SecureWorld News

APRIL 21, 2022

Treasury Department warning of a North Korean state-sponsored advanced persistent threat (APT) known as the Lazarus Group targeting cryptocurrency and blockchain companies. The threat actors use social engineering to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems.

Cryptocurrency 79

Cryptocurrency Computers and Electronics Social Engineering System Administration 79

SecureList

JUNE 5, 2023

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom.

Cryptocurrency 78

Cryptocurrency DNS Malware Encryption 78

Malwarebytes

FEBRUARY 17, 2023

The tag-team campaign serves up ransomware known as Mortal Kombat, which borrows the name made famous by the video game, and Laplas Clipper malware, a clipboard stealer. The email is cryptocurrency themed, and claims that a payment of yours has “timed out” and will need resending.

Ransomware 77

Ransomware Malware Cryptocurrency Encryption 77

Malwarebytes

DECEMBER 13, 2023

Threat actors have been alternating between different keywords for software downloads such as “Advanced IP Scanner” or “WinSCP” normally geared towards IT administrators. Its goal is to drop additional malware, typically a stealer followed by data exfiltration. me ntcrgfmmc3[.]onelink[.]me me 169-zoona32[.]onelink[.]me

Cryptocurrency 65

Cryptocurrency Advertising Malware Accountability 65

eSecurity Planet

JANUARY 26, 2023

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. Researcher Will Dormann responded , “Interesting that the malware ad is given priority over the real LibreOffice ad. The TA asked nicely for preferential treatment?

Malware 116

Malware Ransomware Software Cryptocurrency 116

SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. Malware infection.

Cryptocurrency 126

Cryptocurrency Malware Accountability Banking 126

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The second-stage malware extracts and executes the third-stage binary.

Malware 94

Malware Cryptocurrency Architecture Advertising 94

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability 129

Accountability Malware Phishing Social Engineering 129

Security Affairs

JANUARY 9, 2020

In the last 18 months, North Korea-linked Lazarus APT group has continued to target cryptocurrency exchanges evolving its TTPs. Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges.

Cryptocurrency 61

Cryptocurrency Malware Advertising Encryption 61

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 276

Malware Software Technology Accountability 276

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 114

Malware Cryptocurrency Architecture Engineering 114

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware 90

Malware Cryptocurrency Encryption Hacking 90

Security Affairs

MAY 19, 2023

ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed.

Encryption 82

Encryption Social Engineering Malware Cryptocurrency 82

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. “Breaking the cryptographic encryption is considered “Mission: Impossible”.

Encryption 96

Encryption Cybercrime Hacking Malware 96

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. Experts observed the ransomware also installing the dreaded Azorult password-stealing Trojan on victim’s machine to steal account credentials, cryptocurrency wallets, documents and more.

Encryption 86

Encryption Ransomware Cryptocurrency Passwords 86

SecureList

MARCH 31, 2022

For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. Backdoor creation.

Malware 116

Malware Encryption Cryptocurrency Architecture 116

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing 117

Phishing Malware Cryptocurrency Information Security 117

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 87

Malware Banking Penetration Testing Healthcare 87

Identity IQ

APRIL 29, 2021

What is Malware? . Malware is an umbrella term used to describe any malicious software designed to harm, exploit, or extract sensitive data from a system, device, or network. Why do Cybercriminals Use Malware? How does Malware Spread? Types of Malware. Warning Signs Cour computer Is Infected by Malware.

Malware 98

Malware Adware Spyware Advertising 98

SecureList

OCTOBER 24, 2023

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. A good example of this is GoPIX, a malware campaign that has been active since December 2022. If they click such a link, a redirection follows, with the user ending up on the malware landing page.

Ransomware 91

Ransomware Malware Advertising Passwords 91

SecureList

DECEMBER 13, 2023

Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns.

Ransomware 90

Ransomware Passwords Malware Encryption 90

Security Affairs

DECEMBER 20, 2023

JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. JaskaGO is a sophisticated malware that supports an extensive array of commands and can maintain persistence in different ways. Following the discovery, researchers observed dozens of new samples that show the malware.

