Document, Encryption and Malware - Cyber Security Informer

Ransomware Now Leaking Stolen Documents

Schneier on Security

APRIL 14, 2020

Malware would encrypt the data on your computer, and demand a ransom for the encryption key. Now ransomware is increasingly involving both encryption and exfiltration. Originally, ransomware didn't involve any data theft. Brian Krebs wrote about this in December. It's a further incentive for the victims to pay.

Ransomware

Ransomware Encryption Malware

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking

Banking Malware Energy and Utilities Encryption

Lazarus group evolves its infection chain with old and new malware

SecureList

DECEMBER 19, 2024

After looking into the attack, we were able to uncover a complex infection chain that included multiple types of malware, such as a downloader, loader, and backdoor, demonstrating the group’s evolved delivery and improved persistence methods. CookieTime still in use Another piece of malware found on the infected hosts was CookieTime.

Malware

Malware Encryption Software Cryptocurrency

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” reads the report published by Google.

Malware

Malware Government Encryption Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware

Malware Cryptocurrency Encryption Phishing

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Based on these similarities, we're quite sure the new malware was developed by the COMPfun authors. The COMpfun malware was initially documented by G-DATA in 2014.

Malware

Malware Engineering Encryption Hacking

A new fileless variant of Remcos RAT observed in the wild

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.

Phishing

Phishing Malware Banking Encryption

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware

Malware Social Engineering Engineering Government

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption

Encryption Malware Phishing Hacking

Operation SyncHole: Lazarus APT goes back to the well

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware

Malware Software Encryption Internet

Take my money: OCR crypto stealers in Google Play and App Store

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware

Malware Encryption Mobile Cryptocurrency

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption VPN Cryptocurrency

Iranian Government Hacking Android

Schneier on Security

SEPTEMBER 24, 2020

The hackers also have created malware disguised as Android applications, the reports said. It looks like the standard technique of getting the victim to open a document or application. Both are popular messaging tools in Iran.

Government

Government Hacking Mobile Encryption

Legal Threats Make Powerful Phishing Lures

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware. Please download and read the attached encrypted document carefully.

Phishing

Phishing Antivirus Scams Malware

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. “For And then they may use off-the-shelf malware to carry out their attack.

Malware

Malware Firewall Encryption Data breaches

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus

Antivirus VPN Encryption Malware

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. In particular, Avast and AVG solutions are of interest to the malware.

Malware

Malware Encryption Architecture Phishing

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

eSecurity Planet

MAY 5, 2025

Cybersecurity analysts at Recorded Futures Insikt Group have identified the fresh threats as TerraStealerV2 and TerraLogger, two malware strains believed to be the latest additions to Golden Chickens growing Malware-as-a-Service (MaaS) arsenal. TerraLoader : a malware loader. TerraCrypt : ransomware.

Passwords

Passwords Malware Cryptocurrency Cybercrime

Attacking the Intel Secure Enclave

Schneier on Security

AUGUST 30, 2019

The paper: " Practical Enclave Malware with Intel SGX.". In particular, it is unclear to what extent enclave malware could harm a system. In this work, we practically demonstrate the first enclave malware which fully and stealthily impersonates its host application. The results are predictable.

Malware

Malware Architecture Encryption Phishing

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

Cloud Atlas seen using a new tool in its attacks

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. dat Encrypted VBShower backdoor AppCache028732611605321388.log:AppCache0287326116053213889292.vbs See below for the infection pattern.

Encryption

Encryption Penetration Testing Malware Phishing

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware

Ransomware Cybercrime Malware Encryption

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

The malware is deployed via the Android Debug Bridge (adb) command-line utility. “In at least two cases Amnesty International documented, the Cellebrite UFED product and associated exploits were used to covertly bypass phone security features, enabling Serbian authorities to infect the devices with NoviSpy spyware.

Spyware

Spyware Surveillance Technology Mobile

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware

Ransomware Encryption Backups Malware

Ransomware Gangs Don’t Need PR Help

Krebs on Security

JULY 1, 2020

Usually, the blog posts that appear on ransom sites are little more than a teaser — screenshots of claimed access to computers, or a handful of documents that expose proprietary or financial information.

Ransomware

Ransomware Cybercrime Encryption Malware

How to recover files encrypted by Yanlouwang

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. This is necessary to make files used by other programs available for encryption. The encryption code for big files. Yanluowang description.

Encryption

Encryption Ransomware Backups VPN

How to recover files encrypted by Yanluowang

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. This is necessary to make files used by other programs available for encryption. The encryption code for big files. Yanluowang description.

Encryption

Encryption Ransomware Backups VPN

Massive InfoStealer Malware Breach Exposes 184 Million Credentials

SecureWorld News

JUNE 3, 2025

Fowler's analysis suggests that the data was harvested using InfoStealer malware, a malicious software designed to extract sensitive information from infected systems. This malware can siphon off credentials, autofill data, cookies, and even crypto wallet details, often without the user's knowledge.

