Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware 131

Malware Manufacturing Cryptocurrency Cybercrime 131

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware 97

Malware Computers and Electronics Encryption Ransomware 97

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The second-stage malware extracts and executes the third-stage binary.

Malware 91

Malware Cryptocurrency Architecture Advertising 91

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. The hackers used fake collaboration opportunities (i.e. Pierluigi Paganini.

Accountability 126

Accountability Malware Phishing Social Engineering 126

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 111

Malware Cryptocurrency Architecture Engineering 111

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. SecurityAffairs – hacking, malware).

Phishing 116

Phishing Malware Cryptocurrency Information Security 116

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption 94

Encryption Cybercrime Hacking Malware 94

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 281

Malware Software Technology Accountability 281

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Endpoint Security : Install endpoint security solutions to fortify defenses against malware attacks. com,” and “Jenny[@]gsd[.]com.”

Phishing 108

Phishing Ransomware Security Awareness Authentication 108

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 90

Cybercrime Malware Cryptocurrency Advertising 90

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware 87

Malware Cryptocurrency Encryption Hacking 87

Security Affairs

DECEMBER 20, 2023

JaskaGO is a new Go-based information stealer malware that targets both Windows and Apple macOS systems, experts warn. Researchers from AT&T Alien Labs uncovered a previously undetected Go-based information stealer dubbed JaskaGO that targets Windows and macOS systems. Password encryption keys key4.db

Malware 111

Malware Passwords Cryptocurrency Software 111

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware 104

Malware Adware Architecture Antivirus 104

Security Affairs

NOVEMBER 26, 2019

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malware also uses scheduled tasks to achieve persistence.

Cryptocurrency 121

Cryptocurrency Malware Encryption Advertising 121

Security Affairs

MAY 19, 2023

ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed.

Encryption 79

Encryption Social Engineering Malware Cryptocurrency 79

Security Affairs

MAY 2, 2024

“Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” .” reads the press release published by DoJ.

Ransomware 89

Ransomware Cryptocurrency Cybercrime Encryption 89

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., “Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception.

Banking 78

Banking Cryptocurrency Malware Advertising 78

Security Affairs

JULY 23, 2022

“The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. The Kansas hospital opted to pay approximately a $100,000 ransom in Bitcoin to receive a decryptor e recover the encrypted files.

Ransomware 128

Ransomware Healthcare Cryptocurrency Encryption 128

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware 105

Ransomware Encryption Malware InfoSec 105

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 83

Cryptocurrency Data breaches DNS DDOS 83

Security Affairs

OCTOBER 13, 2021

However, experts pointed out that the botnet uses more than 20 cryptocurrencies in total, for this reason the total financial gains could be greater than $24M. This malware counts on the fact that users do not expect to paste values different from the one that they copied. ” continues the analysis.

Cryptocurrency 102

Cryptocurrency Encryption Malware Hacking 102

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 86

Spyware Hacking Malware Social Engineering 86

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.

Malware 97

Malware Advertising Mobile Hacking 97

Security Affairs

FEBRUARY 10, 2023

. “This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.” Obfuscate Identity.

Ransomware 80

Ransomware Healthcare Cryptocurrency Government 80

Security Affairs

FEBRUARY 20, 2023

Researchers spotted a new information stealer, called Stealc, which supports a wide set of stealing capabilities. discovered a new information stealer, dubbed Stealc, which was advertised in the dark web forums. stealc was written in pure C using WinAPI C written malware uses WinAPI functions. released on February 11, 2023.

Malware 83

Malware Cryptocurrency Advertising Data collection 83

Security Affairs

MARCH 17, 2020

Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. The filename of the encrypted files will be changed to the attacker’s email address (i.e.

Ransomware 99

Ransomware Cryptocurrency Advertising Passwords 99

Security Affairs

MAY 21, 2023

This week, ReversingLabs researchers warned of the presence of two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat.

Social Engineering 88

Social Engineering Malware Cryptocurrency Engineering 88

Security Affairs

SEPTEMBER 11, 2022

The post Security Affairs newsletter Round 383 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Data breaches 95

Data breaches Ransomware Phishing Malware 95

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

JULY 2, 2023

Illicit Telegram Communities Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant Malware Trojanized Super Mario Game Installer Spreads SupremeBot Malware Initial research exposing JOKERSPY Who is 8BASE?

Cybercrime 85

Cybercrime Hacking Ransomware Malware 85

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 82

Data breaches Cybercrime Firewall Artificial Intelligence 82

Security Affairs

FEBRUARY 25, 2021

. “Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware 95

Malware Cryptocurrency Password Management Encryption 95

Security Affairs

MAY 25, 2021

Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. ” reads the security advisories published by Apple for the above issues.

Malware 143

Malware Cryptocurrency Ransomware Encryption 143

Security Affairs

MARCH 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. FiXS, a new ATM malware that is targeting Mexican banks BidenCash leaks 2.1M If you want to also receive for free the newsletter with the international press subscribe here. flaws could impact billions of devices The U.S.

Spyware 83

Spyware Data breaches Retail Ransomware 83

Security Affairs

JULY 15, 2022

The Holy Ghost ransomware appends the file extension.h0lyenc to filenames of encrypted files. The SiennaBlue variant evolved over time by implementing multiple encryption options, string obfuscation, public key management, and support for the internet and intranet. The threat actors asked victims to pay a ransom from 1.2

Ransomware 131

Ransomware Cryptocurrency Government Small Business 131

Security Affairs

AUGUST 4, 2023

The researchers speculate the packages are part of a highly-targeted attack on developers working in the cryptocurrency sector. “This seems to be another highly-targeted attack on developers involved in the cryptocurrency sphere. ” concludes the report.

Cryptocurrency 83

Cryptocurrency Marketing Encryption Passwords 83