Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Adware 106

Adware Phishing Mobile Malware 106

Security Affairs

OCTOBER 3, 2023

Cybersecurity researchers spotted a new malware-as-a-service (MaaS) called BunnyLoader that’s appeared in the threat landscape. Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023.

Advertising 120

Advertising Cybercrime Malware Cryptocurrency 120

Security Affairs

SEPTEMBER 29, 2019

Researchers at Proofpoint have spotted a piece of downloader , dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. . In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries.

Malware 83

Malware Advertising Phishing Information Security 83

Security Affairs

DECEMBER 27, 2023

Researchers discovered a new Android malware dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with.NET and C#. Google promptly removed the malware-laced apps from Google Play.

Malware 107

Malware Encryption Social Engineering Marketing 107

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. The security firm reported its findings to Google, which notified the development teams.

Data collection 96

Data collection Mobile Malware Education 96

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. ” reads the report published CheckPoint.

Malware 102

Malware VPN Encryption Hacking 102

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. Researchers from Kaspersky’s Global Emergency Response Team ( GERT ) and GReAT uncovered a new multiplatform malware dubbed NKAbuse. ” reads the report published by Kaspersky.

Malware 112

Malware Architecture Technology DDOS 112

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 100

Engineering Malware Cryptocurrency Encryption 100

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking 125

Hacking Data breaches Cybercrime Information Security 125

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. to the disk of the replica. ” reads the analysis published by AquaSec. .”

Malware 143

Malware DDOS Architecture Cryptocurrency 143

Security Affairs

MARCH 17, 2024

The researchers noticed that all the repositories were newly created repos leading to the same download link. The malware exfiltrates gathered data to two Telegram channels. “The malware collects a variety of valuable information. The repositories look similar, featuring a README.md

Malware 109

Malware Passwords Software Hacking 109

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware 111

Malware Banking Engineering Encryption 111

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.

Malware 136

Malware Cryptocurrency Accountability Software 136

Security Affairs

OCTOBER 22, 2023

Researchers linked Vietnamese threat actors to the string of DarkGate malware attacks on entities in the U.K., WithSecure researchers linked the recent attacks using the DarkGate malware to a Vietnamese cybercrime group previously known for the usage of Ducktail stealer. zip” and the execution of the content.

Malware 109

Malware Cybercrime Hacking Information Security 109

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device. Info sent to the C2 includes data from sensors (e.g.

Spyware 89

Spyware Advertising Malware Marketing 89

Security Affairs

MARCH 20, 2024

security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises.

Malware 119

Malware Authentication Cryptocurrency Ransomware 119

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware 95

Malware DDOS Cryptocurrency Firewall 95

Security Affairs

NOVEMBER 21, 2019

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. . The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. Then the DePriMon malware uses Schannel for the communication.

Malware 104

Malware Telecommunications Advertising Encryption 104

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices. ” reads the analysis published by AT&T Alien Labs.

Malware 116

Malware IoT Cryptocurrency Engineering 116

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e.

Software 119

Software Malware Cybercrime VPN 119

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. Thus, user interaction is required to begin the malware installation.”

Malware 93

Malware Phishing Banking Hacking 93

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware 90

Malware Cybercrime Banking Software 90

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 119

Phishing Malware Computers and Electronics Internet 119

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware 128

Malware DNS Retail Education 128

Security Affairs

AUGUST 10, 2023

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. ” concludes the report.

Malware 88

Malware Encryption Advertising Cryptocurrency 88

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN 93

VPN Malware Authentication Small Business 93

Security Affairs

JANUARY 17, 2023

The packages are designed to drop malware on compromised developer systems. The three packages were downloaded over 550 times in total. The researchers noticed that the download URL has not previously been labeled as malicious, while the downloaded executable was identified as malicious by some security vendors.

Malware 91

Malware Hacking Cybercrime Information Security 91

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Download files. Upload files. Open a URL.

Malware 100

Malware Cryptocurrency Hacking Software 100

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner. “What was the real purpose?

Malware 121

Malware Cryptocurrency Ransomware Hacking 121

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications 124

Telecommunications Malware Media Passwords 124

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. ” reads the analysis published by Cluster25.

Malware 119

Malware Government Hacking Information Security 119

Security Affairs

AUGUST 30, 2022

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners. Threat actors use PowerShell,NET assemblies, and HTA and VBS files to perform lateral movements across a targeted network and eventually drop other pieces of malware, such as the SystemBC trojan and DCRAT.

Malware 130

Malware Cryptocurrency Hacking Technology 130

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Malware 90

Malware Phishing Banking Hacking 90

Security Affairs

SEPTEMBER 11, 2023

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The HijackLoader is being used to load different malware families such as Danabot , SystemBC and RedLine Stealer.

Cybercrime 130

Cybercrime Malware Hacking Information Security 130

Security Affairs

FEBRUARY 13, 2023

Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. ” Experts observed Enigma stealer using two servers in its operation.

Cryptocurrency 83

Cryptocurrency Malware Media Phishing 83

Security Affairs

AUGUST 4, 2023

Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. The technique is not new but continues to be effective, multiple malware such as the banking Trojan SharkBot used it to bypass checks implemented by Google for its Play Store.

Malware 93

Malware Mobile Banking Hacking 93

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. aliyuncs.com/ Android.Joker.531

Malware 141

Malware Spyware Mobile Antivirus 141