Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. We’ve archived the leak and made it available for download on GitHub.”

Malware 144

Malware Cryptocurrency Encryption Passwords 144

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware. sys driver.

Malware 132

Malware Encryption Phishing Hacking 132

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Since 2017, threat actors leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the DRIDEX banking Trojan.

Phishing 131

Phishing Malware Banking Encryption 131

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Moreover, further research showed that the original COMpfun Trojan most probably is used as a downloader in one of the distribution schemes. The COMpfun malware was initially documented by G-DATA in 2014.

Malware 240

Malware Engineering Encryption Hacking 240

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. It contains a formula editor exploit that downloads and runs an HTML Application (HTA) file hosted on the same C2 server.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

SecureList

APRIL 23, 2025

Variants of Lazarus’ malicious tools, such as ThreatNeedle, Agamemnon downloader, wAgent, SIGNBT, and COPPERHEDGE, were discovered with new features. We found that the malware was running in the memory of a legitimate SyncHost. They even developed malware to exploit this, avoiding repetitive tasks and streamlining processes.

Malware 143

Malware Software Encryption Internet 143

SecureList

OCTOBER 15, 2024

The document or LNK file starts a multi-stage infection chain with various JavaScript and.NET downloaders, which ends with the installation of the StealerBot espionage tool. All the documents use the remote template injection technique to download an RTF file that is stored on a remote server controlled by the attacker.

Malware 143

Malware Encryption Architecture Phishing 143

Security Affairs

JUNE 9, 2025

“The request contains a malicious command that is a single-line shell script which downloads and executes an ARM32 binary on the compromised machine.” The latest DVR-focused variant is also built on Mirai’s foundation but introduces new features like RC4 string encryption, anti-virtual machine checks, and anti-emulation tactics.

IoT 138

IoT Firmware Malware Architecture 138

Security Affairs

MAY 5, 2025

MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. The malware supports sandbox and virtual machine evasion techniques, a domain generation algorithm (DGA), and HTTP-based command-and-control (C2) communications.

Malware 128

Malware Phishing Threat Reports Encryption 128

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Image: Wikipedia. biz, circa 2007.

Antivirus 331

Antivirus VPN Encryption Malware 331

Schneier on Security

JANUARY 24, 2020

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it.

Hacking 269

Hacking Backups Spyware Encryption 269

SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. Inside this content is an obfuscated PowerShell script that ultimately downloads the malicious payload.

Adware 129

Adware Malware Cryptocurrency Password Management 129

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. ” Nebulous Mantis imitates trusted services like OneDrive to trick victims into downloading infected files, often hosted on Mediafire. .” ” continues the report.

Encryption 103

Encryption Ransomware Malware Phishing 103

SecureList

NOVEMBER 29, 2024

This type of cyberextortion predated Trojans, which encrypt the victim’s files. New ransomware modifications, Q3 2023 — Q3 2024 ( download ) Number of users attacked by ransomware Trojans Despite the decrease in new variants, the number of users encountering ransomware has increased compared to the second quarter. 2 China 0.95

Mobile 106

Mobile Adware Ransomware Malware 106

Security Boulevard

DECEMBER 16, 2024

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. exeapimonitor-x64.exex32dbg.exex64dbg.exex96dbg.execheatengine.exescylla.execharles.execheatengine-x86_64.exereclass.net.exeThese

Malware 97

Malware Cryptocurrency Encryption Software 97

Security Affairs

DECEMBER 26, 2024

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. TheMiraivariant incorporates ChaCha20 and XOR decryption algorithms.

Manufacturing 90

Manufacturing Malware Firmware IoT 90

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Data breaches 214

Security Affairs

MARCH 10, 2025

Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. While investigating the increased use of Windows Packet Divert ( WPD ) tools by crooks to distribute malware under this pretense, the researchers spotted the campaign.

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Security Affairs

JANUARY 4, 2025

The campaign is still ongoing and the malicious packages collectively totaled more than one thousand downloads. The attack has led to the identification of 20 malicious packages published by three primary authors, with the most downloaded package, @nomicsfoundation/sdk-test , accumulating 1,092 downloads.”

Encryption 135

Encryption Hacking Cybercrime Information Security 135

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 331

Malware Software Technology Accountability 331

SecureList

MARCH 5, 2025

Dynamics of Windows Packet Divert detections ( download ) The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. They started distributing malware under the guise of restriction bypass programs and injecting malicious code into existing programs. com , which hosted the infected archive.

Malware 115

Malware Cryptocurrency Antivirus Technology 115

Google Security

JULY 24, 2024

Posted by Jasika Bawa, Lily Chen, and Daniel Rubery, Chrome Security Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads. In fact, files sent for deep scanning are over 50x more likely to be flagged as malware than downloads in the aggregate.

Encryption 102

Encryption Passwords Malware Antivirus 102

Security Affairs

MARCH 28, 2025

Attackers also employ encrypted or password-protected files to evade security detection. Clicking the “Download PDF” button leads to a zip payload from MediaFire. The malware uses a custom URI Client and unusual port numbers to communicate with the server. contaboserver[.]net. net to evade detection.”

Banking 90

Banking Phishing Malware Passwords 90

eSecurity Planet

APRIL 21, 2025

A notorious Russian hosting service provider known as Proton66 is at the center of a series of widespread cyberattacks and malware campaigns targeting organizations and users worldwide, according to fresh findings from cybersecurity experts. The malware connects to a C2 server at 193.143.1.139.

Malware 70

Malware Phishing Ransomware VPN 70

The Hacker News

AUGUST 30, 2024

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool.

VPN 132

VPN Malware Encryption Cybersecurity 132

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. The threat actor is using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 114

Phishing Antivirus Encryption Hacking 114

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware 94

Malware Software Encryption Hacking 94

Security Affairs

DECEMBER 27, 2024

The “FICORA” botnet downloads and executes a shell script called “multi,” which is removed after execution. The script uses various methods like “wget,” “ftpget,” “curl,” and “tftp” to download the malware.

Architecture 71

Architecture Malware DNS DDOS 71

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. NSO Group reverse engineered WhatsApp’s software and developed its own software and servers to send messages to victims via the WhatsApp service that contained malware.

Spyware 134

Spyware Hacking Surveillance Government 134

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 124

Software Cryptocurrency Malware DNS 124

Security Affairs

MAY 26, 2025

Chinese cyber spies deployed the KrustyLoader malware on Ivanti EPMM systems, using Amazon S3 buckets to deliver their malicious files. Researchers observed that the attackers relied on standard Linux tools like wget and curl to download an encrypted version of the Sliver backdoor.

Mobile 94

Mobile Telecommunications Authentication Internet 94

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware 128

Spyware Malware Mobile Marketing 128

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /. CLOP’s victim shaming blog on the deep web.

Ransomware 361

Ransomware Cybercrime Malware Encryption 361

Security Affairs

MARCH 12, 2025

. “The botnet exploits this vulnerability by injecting a payload that downloads and executes a cleartext shell dropper named dropbpb.sh, responsible for downloading the malware binaries and executing them on the compromised device.” It processes encrypted data over a RAW socket, limiting further analysis.

IoT 74

IoT Malware Encryption DDOS 74

Krebs on Security

JANUARY 27, 2021

NetWalker is a ransomware-as-a-service crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a percentage of any funds extorted from victims. million last summer in exchange for a digital key needed to unlock files encrypted by the ransomware. Powershell build.

Ransomware 349

Ransomware Cybercrime Antivirus Encryption 349