Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption 94

Encryption Malware Cryptocurrency Software 94

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. The attackers use the web shell to download and run the primary Cerber payload. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user.

Ransomware 137

Ransomware Encryption Malware Accountability 137

Security Affairs

AUGUST 10, 2023

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences. ” concludes the report.

Malware 94

Malware Encryption Advertising Cryptocurrency 94

CyberSecurity Insiders

JANUARY 24, 2023

The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web.

Advertising 137

Advertising Malware Engineering Software 137

CyberSecurity Insiders

OCTOBER 13, 2022

Researchers from Kaspersky have discovered that those using YoWhatsApp are being targeted with trojan malware named Triada having capabilities of stealing data from mobile phone and indulging in espionage. Usually, such malware is circulated as apps like Snaptube, that promise video downloads from Facebook, YouTube and Instagram all for free.

Malware 115

Malware Mobile Media Encryption 115

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 105

Engineering Malware Cryptocurrency Encryption 105

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality. The dropper masquerades as the McAfee Security app.

Malware 116

Malware Banking Engineering Encryption 116

Security Boulevard

JANUARY 21, 2022

Xloader is an information stealing malware that is the successor to Formbook, which had been sold in hacking forums since early 2016. In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. Capture keystrokes.

Encryption 125

Encryption Malware Backups Passwords 125

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 98

Encryption Ransomware Malware Healthcare 98

The Hacker News

MAY 19, 2023

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat.

Malware 106

Malware Encryption 106

Security Boulevard

JULY 28, 2022

The key observations are: Obfuscated Excel macros used to download and run the Emotet loader. Encrypted Emotet payload embedded in loader’s.rsrc section. Emotet is a Windows-based malware loader operated by the cybercrime group TA542 ( 1 ), also referred to as Mummy Spider ( 2 ). Macro Downloads and Executes Emotet Loader.

Encryption 57

Encryption Malware Phishing Cybercrime 57

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. The second stage installs itself and loads the third stage using an encrypted, hardcoded path.

Malware 106

Malware Telecommunications Advertising Encryption 106

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Moreover, further research showed that the original COMpfun Trojan most probably is used as a downloader in one of the distribution schemes. The COMpfun malware was initially documented by G-DATA in 2014.

Malware 201

Malware Engineering Encryption Hacking 201

Malwarebytes

APRIL 6, 2021

In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Upon analysis, the obfuscated PowerShell downloader initiated a chain of infection leading to a lesser-known malware called Saint Bot. It was also found in a NATO-themed campaign targeting Ukraine.

Malware 117

Malware Phishing Passwords Architecture 117

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 124

Phishing Malware Computers and Electronics Internet 124

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 72

Social Engineering Mobile Authentication Engineering 72

CyberSecurity Insiders

FEBRUARY 8, 2022

Microsoft has made it official that it has disabled macros across its office products to block malware cyber attacks. Thence, the user needs to decide and then act on whether they need to go for the download by right-clicking and then selecting the properties from the context menu and unblock the macros feature.

Cyber Attacks 137

Cyber Attacks Malware Identity Theft Cyber Risk 137

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 143

Encryption Ransomware Backups VPN 143

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. We have seen news of ChatGPT leaking user’s information and law enforcement asking for backdoors in encryption routines. This is changing.

Malware 75

Malware Passwords Identity Theft Banking 75

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 109

Malware Encryption Telecommunications Authentication 109

eSecurity Planet

JANUARY 26, 2023

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. Researcher Will Dormann responded , “Interesting that the malware ad is given priority over the real LibreOffice ad. The TA asked nicely for preferential treatment?

Malware 101

Malware Ransomware Software Cryptocurrency 101

Malwarebytes

NOVEMBER 16, 2021

This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal their data. How to stay safe.

Malware 127

Malware Encryption Marketing Media 127

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Digital transformation 214

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Record audio. Get the device’s location.

Encryption 136

Encryption Malware Media Authentication 136

Security Affairs

DECEMBER 1, 2023

Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”). Troj.Undef”). The binary also lacks of obfuscation.

Ransomware 129

Ransomware Encryption Malware Cybercrime 129

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Accountability 133

Accountability Malware Phishing Social Engineering 133

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware. “Breaking the cryptographic encryption is considered “Mission: Impossible”.

Encryption 98

Encryption Cybercrime Hacking Malware 98

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. dex file as before.

Malware 141

Malware Mobile Spyware Encryption 141

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 112

Encryption Ransomware Backups VPN 112

Security Affairs

AUGUST 2, 2022

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. In the past, Gootkit distributed malware masquerading as freeware installers, now it uses legal documents to trick users into downloading these files. . This forum hosted a ZIP archive that contains the malicious.js

Malware 103

Malware Encryption Engineering Hacking 103

Security Boulevard

JULY 18, 2022

However, threat actors continue to evolve their tactics and are able to successfully upload dangerous apps laced with malware on the Google play store. Recently, the Zscaler ThreatLabz team discovered apps involving multiple instances of the Joker, Facestealer, and Coper malware families spreading in the virtual marketplace.

Banking 98

Banking Malware Encryption Architecture 98

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware 133

Malware Architecture Passwords Engineering 133

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. Unlike the previous version of the module, the new one uses four additional executables downloaded by the previous stage (WavemsMp.dll) instead of implementing the stealing functionality inside the DLL.

Malware 98

Malware Spyware Phishing Government 98

Security Boulevard

MARCH 26, 2022

Open Source Sabotage and Encryption Efficacy Emerge as Tactics in Ukraine Resistance. The protest began as a benign “peace” message when installing the popular npm package node-ipc but then quickly morphed into malware in later versions, as first reported by Bleeping Computer. The malware targeted users based in Russia and Belarus.

Encryption 76

Encryption Malware Software Risk 76

Malwarebytes

FEBRUARY 17, 2023

The tag-team campaign serves up ransomware known as Mortal Kombat, which borrows the name made famous by the video game, and Laplas Clipper malware, a clipboard stealer. The BAT loader kicks off a chain of events that results in the download and execution of the ransomware or the clipper malware, from one of two URLs.

Ransomware 74

Ransomware Malware Cryptocurrency Encryption 74

SecureList

MARCH 12, 2021

However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the Apple Silicon platform. section at the end of the article for those who want to understand better the security risks of M1 malware.

Adware 137

Adware Malware Architecture Technology 137

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

Malware 98

Malware Social Engineering Engineering Education 98