Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware 85

Malware Encryption Advertising Cryptocurrency 85

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. The attackers use the web shell to download and run the primary Cerber payload. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user.

Ransomware 132

Ransomware Encryption Malware Accountability 132

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 95

Engineering Malware Cryptocurrency Encryption 95

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 96

Encryption Ransomware Malware Healthcare 96

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware 106

Malware Banking Engineering Encryption 106

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Malware 102

Malware Telecommunications Advertising Encryption 102

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 114

Phishing Malware Computers and Electronics Internet 114

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 100

Malware Encryption Telecommunications Authentication 100

Security Affairs

DECEMBER 1, 2023

Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”). Troj.Undef”). The binary also lacks of obfuscation.

Ransomware 124

Ransomware Encryption Malware Cybercrime 124

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 283

Malware Software Technology Accountability 283

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Gets connected network information. in) used by the attackers.

Encryption 128

Encryption Malware Media Authentication 128

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. ” states a post published by the experts. explained.

Malware 137

Malware Mobile Spyware Encryption 137

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption 94

Encryption Cybercrime Hacking Malware 94

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability 124

Accountability Malware Phishing Social Engineering 124

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware 132

Malware Architecture Passwords Software 132

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . This forum hosted a ZIP archive that contains the malicious.js

Malware 98

Malware Encryption Engineering Hacking 98

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. Unlike the previous version of the module, the new one uses four additional executables downloaded by the previous stage (WavemsMp.dll) instead of implementing the stealing functionality inside the DLL.

Malware 94

Malware Spyware Phishing Government 94

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. SecurityAffairs – hacking, malware). .

Phishing 113

Phishing Malware Cryptocurrency Information Security 113

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware.

Malware 120

Malware Scams Social Engineering Phishing 120

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 109

Malware Encryption Antivirus Architecture 109

Security Affairs

MARCH 31, 2024

Once executed, the malware creates a hidden file in the same directory as the executable, following the format “.[executable_name].mu”. The malware establishes persistence on the host by using SystemV or SystemD startup scripts. The backdoor gathers information about the infected machine and sends it to the C2 server.

Encryption 132

Encryption Malware Government Hacking 132

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. Upon downloading and opening the archive, a JScript file is dropped onto the system. ” concludes the report.

Malware 99

Malware Encryption Manufacturing Phishing 99

Security Affairs

SEPTEMBER 28, 2022

North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The SentinelOne investigation is based on a previous one conducted by ESET in August , when Lazarus APT has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets.

Malware 91

Malware Cryptocurrency Architecture Advertising 91

Security Affairs

MAY 19, 2023

ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. The malware also supports anti-sandbox and analysis functionalities to avoid detection and prevent being analyzed.

Encryption 78

Encryption Social Engineering Malware Cryptocurrency 78

Security Affairs

AUGUST 23, 2023

Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. The attackers signed malware with a legitimate Microsoft certificate.

Malware 76

Malware Software Encryption Firewall 76

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 82

Malware DNS Antivirus Encryption 82

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware 80

Malware Cybercrime Encryption Hacking 80

Security Affairs

SEPTEMBER 17, 2021

A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. . Pierluigi Paganini.

Malware 86

Malware Cryptocurrency Encryption Hacking 86

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

Malware 96

Malware Authentication Software Accountability 96

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. The malware also drops a ransom note that requests the payment of the ransom in Bitcoin. 94/zambo/groenhuyzen.exe. .

Ransomware 142

Ransomware Encryption Engineering Malware 142

Security Affairs

JUNE 11, 2021

Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Threat actors used custom malware to steal data from 3.2 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware 111

Malware Computers and Electronics Software Financial Services 111

Security Affairs

APRIL 18, 2021

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. exe or annualreport.exe.

Malware 103

Malware Ransomware Encryption Phishing 103

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware 85

Malware Encryption Hacking Cybersecurity 85

Security Affairs

JULY 5, 2023

The malware allows operators to steal information from various browsers, it also supports ransomware capabilities. Once inside the system, this malicious variant stealthily extracts sensitive information and proceeds to encrypt the compromised files.” The downloaded file is an executable file known as RedStealer.

Energy and Utilities 82

Energy and Utilities Ransomware Backups Malware 82

Security Affairs

NOVEMBER 19, 2022

Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware 128

Ransomware Malware Antivirus Phishing 128

Security Affairs

DECEMBER 14, 2022

The malware uses a bot network to perform distributed brute force attacks against target websites. The experts noticed PHP scripts that download and execute GoTrim bot clients. “Typically, each script downloads the GoTrim malware from a hardcoded URL to a file in the same directory as the script itself and executes it.”

Malware 130

Malware Encryption Accountability Risk 130

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware 108

Malware Cryptocurrency Architecture Engineering 108