Document, Information Security, Malware and Passwords

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime

Cybercrime Malware Passwords Advertising

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. ” The RAR archive analyzed by the Ukrainian CERT-UA contains the document “Algorithm_LegalAid.xlsm.” Pierluigi Paganini.

Telecommunications

Telecommunications Malware Media Passwords

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware

Malware Software Technology Accountability

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. To do this, the spyware creates different threads and timer functions in the main function. Pierluigi Paganini.

Passwords

Passwords Spyware VPN Malware

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. ” reads the analysis published by ESET.

Malware

Malware Architecture Passwords Software

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Cisco Talos researchers discovered a new malware, tracked as ObliqueRAT, that was employed targeted attacks against organizations in Southeast Asia. Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. .

Government

Government Malware Advertising Passwords

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare.

Ransomware

Ransomware Malware Antivirus Encryption

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Subject lines included “your document” and “photo of you???”. ” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications. .”

Phishing

Phishing Ransomware Security Awareness Authentication

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). “The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Information Security Encryption Phishing

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Encryption Antivirus Architecture

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

The malware impersonates a Visual Studio update and was designed to support Intel and Arm architectures. The malware has been active since at least November 2023, but it was fist spotted on February 2 nd 2024. RustDoor is written in Rust language and supports multiple features.

Ransomware

Ransomware Architecture Malware Passwords

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware. According to court documents, the FBI covertly purchased and analyzed the Warzone RAT. ” concludes DoJ.

Malware

Malware Hacking Cybercrime Advertising

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” Once the victim double-clicked the HTML file, a blurred image with a preconfigured email within the document is opened in the browser. ” continues the post.

Phishing

Phishing Passwords Manufacturing Healthcare

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Malware

Malware VPN Authentication Hacking

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. First documented in 2020 by Trend Micro and Kaspersky, LightSpy refers to an advanced iOS backdoor that’s distributed via watering hole attacks through compromised news sites.

Spyware

Spyware Mobile Malware Encryption

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Security Affairs

SEPTEMBER 7, 2023

In April Cyble Research and Intelligence Labs (CRIL) discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems.

Malware

Malware Passwords Engineering Software

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. A deep investigation into the campaign revealed several undisclosed malware and interesting data exfiltration tools used by the group. The report details the execution flow for each of the above malware.

Malware

Malware Phishing Passwords Government

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). ” concludes the report.

Advertising

Advertising Passwords Malware Password Management

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past.

Malware

Malware Passwords Advertising Cybercrime

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer. “Please take a look at the details in the attached document.”

Phishing

Phishing Passwords Banking Malware

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

This advanced custom Rat is mainly the work of a threat actor that targets Russian entities by using lures in archive file format and more recently Office documents leveraging the Follina vulnerability. The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Encryption Antivirus Architecture

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

Emotet is back after a three-month hiatus

Security Affairs

MARCH 20, 2023

The infamous Emotet malware is back after a short hiatus, threat actors are spreading it via Microsoft OneNote email attachments. The Emotet malware returns after a three-month hiatus and threat actors are distributing it via Microsoft OneNote email attachments to avoid detection. ” reads the post published by MalwareBytes.

Malware

Malware Banking Engineering Passwords

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several municipalities. A large-scale Emotet campaign hit Lithuania, the malware has infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities. since August.

Passwords

Passwords Malware Telecommunications Banking

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Security Affairs

SEPTEMBER 20, 2019

Agent Tesla is a fully customizable password info-stealer offered as malware-as-a-service , many cyber criminals are choosing it as their preferred recognition tool. . Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “ commodity malware ”.

Malware

Malware Advertising Accountability Passwords

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

The credentials provided by the recipient are sent to an attacker-controlled URL, however, after the recipient enters their password, the phishing page redirects to a benign document that contains the interview questions, or an RFI that includes information of interest for the victims.

Phishing

Phishing Media Passwords Malware

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

How to check if an email or a domain was used in Emotet attacks?

Security Affairs

OCTOBER 1, 2020

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. The recent Emotet campaign uses spam messages with password-protected attachments. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. SecurityAffairs – hacking, malware).

Malware

Malware Advertising Banking Passwords

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 in May 2023 started using LNK infection chains instead of Microsoft Word documents with macros.

Malware

Malware VPN Media Encryption

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Install and regularly update anti-virus or anti-malware software on all hosts.

Ransomware

Ransomware Passwords VPN Authentication

Experts detail a new Kimsuky social engineering campaign

Security Affairs

JUNE 8, 2023

The campaign has the objective of stealing Google and subscription credentials of a reputable news and analysis service focusing on North Korea, as well as delivering reconnaissance malware. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

Social Engineering

Social Engineering Engineering Malware Risk

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. revealed that the XcodeGhost malware impacted 128 million iOS users. ” reported Arstechnica.

Malware

Malware Hacking Mobile Passwords

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. ALPHV seems to be significantly competing with Lockbit 3.0

Ransomware

Ransomware Passwords Data breaches Technology

Emotet Botnet dismantled in a joint international operation

Security Affairs

JANUARY 27, 2021

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Banking

Banking Malware Passwords Hacking

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

FEBRUARY 26, 2021

“Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain. “The Ryuk variant analyzed in this document does have self-replication capabilities. “The content of this scheduled task is described in the analysis present in this document.

Ransomware

Ransomware Passwords Accountability Encryption

Foreign hackers breached Russian federal agencies, said FSB

Security Affairs

MAY 22, 2021

. “The main goal of the hackers was to completely compromise the IT infrastructure and steal confidential information, including documents from closed segments and mail correspondence of key federal executive authorities.” The threat actors employed two previosuly undetected piece of malware dubbed Mail-O and Webdav-O.

Computers and Electronics

Computers and Electronics Malware Antivirus Government

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Government

Government Banking Advertising Malware

Ursnif campaign targets Italy with a new infection Chain

Security Affairs

MARCH 17, 2020

Malware researchers from Cybaze-Yoroi ZLab have uncovered a new Ursnif campaign that is targeting Italy with a new infection chain. Sample information. Once the Microsoft Word document is opened, it will ask for a password to enable the opening of the document: Figure 2: Request of the password inside the document.

Passwords

Passwords Malware Advertising Engineering

New MacStealer macOS malware appears in the cybercrime underground

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Webinars

Trending Sources

Alleged FruitFly malware creator ruled incompetent to stand trial

Webinars

3CX Breach Was a Double Supply Chain Compromise

YouTube creators’ accounts hijacked with cookie-stealing malware

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

New modular ModPipe POS Malware targets restaurants and hospitality sectors

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Mysterious custom malware used to steal 1.2TB of data from million PCs

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

New Woody RAT used in attacks aimed at Russian entities

Woody RAT: A new feature-rich malware spotted in the wild

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

US Feds arrested two men involved in the Warzone RAT operation

Passwords stolen via phishing campaign available through Google search

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Technical analysis of China-linked Earth Preta APT’s infection chain

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

CDRThief Linux malware steals VoIP metadata from Linux softswitches

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Woody RAT: A new feature-rich malware spotted in the wild

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Emotet is back after a three-month hiatus

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

STRRAT RAT spreads masquerading as ransomware

How to check if an email or a domain was used in Emotet attacks?

Iran-linked APT TA453 targets Windows and macOS systems

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Experts detail a new Kimsuky social engineering campaign

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Emotet Botnet dismantled in a joint international operation

New Ryuk ransomware implements self-spreading capabilities

Foreign hackers breached Russian federal agencies, said FSB

CISA alert warns of Emotet attacks on US govt entities

Ursnif campaign targets Italy with a new infection Chain

Stay Connected