DNS, Download, Information Security and Malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” continues the analysis.

DNS

DNS Malware Technology Encryption

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware

Malware DNS Retail Education

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The second variant. ” states the analysis.

DNS

DNS Malware Advertising DDOS

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Security Affairs

FEBRUARY 3, 2023

The former is a VBScript used to download next-stage VBScript from a remote server. Upon opening the.LNK file, it uses the System Binary Proxy Execution technique through the execution of Windows-native binary (designed to execute Microsoft HTML Application (HTA) files (mshta.exe)) to download a file via the URL hxxps://secureurl[.]shop/09.01_otck/quicker[.]rtf.

Malware

Malware Spyware DNS Government

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. The victim downloads and opens the malicious app that installs FluBot.

Malware

Malware DNS Banking Hacking

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. ” continues the report.

Malware

Malware Surveillance Phishing Government

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Hackers use intercepted data to hijack your current session on a website, giving them access to your private accounts and information. While they can’t directly read your password, they can still download malware or gather enough information to steal your identity.

DNS

DNS VPN Encryption Passwords

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. This backdoor is custom malware, likely developed by or for Coldriver, called Spica. It is mainly in use by security researchers to classify malware. These targets are approached in spear phishing attacks.

Social Engineering

Social Engineering Government Media DNS

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software

Software Malware Banking Advertising

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

Threat actors abuse public cloud services to spread multiple RATs

Security Affairs

JANUARY 13, 2022

Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore , Netwire , and AsyncRAT used to steal sensitive information from compromised systems. The attackers used complex obfuscation techniques in the downloader script. ” reads the analysis published by Talos.

DNS

DNS Malware Cybercrime Ransomware

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. The attack chain starts with a downloader module on a victim’s server in the form of a standalone executable format and a DLL. The DLL downloader is run by the Exchange IIS worker process w3wp.exe.

Ransomware

Ransomware Backups Encryption DNS

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

We discovered the Simps Botnet binaries downloaded via shell script sample and Remote Code Execution vulnerability exploits by Gafgyt – detailed in our earlier post. . During the first week of May 2021, the Uptycs’ threat research team detected a shell script and Gafgyt malware downloading Simps binaries from the same C2- 23.95.80[.]200.

DDOS

DDOS Malware Architecture IoT

China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

Security Affairs

DECEMBER 29, 2021

The attackers were observed performing multiple connectivity checks via DNS lookups for a subdomain under dns[.]1433[.]eu[.]org The researchers explained that multiple threat actors utilize publicly accessible DNS logging services like dns[.]1433[.]eu[.]org org , running on the VMware Horizon instance.

DNS

DNS Hacking Malware Information Security

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors.

Adware

Adware DNS Malware Advertising

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. ” reads the post published by Zscaler.

Cryptocurrency

Cryptocurrency Malware DNS Passwords

Russia-linked Gamaredon APT targeted a petroleum refining company in a NATO nation in August

Security Affairs

DECEMBER 20, 2022

Palo Alto Networks Unit 42 researchers discovered more than 500 new domains and 200 malware samples attributed to Gamaredon APT since the beginning of the invasion. Infrastructure using fast flux DNS rotates through many IPs daily and each IP was used for a short time. Gamaredon’s phishing attacks used a .html

DNS

DNS Phishing Hacking Government

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec

InfoSec DNS Advertising Marketing

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. Nozomi analyzed the entire blockchain to discover the C2 domains used by the botnet, the researchers also downloaded over 1500 Glupteba samples from VirusTotal to track the wallet addresses used by the operators.

DNS

DNS Antivirus Cryptocurrency Software

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Upon opening the LNK file, an HTA file will be downloaded and executed on the victim’s computer. The HTA file contains a VBScript code that fetches and decodes the bait file and the malicious program LoadEdge backdoor. The LoadEdge backdoor maintains persistence through the Windows registry.

Spyware

Spyware DNS Phishing Government

North Korea-linked APT37 targets journalists with GOLDBACKDOOR

Security Affairs

APRIL 26, 2022

North Korea-linked APT37 group is targeting journalists that focus on DPRK with a new piece of malware. North Korea-linked APT37 group (aka Ricochet Chollima) has been spotted targeting journalists focusing on DPRK with a new piece of malware. When manually downloaded during analysis, this payload was named Fantasy.”

Malware

Malware DNS Phishing Authentication

Cyber Defense Magazine – February 2021 has arrived. Enjoy it!

