Encryption, Hacking, Malware and Phishing

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic.

Encryption

Encryption Malware Ransomware Firewall

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing

Phishing Malware Cryptocurrency Information Security

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware.

Phishing

Phishing Scams Education Passwords

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering

Social Engineering Mobile Authentication Engineering

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability

Accountability Malware Phishing Social Engineering

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Hacking Malware Encryption

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

Security Affairs

OCTOBER 29, 2021

The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. The Hive ransomware adds the.hive extension to the filename of encrypted files. .

Encryption

Encryption Ransomware Spyware Malware

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts.

Engineering

Engineering Phishing Malware Hacking

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. SecurityAffairs – hacking, Ukraine).

Phishing

Phishing Cybercrime Ransomware Encryption

Trickbot malware induces new Diavol Ransomware Strain

CyberSecurity Insiders

JULY 8, 2021

Trickbot banking malware is back in news for inducing a new ransomware variant into the wild. Researchers from Fortinet’s FortiGuard Labs has have found that the new malware strain is acting similar to that of Conti Ransomware with a change that it Asymmetric encryption algorithms unlike other file encrypting malware variants.

Malware

Malware Ransomware Encryption Healthcare

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “The JScript file then drops a Base64-encrypted file and a batch file. ” concludes the report.

Malware

Malware Encryption Manufacturing Phishing

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

The Last Watchdog

JULY 18, 2023

July 18, 2022 – Around 30,000 websites get hacked every day , with the majority of those cyberattacks due to human error. A new study by HostingAdvice, the premier authority on web hosting, found that 32% of Americans say they’ve gotten hacked from visiting a sketchy website and of those, 53% got a computer virus. Gainesville, Fla.,

Hacking

Hacking DDOS Small Business Spyware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

This New Malware Is Now a Favorite among Ransomware Gangs

Hacker Combat

JULY 7, 2022

A new malware is now an important component when it comes to engineering ransomware attacks. The malware, which goes by the name Bumblebee, was recently analyzed by Symantec researchers. An attachment involving quantum has also shed some light on the way cybercriminals use this new malware to deliver ransomware.

Malware

Malware Ransomware Phishing Engineering

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

Donot Team cyberespionage group updates its Windows malware framework

Security Affairs

AUGUST 21, 2022

The Donot Team threat actor, aka APT-C-35 , has added new capabilities to its Jaca Windows malware framework. To understand which modules are used in the current infection, the malware communicates with another C2 server.” SecurityAffairs – hacking, Donot Team). ” reads the report published by Morphisec.

Malware

Malware Spyware Phishing Government

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Cryptolocker and exploit components.

Malware

Malware Computers and Electronics Encryption Ransomware

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware

Spyware Hacking Malware Social Engineering

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. states the analysis published by FireEye.

Malware

Malware Scams Social Engineering Phishing

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. ” concludes the report. ” concludes the report.

Encryption

Encryption Malware Phishing Hacking

What Lies Ahead for Cybersecurity in the Era of Generative AI?

IT Security Guru

APRIL 5, 2024

The risks might not be new, but they’re enhanced: Malware Attacks: Generative AI can create more sophisticated malware attacks. It then creates malware that escapes the conventional detection methods and targets specific weaknesses. Phishing Attacks: AI aims to make it sound as human as possible.

Cybersecurity

Cybersecurity Scams Data breaches Marketing

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

Phishing scams, malware, ransomware and data breaches are just some of the examples of cyberthreats that can devastate business operations and the protection of consumer information. It foreshadowed how encryption would come to be used as a foundation for Internet commerce – by companies and criminals. The Creeper Virus (1971).

Cybersecurity

Cybersecurity Hacking Identity Theft Technology

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware

Malware DNS Antivirus Encryption

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware

Malware Banking Healthcare Penetration Testing

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

APRIL 2, 2019

Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites. Hacked websites were used for several malicious purposes, experts observed compromised WordPress and Joomla websites serving Shade /Troldesh ransomware, coin miners, backdoors, and some times were involved in phishing campaigns. “The hidden /.well-known/

Malware

Malware Phishing Ransomware Advertising

Meet the Karakurt hacking group that is into data exfiltration and extortion

CyberSecurity Insiders

DECEMBER 14, 2021

Cybersecurity Researchers from Accenture Security have found that a new hacking group is on the prowl and is into the method of data exfiltration and extortion. Modus operandi of Karakurt is simple, to buy credentials related to VPN networks from dark web or by launching phishing attacks and then compromise a corporate computer network.