Malware

Malware Passwords Identity Theft Phishing

FAUST Ransomware Strikes: The Hidden Dangers Inside Office Documents

Penetration Testing

JANUARY 25, 2024

This malicious software, designed to encrypt files on a victim’s computer, demands a ransom in exchange for the decryption key,... The post FAUST Ransomware Strikes: The Hidden Dangers Inside Office Documents appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Ransomware Encryption Software

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Encryption Antivirus Architecture

China-linked APTs’ tool employed in RA World Ransomware attack

Security Affairs

FEBRUARY 13, 2025

The attack used a Toshiba executable to sideload PlugX malware. It also resembles Trend Micros documented PlugX type 2 variant, also linked to Fireant. Both variants use the same RC4 encryption key (qwedfgx202211) and have similar configuration structures, reinforcing their connection to the espionage group.

Ransomware

Ransomware Software Cybercrime Encryption

World Backup Day: Pledge to protect your digital life

Webroot

MARCH 12, 2025

Backing up your data simply means creating copies of your important files and storing them in secure, encrypted locations. This can be caused by software bugs, hardware failures, viruses and malware , resulting in system crashes or data corruption. Ensures that your valuable data is encrypted, secure, and accessible when you need it.

Backups

Backups Encryption Antivirus Data preservation

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

SecureList

APRIL 17, 2025

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny while the use of some malware families is reported for decades, information about others disappears after days, months or several years. io public file storage.

Malware

Malware Encryption Architecture Engineering

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

SecureWorld News

JUNE 9, 2025

Much of the industry still relies on legacy operational tech (OT) systems that lack modern security features such as automated patch management and encryption by default. When vendors gain network access for ticketing, baggage handling, or route planning, they can inadvertently introduce malware or provide a foothold for threat actors.

Cybersecurity

Cybersecurity Social Engineering Computers and Electronics Risk

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive. Later that year, we discovered a new set of activities.

Malware

Malware Government Software Spyware

Report: Brazil must do more to encrypt, back up data

Malwarebytes

JULY 8, 2022

Assuming the attackers don’t just vanish into the night, the business may decide to pay the ransom and recover the encrypted files. The report notes that various initiatives already exist to get people talking about the need for both encryption and backing up. Not having backups leaves victims with very limited options.

Encryption

Encryption Backups Ransomware Cybercrime

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In Dark Web environments as well as on specialized forums, sellers are posting synthetic ads inviting potential buyers to contact them privately, often via Telegram, Session, and other encrypted messaging apps. Payments are mostly made in Bitcoin or Monero, to ensure confidentiality and irreversibility.

Cybercrime

Cybercrime Social Engineering Accountability Government

Hacked by Police

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents.

Hacking

Hacking Telecommunications Encryption Firewall

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. While the modus operandi of the threat actor is reminiscent of the CloudWizard APT that we reported on in 2023, the malware code is completely different.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Like other COVID-19 themed malspam campaigns, the infection chain starts by opening a weaponized document used as an attachment.

Malware

Malware Manufacturing Cryptocurrency Cybercrime

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016. One of C2 domains, st0746[.]net,

Spyware

Spyware Surveillance Encryption Malware

Ransomware Now Leaking Stolen Documents

Zanubis in motion: Tracing the active evolution of the Android banking malware

Trending Sources

Lazarus group evolves its infection chain with old and new malware

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

New Reductor Nation-State Malware Compromises TLS

A new fileless variant of Remcos RAT observed in the wild

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

North Korea-linked Konni APT uses Russian-language weaponized documents

Operation SyncHole: Lazarus APT goes back to the well

Take my money: OCR crypto stealers in Google Play and App Store

US authorities have indicted Black Kingdom ransomware admin

Iranian Government Hacking Android

Legal Threats Make Powerful Phishing Lures

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

LockFile Ransomware uses a new intermittent encryption technique

Adventures in Contacting the Russian FSB

Beyond the Surface: the evolution and expansion of the SideWinder APT group

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

Attacking the Intel Secure Enclave

3CX Breach Was a Double Supply Chain Compromise

Cloud Atlas seen using a new tool in its attacks

Ukrainian Police Nab Six Tied to CLOP Ransomware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Ransomware Gangs Don’t Need PR Help

How to recover files encrypted by Yanlouwang

How to recover files encrypted by Yanluowang

Massive InfoStealer Malware Breach Exposes 184 Million Credentials

FAUST Ransomware Strikes: The Hidden Dangers Inside Office Documents

Woody RAT: A new feature-rich malware spotted in the wild

China-linked APTs’ tool employed in RA World Ransomware attack

World Backup Day: Pledge to protect your digital life

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Cybersecurity in Aviation: Rising Threats and Modernization Efforts

YouTube creators’ accounts hijacked with cookie-stealing malware

APT trends report Q3 2024

Report: Brazil must do more to encrypt, back up data

EDR-as-a-Service makes the headlines in the cybercrime landscape

Hacked by Police

IT threat evolution Q3 2024

New RedLine malware version distributed as fake Omicron stat counter

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Stay Connected