV scams are, how they work, and how you can help protect yourself from falling victim to them. Scammers use smart TV scams as an attempt to trick users into sharing their personal and financial information. Are there specific signs I’m accessing a phishing website on my smart TV?

Scams 105

Scams Identity Theft Phishing Software 105

Security Affairs

APRIL 7, 2023

. “More specifically, cracked versions of Cobalt Strike allow Defendants to gain control of their victim’s machine and move laterally through the connected network to find other victims and install malware. ” reads the court order. ” Example of an attack flow by threat actor DEV-0243. .”

Penetration Testing 84

Penetration Testing Ransomware Malware Hacking 84

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. government institutions, and about 250 Ukrainian victims. ” reads the joint advisory.

Malware 86

Malware Firmware Government Education 86

Security Affairs

APRIL 6, 2022

The URL points to a phishing page designed to trick victims into entering their phone numbers as well as the one-time passwords sent via SMS. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” ua,” the campaign aims at infecting the target systems with malware. ” reads the alert published by CERT-UA.

Accountability 103

Accountability Phishing Passwords Hacking 103

Security Affairs

MAY 10, 2023

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia. In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain of malware dubbed DownEx.

Malware 89

Malware Government Phishing Hacking 89

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities 98

Energy and Utilities Government Firewall Malware 98

Security Affairs

JUNE 1, 2022

Researchers from Proofpoint reported that TA413 is conducting a spear-phishing campaign that uses ZIP archives containing weaponized Word Documents. Proofpoint has previously reported on Sepulcher malware and its links to the Lucky Cat and Exile Rat malware campaigns that targeted Tibetan organizations. app for the attacks.

Malware 103

Malware Phishing Hacking Cybersecurity 103

Security Affairs

APRIL 26, 2022

North Korea-linked APT37 group is targeting journalists that focus on DPRK with a new piece of malware. North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. ” reads the analysis published by Stairwell. ” concludes the report.

Malware 73

Malware DNS Phishing Authentication 73

Security Affairs

APRIL 9, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter newsletter) The post Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition appeared first on Security Affairs. billion rubles. billion rubles.

Computers and Electronics 82

Computers and Electronics Backups Cybercrime Marketing 82