Security Affairs

FEBRUARY 2, 2021

108 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec

InfoSec DNS Media Marketing

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

NOVEMBER 21, 2021

This technique tricks the target’s package manager into downloading and installing the malicious module. The “ipboards” and “pptest” packages were discovered using DNS tunneling for data exfiltration, this is the first time that this technique has been used by malicious pac in malware uploaded to PyPI.

DNS

DNS Passwords Malware Hacking

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

DNS

DNS Advertising Spyware Software

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS

DNS Phishing Advertising Malware

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. ” continues the report.

Antivirus

Antivirus Cryptocurrency Malware Software

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

. “In all the attacks involving these CVEs, the attacker’s first move is to try running different syntaxes of OS commands to download and execute a Python script named “out.py”.” “After the script is downloaded and given permissions (using the “chmod” command), the attacker tries to run it using Python 2.

DDOS

DDOS DNS Malware Internet

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” reads the analysis published by Cisco Talos.

Malware

Malware Phishing DNS Cybercrime

FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts

Security Affairs

OCTOBER 22, 2021

The FiveSys rootkit uses the same technique to remain under the radar, it is very similar to the Undead malware and likely originate from China where is used to target domestic games. Up.sys downloads an executable and starts it using an embedded dll which it injects from kernel mode. SecurityAffairs – hacking, cyber security).

Malware

Malware DNS Internet Internet

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Upon executing the bash script, it will execute multiple tasks to: Modify the network DNS configuration. Download the latest IRC bot configuration. SecurityAffairs – hacking, malware).

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

Pink also adopts the DNS-Over-HTTPS ( DoH ) for the distribution of configuration information that’s done either via a project hidden on GITHUB or Baidu Tieba, or via a built-in domain name hard-coded into some of the samples.

Architecture

Architecture DDOS Advertising Firmware

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. “Second, we identified a previously undocumented malware family with strong links to the Ke3chang group – a backdoor we named Okrum. ” reads the report published by ESET. .”

DNS

DNS Malware Advertising Manufacturing

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

“The user eventually downloads an archive file containing either a malicious LNK file or an executable — eventually leading to a Cobalt Strike loader.” ” The threat actors were observed deploying Cobalt Strike in the infected networks, along with a set of additional malware and web shells.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Researchers dismantled ShuangQiang gang?s botnet that infected thousands of PCs

Security Affairs

MAY 27, 2020

“Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. “We traced its family back to the ShuangQiang (double gun) campaign, in the past, this campaign has been exposed by multiple security vendors, but it has rvivied and come back with new methods and great force.”

Advertising

Advertising DNS Software Malware

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.”

Malware

Malware Passwords Advertising DNS

Cyber Defense Magazine – March 2021 has arrived. Enjoy it!

Security Affairs

MARCH 3, 2021

110 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec

InfoSec DNS Media Marketing

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Cuttlefish malware targets enterprise-grade SOHO routers

Webinars

Trending Sources

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Webinars

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

New Agent Raccoon malware targets the Middle East, Africa and the US

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

FluBot malware continues to evolve. What’s new in Version 5.0 and beyond?

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Operation Spalax, an ongoing malware campaign targeting Colombian entities

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Coldriver threat group targets high-ranking officials to obtain credentials

GoldenHelper, a new malware delivered via Chinese tax software

Linksys force password reset to prevent Router hijacking

Threat actors abuse public cloud services to spread multiple RATs

Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

Discovery of Simps Botnet Leads To Ties to Keksec Group

China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

Security Affairs - Untitled Article

Cryptomining DreamBus botnet targets Linux servers

Russia-linked Gamaredon APT targeted a petroleum refining company in a NATO nation in August

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Glupteba botnet is back after Google disrupted it in December 2021

Russia-linked InvisiMole APT targets state organizations of Ukraine

North Korea-linked APT37 targets journalists with GOLDBACKDOOR

Cyber Defense Magazine – February 2021 has arrived. Enjoy it!

Experts found 11 malicious Python packages in the PyPI repository

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Hundreds of Microsoft sub-domains open to hijacking

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

FreakOut botnet target 3 recent flaws to compromise Linux devices

Threat actor has been targeting the aviation industry since at least 2018

FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts

TeamTNT group adds new detection evasion tool to its Linux miner

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

China-Linked APT15 group is using a previously undocumented backdoor

Financially motivated Earth Lusca threat actors targets organizations worldwide

Researchers dismantled ShuangQiang gang?s botnet that infected thousands of PCs

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Cyber Defense Magazine – March 2021 has arrived. Enjoy it!

Stay Connected