Hacking, Information Security, Malware and Passwords

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The website ruexfil.com provided detailed information about the attacks against Moscollector, the hackers also published screenshots of monitoring systems, servers, and databases they claim to have compromised.

Malware

Malware Firmware IoT Hacking

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

An attacker can use the exploit to access Google services, even after a user’s password reset. Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The experts pointed out that the exploit works even after users have reset their passwords.

Malware

Malware Penetration Testing Passwords Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

Proofpoint researchers observed a threat actor, tracked as TA547, targeting German organizations with an email campaign delivering the Rhadamanthys malware. The security firm pointed out that this is the first TA547 group to use this malware family. The experts also discovered the attempts of using LLM in malware campaigns.

Malware

Malware Social Engineering Retail Engineering

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

MARCH 17, 2024

The researchers noticed that the users must unpack several layers of archives using the password “GIT1HUB1FREE,” which is provided in the README.md ” Threat actors used this MSI installer to unpack the next stage using the password “LBjWCsXKUz1Gwhg” The resulting file is named Installer-Ultimate_v4.3e.9b.exe.

Malware

Malware Passwords Software Hacking

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them versions laced with password-stealing malware. Pierluigi Paganini.

Passwords

Passwords Malware Accountability Hacking

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords

Passwords Software Firmware Malware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime

Cybercrime Malware Passwords Advertising

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware

Malware Passwords Identity Theft Data collection

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. in October 2021.

Malware

Malware Identity Theft Banking Ransomware

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The script will download and run the.NET bootloader “MSCommondll.exe,” which in turn will download and run the malware DarkCrystal RAT.

Telecommunications

Telecommunications Malware Media Passwords

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. The malicious code can also act as a first-stage malware.

Accountability

Accountability Malware Data breaches Passwords

Plex discloses data breach and urges password reset

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches

Data breaches Passwords Media Accountability

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices. The popular investigator Brian Krebs and Spur.us “ SocksEscort[.]com

Malware

Malware Small Business Advertising Passwords

Frebniis malware abuses Microsoft IIS feature to create a backdoor

Security Affairs

FEBRUARY 19, 2023

Experts spotted a malware dubbed Frebniis that abuses a Microsoft IIS feature to deploy a backdoor and monitor all HTTP traffic to the system. This allows the malware to stealthily monitor all HTTP requests and recognize specially formatted HTTP requests sent by the attacker, allowing for remote code execution.”

Malware

Malware Passwords Internet Internet

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, cookies, web data, and preferences.

Malware

Malware Encryption Advertising Cryptocurrency

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Medusa Toyota has set the deadline for November 26 and has published a sample of the stolen data as proof of the hack.

Financial Services

Financial Services Hacking Ransomware Data breaches

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. As a loader, it has been used to download other malware families, such as Ficker stealer and NetSupport RAT , to compromised hosts.

Ransomware

Ransomware Hacking Malware Encryption

Trojanized Super Mario Bros game spreads malware

Security Affairs

JUNE 25, 2023

Researchers observed threat actors spreading a trojanized Super Mario Bros game installer to deliver multiple malware. “When “java.exe” is executed, the malware establishes a connection with a mining server “gulf[.]moneroocean[.]stream” However, an XMR (Monero) miner and a SupremeBot mining client are executed in the background.

Malware

Malware Cryptocurrency Passwords Hacking

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Cryptocurrency Advertising Accountability

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. ” reads the analysis published by NTT Security.

Malware

Malware Phishing Passwords Media

Iranian Broadcaster IRIB hit by wiper malware

Security Affairs

FEBRUARY 23, 2022

Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.

Malware

Malware Passwords Backups Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Below are the job descriptions used to recruit the hackers.

Accountability

Accountability Malware Phishing Social Engineering

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

Linus Larsson , the journalist who broke the story, says the hacked material was uploaded to a public server during the second half of September, and it is not known how many people may have gained access to it. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job. ”

Hacking

Hacking Ransomware Banking Accountability

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. ” concludes the report.

Malware

Malware Phishing Passwords Hacking

Threat actors leverages DLL-SideLoading to spread Qakbot malware

Security Affairs

JULY 26, 2022

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. The password-protected zip file contains an ISO file (i.e.

Malware

Malware Passwords Hacking Information Security

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Security Affairs

MAY 11, 2023

The vulnerability resides in the plugin’s password reset functionality, it impacts versions 5.4.0 “It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. . ” continues the analysis.

Hacking

Hacking Risk Passwords Accountability

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Players hacked during the matches of Apex Legends Global Series. Is it a Russia’s weapon?

Malware

Malware Cybercrime Hacking Cyber threats

Free Download Manager backdoored to serve Linux malware for more than 3 years

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware. org subdomain.

Malware

Malware Software Cryptocurrency Passwords

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware

Malware DDOS Cryptocurrency Firewall

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Security Affairs

SEPTEMBER 16, 2022

Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners. The malicious code can also act as first-stage malware. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software.” Pierluigi Paganini.

Malware

Malware Cryptocurrency Hacking Passwords

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. net on 2023-04-30.

Malware

Malware Passwords Cryptocurrency Hacking

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. SecurityAffairs – hacking, Anonymous). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Government Banking Media

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency. The state-sponsored hackers hacked into the subcontractors of defense companies by exploiting vulnerabilities in the targeted systems and deployed malware. concludes the advisory.

Hacking

Hacking Malware Accountability Technology

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. Recent samples of the malware include specific code to collect app configuration data and credentials from several apps.

Passwords

Passwords Spyware VPN Malware

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The attackers may have gained access to some users’ login credentials after deploying malware on both websites. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Data breaches

Data breaches Hacking Telecommunications Passwords

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Cuttlefish malware targets enterprise-grade SOHO routers

Webinars

Trending Sources

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Webinars

TA547 targets German organizations with Rhadamanthys malware

Who and What is Behind the Malware Proxy Service SocksEscort?

“gitgub” malware campaign targets Github users with RisePro info-stealer

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

New Windows Meduza Stealer targets tens of crypto wallets and password managers

PurpleFox malware infected at least 2,000 computers in Ukraine

New MacStealer macOS malware appears in the cybercrime underground

Alleged FruitFly malware creator ruled incompetent to stand trial

Dariy Pankov, the NLBrute malware author, pleads guilty

A TrickBot malware developer sentenced to 64 months in prison

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Linksys force password reset to prevent Router hijacking

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Plex discloses data breach and urges password reset

Experts link AVRecon bot to the malware proxy service SocksEscort

Frebniis malware abuses Microsoft IIS feature to create a backdoor

Symbiote, a nearly-impossible-to-detect Linux malware?

Statc Stealer, a new sophisticated info-stealing malware

Medusa ransomware gang claims the hack of Toyota Financial Services

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Trojanized Super Mario Bros game spreads malware

New MrbMiner malware infected thousands of MSSQL DBs

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Iranian Broadcaster IRIB hit by wiper malware

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Crooks use HTML smuggling to spread QBot malware via SVG files

Threat actors leverages DLL-SideLoading to spread Qakbot malware

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Free Download Manager backdoored to serve Linux malware for more than 3 years

New shc Linux Malware used to deploy CoinMiner

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

North Korea-linked APT groups target South Korean defense contractors

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Roaming Mantis uses new DNS changer in its Wroba mobile malware

SFO discloses data breach following the hack of 2 of its websites

Stay Connected