Malware 113

Malware Passwords Cryptocurrency Software 113

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 107

Malware DNS Encryption Cryptocurrency 107

SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Number of attacks on mobile users in 2019 and 2020 ( download ). Last year was notable for both malware and adware, the two very close in terms of capabilities. Number of adware attacks on mobile users in 2019 and 2020 ( download ). apk and coviddetect.apk.

Mobile 132

Mobile Malware Adware Banking 132

SecureList

APRIL 12, 2023

In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. Beginning of tracking DeathNote The notorious threat actor Lazarus has persistently targeted cryptocurrency-related businesses for a long time.

Malware 125

Malware Cryptocurrency Software Encryption 125

Webroot

OCTOBER 14, 2022

In other words, 2022 has been an eventful year in the threat landscape, with malware continuing to take center stage. The 6 Nastiest Malware of 2022. With that, here are the 6 Nastiest Malware of 2022. The post Discover 2022’s Nastiest Malware appeared first on Webroot Blog. 2022 was no different.

Malware 61

Malware Antivirus DDOS Cyber Insurance 61

Security Affairs

NOVEMBER 26, 2019

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malware also uses scheduled tasks to achieve persistence.

Cryptocurrency 124

Cryptocurrency Malware Encryption Advertising 124

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 91

Cybercrime Malware Cryptocurrency Advertising 91

SecureList

DECEMBER 27, 2022

We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the group’s activities and this October we observed the adoption of new malware strains in its arsenal. However, it has recently started to adopt new methods of malware delivery. Novel infection chain.

Malware 131

Malware Banking Passwords Antivirus 131

Security Affairs

JANUARY 16, 2022

Microsoft spotted a new destructive malware operation targeting government, non-profit, and IT entities in Ukraine. At present and based on Microsoft visibility, our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues.”. ” reported Reuters.

Malware 105

Malware Government Ransomware Encryption 105

CyberSecurity Insiders

JUNE 27, 2023

Understanding Smartphone Ransomware: Smartphone ransomware is a form of malware that encrypts the data on a device and holds it hostage until a ransom is paid to the attacker. This malware can infiltrate your smartphone through various means, such as malicious apps, infected websites, or phishing emails.

Ransomware 107

Ransomware Antivirus Backups Encryption 107

SecureList

NOVEMBER 10, 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Apart from cryptocurrency theft they extort digital money or illicitly mine it using victim’s devices instead of their own. Cryptocurrency mining is a painstaking and costly process, and not as rewarding as when the prices were high.

Cryptocurrency 106

Cryptocurrency Malware Software Ransomware 106

Security Affairs

FEBRUARY 20, 2023

The malware was developed by a threat actor that uses the moniker Plymouth who claims the info-stealer supports a wide set of stealing capabilities. SEKOIA identified more than 40 Stealc C2 servers, a circumstance that confirms the increasing popularity of the malware among cybercriminals distributing stealers.

Malware 86

Malware Cryptocurrency Advertising Data collection 86

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware 106

Malware Adware Architecture Antivirus 106

Malwarebytes

AUGUST 30, 2023

Not only did the agencies shut down the core of the Qakbot infrastructure, they also cleaned the malware from infected devices. million dollars-worth of illicit cryptocurrency profits. Often that malware included a ransomware variant, with Black Basta the most recent ransomware of choice. US authorities also seized around 8.6

Ransomware 93

Ransomware Malware Backups Encryption 93

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Previously, a similar module was often found in preinstalled malware on Chinese-made smartphones.

Malware 99

Malware Advertising Mobile Hacking 99

Security Affairs

MARCH 17, 2020

In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan. The website was distributing a file named WSHSetup.exe, it is the downloader for both the CoronaVirus Ransomware and the Kpot password-stealer.

Ransomware 100

Ransomware Cryptocurrency Advertising Passwords 100