Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware 78

Malware Mobile Antivirus Hacking 78

The Hacker News

FEBRUARY 29, 2024

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most

Malware 132

Malware Accountability Hacking 132

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. ” concludes the report.

Malware 120

Malware Cryptocurrency Encryption Hacking 120

Malwarebytes

JANUARY 31, 2024

Nitrogen is the name given to a campaign and associated malware that have been distributed via malicious search ads. The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are already hacked with malicious PHP shell scripts.

Malware 77

Malware Hacking System Administration Ransomware 77

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware 227

Malware Antivirus Cybercrime Hacking 227

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. It's interesting to see the US government take a more aggressive stance on foreign malware.

Government 305

Government Malware Antivirus Cryptocurrency 305

Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware 103

Adware Phishing Mobile Malware 103

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The malware employed in the multi-faceted campaign shared the same C2 infrastructure, suggesting attackers coordinated efforts to maximize the impact of the attacks.

Malware 99

Malware Banking Software Advertising 99

Schneier on Security

MARCH 8, 2023

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” ” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. This is impressive stuff.

Malware 225

Malware Firmware Software Hacking 225

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising 118

Advertising Cybercrime Malware Cryptocurrency 118

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 99

Antivirus Malware DNS Cryptocurrency 99

The Hacker News

DECEMBER 27, 2021

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for

Malware 109

Malware Cryptocurrency Software Hacking 109

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 101

Malware DNS Authentication Telecommunications 101

Security Affairs

MARCH 4, 2021

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. The new malware is dubbed Sunshuttle , and it was “uploaded by a U.S.-based based entity to a public malware repository in August 2020.” SecurityAffairs – hacking, SolarWinds).

Malware 115

Malware Hacking Antivirus Information Security 115

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. That's when Russian security firm Dr. Web found a sample of spyware in Google's app store that impersonated a downloader of graphic design software but in fact had the capability to steal contacts, call logs, and text messages from Android phones.

Malware 291

Malware Spyware Phishing Government 291

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. The experts have found more than 60 applications in Google Play that were containing the malicious library.

Data collection 94

Data collection Mobile Malware Education 94

Security Affairs

DECEMBER 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with.NET and C#. Google promptly removed the malware-laced apps from Google Play.

Malware 104

Malware Encryption Social Engineering Marketing 104

Malwarebytes

OCTOBER 28, 2023

Victims who clicked on the ad were taken to a hacked webpage with a link to download the application, which turned out to install over a dozen different pieces of malware instead. Unfortunately, some of those pages have been injected with malware that spams malicious content into them.

Malware 104

Malware Software Advertising Hacking 104

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. This cluster of activity, also described in a Darktrace report , was characterized by the download of a variety of payloads from an attacker-controlled infrastructure.”

Malware 99

Malware VPN Encryption Hacking 99

Security Affairs

SEPTEMBER 29, 2019

Researchers at Proofpoint have spotted a piece of downloader , dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. . In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries.

Malware 82

Malware Advertising Phishing Information Security 82

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking 125

Hacking Data breaches Cybercrime Information Security 125

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 97

Engineering Malware Cryptocurrency Encryption 97

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware 109

Malware Architecture Technology DDOS 109

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. SLAVEOF command – this allows adversaries to create a replica of the attacking server.

Malware 142

Malware DDOS Architecture Cryptocurrency 142

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Malware 133

Malware Cryptocurrency Accountability Software 133

Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. zip” and the execution of the content.

Malware 106

Malware Cybercrime Hacking Information Security 106

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device. Info sent to the C2 includes data from sensors (e.g.

Spyware 87

Spyware Advertising Malware Marketing 87

Security Affairs

MARCH 17, 2024

The researchers noticed that all the repositories were newly created repos leading to the same download link. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. The repositories look similar, featuring a README.md

Malware 106

Malware Passwords Software Hacking 106

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware 94

Malware DDOS Cryptocurrency Firewall 94

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware 113

Malware IoT Cryptocurrency Engineering 113

Security Affairs

FEBRUARY 17, 2019

Experts at Trend Micro have detected a new strain of MacOS malware that hides inside a Windows executable to avoid detection. Security experts at Trend Micro have spotted a new strain of MacOS malware disguises itself as a Windows executable file to evade detection. The malware is carried via. ” continues the report.

Malware 83

Malware Adware Advertising Firewall 83

eSecurity Planet

JANUARY 26, 2023

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. Researcher Will Dormann responded , “Interesting that the malware ad is given priority over the real LibreOffice ad. The TA asked nicely for preferential treatment?

Malware 122

Malware Ransomware Software Cryptocurrency 122

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware 125

Malware DNS Retail Education 125

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications 121

Telecommunications Malware Media Passwords 121

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 117

Software Malware Cybercrime VPN 117

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality. The dropper masquerades as the McAfee Security app.

Malware 108

Malware Banking Engineering Encryption 108

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. Then the DePriMon malware uses Schannel for the communication.

Malware 103

Malware Telecommunications Advertising Encryption 103