Security Affairs

DECEMBER 8, 2024

An ongoing RedLine information-stealing campaign is targeting Russian businesses using pirated corporate software. Since January 2024, Russian businesses using unlicensed software have been targeted by an ongoing RedLine info-stealer campaign. This method exploits user trust rather than vulnerabilities in the corporate software.

Software 82

Software Malware Accountability Encryption 82

Security Affairs

DECEMBER 1, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 73

Malware Social Engineering Antivirus Engineering 73

SecureList

APRIL 23, 2025

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. We found that the malware was running in the memory of a legitimate SyncHost.

Malware 143

Malware Software Encryption Internet 143

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 80

Malware Cryptocurrency Encryption Phishing 80

Security Affairs

MARCH 25, 2025

Researchers warn of a new Android malware that uses.NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using.NET MAUI to evade detection. Another malware observed by the experts targets Chinese-speaking users, stealing contacts, SMS, and photos through third-party app stores.

Malware 74

Malware Encryption Banking Cyber threats 74

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 331

Antivirus VPN Encryption Malware 331

SecureList

APRIL 22, 2025

ViPNet is a software suite for creating secure networks. We determined that the backdoor was distributed inside LZH archives with a structure typical of updates for the software product in question. exe file is a loader that reads the encrypted payload file. However, it is susceptible to the path substitution technique.

Software 78

Software Encryption Architecture Malware 78

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration.

Malware 87

Malware Social Engineering Engineering Government 87

Schneier on Security

APRIL 2, 2024

modified the way the software functions. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware.

Social Engineering 353

Social Engineering Engineering Software Encryption 353

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 122

Malware Advertising Antivirus Cybercrime 122

Security Affairs

APRIL 10, 2025

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat , has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security.

Malware 80

Malware Software Encryption Hacking 80

Security Affairs

APRIL 25, 2025

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities. The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE.

Malware 94

Malware Software Encryption Hacking 94

Security Affairs

JUNE 2, 2025

On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. net, Cryptor[.]biz, biz, and Crypt[.]guru.

Antivirus 111

Antivirus Cybercrime Malware Firewall 111

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The backdoor is distributed through: Phishing emails with themes such as code of conduct to trick users into downloading the malware.

Malware 132

Malware Encryption Phishing Hacking 132

eSecurity Planet

MAY 27, 2025

Better for features: Tie Endpoint Protection Yes Yes Dashboard Yes Yes Anti-Malware Yes No Web Browsing Protection Unclear Unclear Identity Protection Limited Yes Visit Microsoft Visit Bitdefender Microsoft Defenders feature set includes endpoint protection, threat remediation, and antivirus. 5 Pricing: 4.4/5 5 Features: 3.4/5

Antivirus 92

Antivirus Software Small Business VPN 92

The Last Watchdog

APRIL 21, 2021

From January through March 2021, TLS concealed 45 percent of the malware Sophos analysts observed circulating on the Internet; that’s double the rate – 23 percent – seen in early 2020, Dan Schiappa, Sophos’ chief product officer, told me in a briefing. “For And then they may use off-the-shelf malware to carry out their attack.

Malware 214

Malware Firewall Encryption Data breaches 214

Tech Republic Security

MAY 30, 2024

The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.

Encryption 209

Encryption Ransomware Software Malware 209

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 115

Ransomware Encryption VPN Malware 115

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. NSO Group reverse engineered WhatsApp’s software and developed its own software and servers to send messages to victims via the WhatsApp service that contained malware.

Spyware 136

Spyware Hacking Surveillance Government 136

SecureWorld News

JUNE 12, 2025

A new report from Symantec and the Carbon Black Threat Hunter team reveals a concerning evolution in the Fog ransomware operation, which now leverages a rare mix of legitimate software, open-source tools, and stealthy delivery mechanisms to compromise organizations. This significantly reduces their chances of detection.

Software 60

Software Ransomware VPN Surveillance 60

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.”

Firmware 340

Firmware Malware Software Ransomware 340

Schneier on Security

FEBRUARY 7, 2020

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. It's also the first malware that is named after a Pokémon character.

Ransomware 268

Ransomware Malware Encryption Software 268

Malwarebytes

DECEMBER 2, 2024

.” How to protect your small business from ransomware As is true with all malware infections, the best defense to a ransomware attack is to never allow an attack to occur in the first place. Patch known vulnerabilities in internet-facing software and disable or harden the login credentials for remote work tools like RDP ports and VPNs.

Ransomware 137

Ransomware Backups Small Business Malware 137

Security Affairs

JUNE 6, 2025

The threat actors behind the operation use tools like AdFind and Grixba to gather network data and identify antivirus defenses, then disable security software using GMER, IOBit, or PowerTool. By stealing credentials with Mimikatz and escalating privileges with WinPEAS, they spread malware via Group Policy Objects.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Security Affairs

MARCH 10, 2025

Moonstone Sleet threat actors target financial and cyberespionage victims using trojanized software, custom malware, malicious games, and fake companies like StarGlow Ventures and C.C. The APT group has also spread malware via a fraudulent tank game (DeTankWar) and engaged in ransomware attacks using FakePenny.

Ransomware 120

Ransomware Healthcare VPN Malware 120

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. “We’ve found someone who can crack the encryption.” “You want to use your own software or someone else who’s trusted to do it.”

Ransomware 359

Ransomware Encryption Backups Manufacturing 359

eSecurity Planet

NOVEMBER 6, 2024

Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. They can also exploit vulnerabilities in websites you visit to install malware that extracts cookies from your browser. Let’s take a closer look at the process. How Do You Prevent It?

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 244

Malware VPN Internet Internet 244

Security Boulevard

MARCH 17, 2025

A software programmer developed a way to use brute force to break the encryption of the notorious Akira ransomware using GPU compute power and enabling some victims of the Linux-focused variant of the malware to regain their encrypted data without having to pay a ransom.

Ransomware 80

Ransomware Encryption Malware Software 80

SecureList

OCTOBER 21, 2024

This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. Also, they both use the same key for string encryption. In June 2024, we discovered a new domain delivering this malware.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 136

Malware Cryptocurrency Encryption Software 136

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 120

Ransomware Software Cybercrime Encryption 120

Krebs on Security

JULY 30, 2020

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based a supermarket chain in the northeastern United States. .

Banking 363

Banking Malware Encryption Accountability 363

Security Affairs

NOVEMBER 9, 2024

In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam.

Backups 134

Backups Ransomware VPN Accountability 134

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware.

Malware 143

Malware Encryption Architecture Phishing 143

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Split tunneling: Allows you to choose which internet traffic goes through the VPN (with encryption) and which goes directly to the internet. How do VPNs work?

VPN 111

VPN Antivirus Internet Internet 111