Hacking

Hacking Ransomware VPN Malware

Is BazarLoader malware linked to Trickbot operators?

Security Affairs

APRIL 18, 2021

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. exe or annualreport.exe.

Malware

Malware Ransomware Encryption Phishing

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report.

Encryption

Encryption Ransomware Malware Scams

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

ZINC, a sub-group of the notorious North Korean Lazarus hacking group, has implanted malicious payloads in open-source software to infiltrate corporate networks, Microsoft’s threat hunting team has reported. Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp.

Software

Software Social Engineering Engineering Phishing

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

Ransomware news headlines trending on Google

CyberSecurity Insiders

OCTOBER 27, 2022

Meaning the said malware is acting as an access point to hackers spreading the said version of file encrypting malware. According to Sophos researchers, the companies operating in the said two sectors were paying appx $2 million on an average to free up data from encryption.

Ransomware

Ransomware Manufacturing Retail Encryption

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” continues the analysis.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking

Banking Cybercrime Malware Accountability

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report. Also read: Mobile Malware: Threats and Solutions. Ransomware.

Backups

Backups Ransomware Firewall Malware

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries.

Malware

Malware Phishing Encryption Government

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware

Ransomware Malware Antivirus Phishing

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. .”

Phishing

Phishing Malware Antivirus Encryption

Security Affairs newsletter Round 406 by Pierluigi Paganini

Security Affairs

FEBRUARY 12, 2023

Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Ransomware

Ransomware Malware Hacking Mobile

Security Affairs newsletter Round 383

Security Affairs

SEPTEMBER 11, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Security Affairs newsletter Round 383 appeared first on Security Affairs.

Data breaches

Data breaches Ransomware Phishing Malware

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

The first stage domains are used to host the first stage malware that speeds through spear-phishing messages, to receive collected information by first-stage malware, and to host the second stage payloads. The second half of the URL is encrypted inside the second stage HTA module. SecurityAffairs – hacking, SideWinder).

Encryption

Encryption Malware Phishing Hacking

Russia-linked APT28 used new malware in a recent phishing campaign

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Trending Sources

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Phishing, the campaigns that are targeting Italy

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

YouTube creators’ accounts hijacked with cookie-stealing malware

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Akira ransomware received $42M in ransom payments from over 250 victims

ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Trickbot malware induces new Diavol Ransomware Strain

StrelaStealer targeted over 100 organizations across the EU and US

News Alert: HostingAdvice poll finds one in three Americans hacked upon visiting sketchy websites

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

This New Malware Is Now a Favorite among Ransomware Gangs

APWG: Phishing maintained near-record levels in the first quarter of 2021

Donot Team cyberespionage group updates its Windows malware framework

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

New Coronavirus-themed malspam campaign delivers FormBook Malware

Tedrade banking malware families target users worldwide

North Korea-linked Konni APT uses Russian-language weaponized documents

What Lies Ahead for Cybersecurity in the Era of Generative AI?

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Top 10 Malware Strains of 2021

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Meet the Karakurt hacking group that is into data exfiltration and extortion

Is BazarLoader malware linked to Trickbot operators?

DeathRansom ransomware evolves encrypting files, but experts identified its author

ZINC Hackers Leverage Open-source Software to Lure IT Pros

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Ransomware news headlines trending on Google

Raccoon Malware, a success case in the cybercrime ecosystem

Info stealers and how to protect against them

What is a Cyberattack? Types and Defenses

Dark Pink APT targets Govt entities in South Asia

DEV-0569 group uses Google Ads to distribute Royal Ransomware

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs newsletter Round 406 by Pierluigi Paganini

Security Affairs newsletter Round 383

SideWinder carried out over 1,000 attacks since April 2020

Stay Connected