CyberSecurity Insiders

OCTOBER 27, 2021

Binary diffing , a technique for comparing binaries, can be a powerful tool to facilitate malware analysis and perform malware family attribution. For this reason, AT&T Alien Labs created a new open-source tool, r2diaphora, to port Diaphora as a plugin for Radare2, and included some use cases in this blog.

Architecture 132

Architecture Malware IoT Engineering 132

eSecurity Planet

AUGUST 2, 2022

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Linux malware growth has occurred even as Windows, Android and macOS have all seen a decline in new malware samples.

Malware 137

Malware VPN Encryption Marketing 137

Security Affairs

NOVEMBER 19, 2022

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. LodaRAT is written in AutoIt, the researchers pointed out that it is easy to obtain its original source code from the compiled binaries by using an AutoIt decompiler. ” continues the report.

Malware 139

Malware Encryption Hacking Software 139

Heimadal Security

NOVEMBER 9, 2022

Cryptocurrency users are once again threatened by cyberattacks, this time in the shape of a new clipper malware strain called Laplas, deployed via SmokeLoader. Researchers claim they have identified more than 180 different samples related to the clipper malware in the last two weeks, suggesting a wide scale deployment.

Cryptocurrency 104

Cryptocurrency Malware Phishing Cybersecurity 104

The Hacker News

MARCH 29, 2023

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée.

Malware 105

Malware Software Hacking Cybersecurity 105

Schneier on Security

MAY 16, 2019

Last month, Kaspersky discovered that Asus's live update system was infected with malware , an operation it called Operation Shadowhammer. Studying this case, our experts found other samples that used similar algorithms. Now we learn that six other companies were targeted in the same operation.

Malware 243

Malware 243

Bleeping Computer

JULY 25, 2022

A malware author released the source code of their info-stealer for free on hacking forums earlier this month, and security analysts already report observing several samples being deployed in the wild. [.].

Malware 96

Malware Hacking 96

SecureList

APRIL 13, 2023

In this blog post, we provide excerpts from the recent reports that focus on uncommon infection methods and describe the associated malware. We observed the first sample in June 2022, when it was targeting SSH and not Telnet services. According to the author, the malware: Is written in C/C++, while the C2 is written in Golang.

Malware 99

Malware Engineering Advertising Phishing 99

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec 140

InfoSec Malware Cybercrime Information Security 140

CSO Magazine

FEBRUARY 16, 2023

A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks.

Malware 120

Malware Cybersecurity 120

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 85

Engineering Malware Encryption Hacking 85

Heimadal Security

NOVEMBER 16, 2022

The “RapperBot” malware group has been rapidly expanding since mid-June 2022. Researchers discovered new samples of RapperBot malware used to build a botnet capable of carrying Distributed Denial of Service (DDoS) attacks against game servers.

DDOS 78

DDOS IoT Malware Cybersecurity 78

Adam Levin

NOVEMBER 6, 2020

I sell everything at once, without samples, convenient access via rdp to each network,” states the advertisement , promising administrative access to each compromised network. Source: CyberNews.com. Read more here. The post Network Access to 7000 Organizations For Sale on Dark Web appeared first on Adam Levin.

Advertising 182

Advertising Hacking Ransomware Malware 182

Security Affairs

JUNE 21, 2023

Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a new strain of malware called Condi that was observed exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers. ” concludes the report.”Thus,

DDOS 85

DDOS Malware Advertising Hacking 85

Security Affairs

APRIL 9, 2024

The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts. BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 93

Engineering Phishing Malware Hacking 93

Security Affairs

AUGUST 27, 2023

The leak of the source code of the LockBit 3.0 A similar difference in compilation time was identified in the malware’s template binaries (embedded and incomplete versions of the malware used to build the final version ready for distribution).” One a limited number of samples enable communication to C2.

Ransomware 94

Ransomware Encryption Malware Hacking 94

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. million malware, adware, and riskware attacks on mobile devices. Last month, we wrote a total of four private crimeware reports on Android malware, three of which are summarized below. In 2023 , our technologies blocked 33.8

Malware 86

Malware Mobile Firmware Spyware 86

SC Magazine

JUNE 10, 2021

Researchers identified a number of promising machine learning techniques that may help improve detection of untracked or zero day malware. The project set out to find alternatives to the two most popular forms of malware detection – static and dynamic analysis – both have limitations or workarounds that threat actors can use to evade notice.

Malware 132

Malware Antivirus Ransomware Software 132

Malwarebytes

MAY 11, 2023

Malwarebytes has once again earned a perfect score in AVLabs March 2023 real-world malware detection tests, marking the sixth consecutive quarter achieving this feat. The tests involve: Malware Collection : AVLab amasses a broad spectrum of malware samples from various sources, such as public feeds and custom honeypots.

Cyber Attacks 70

Cyber Attacks Malware Technology Cybersecurity 70

Security Affairs

JUNE 16, 2023

The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet. The GravityRAT malware Access Trojan (RAT) is believed to be the work of Pakistani hacker groups, it was mainly employed in attacks aimed at Indian users.

Backups 90

Backups Spyware Malware Accountability 90

Security Affairs

JUNE 13, 2022

The malware could target both Windows and Linux systems, in the recent attacks observed by security experts at Palo Alto Unit 42 team, the operators employed the open-source backdoor MicroBackdoor to maintain persistence on infected hosts. “The ransom note was modified between the observed samples.

Ransomware 82

Ransomware Malware Hacking Cybersecurity 82

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. explained. “If

Malware 138

Malware Mobile Spyware Encryption 138

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” continues the report.

Malware 133

Malware Encryption Antivirus Passwords 133

Security Boulevard

NOVEMBER 20, 2023

HYAS Malware Detonations The milestone we’ve achieved this month is the re-tooling of our malware detonation infrastructure and the data pipeline that feeds many parts of HYAS Insight. First, we are now detonating and analyzing tens of thousands of malware samples per day on average. But I am getting ahead of myself.

Malware 72

Malware Spyware DNS Architecture 72

Security Boulevard

MARCH 12, 2024

Attackers share malicious files disguised as Frames Per Second (FPS) optimization packages with users and, in turn, users infect their own systems with Tweaks malware.Given that 45% of Roblox users are under 13, it’s probable that the malware being circulated could extend to parents’ systems.

Malware 134

Malware Passwords Antivirus Risk 134

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. ” continues the report.

Malware 96

Malware Authentication Software Accountability 96

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads.

Malware 143

Malware Engineering Encryption Hacking 143

Security Affairs

JUNE 27, 2023

The investigation is still ongoing, the experts pointed out that the samples are still largely undetected The researchers analyzed a total of four samples that were uploaded to VirusTotal, with the earliest sample that was uploaded by an anonymous actor to the platform on April 18, 2023. The analysis of the sh.py

Cryptocurrency 87

Cryptocurrency Spyware Malware Architecture 87

SC Magazine

MARCH 10, 2021

New malware compiled on Red Hat Enterprise Linux uses a network data encoding scheme based on XOR, creates a backdoor in systems that gives an attacker near full control over infected machines. ( “Linux password file” by Christiaan Colen is licensed under CC BY-SA 2.0 ).

Malware 136

Malware Media Passwords Government 136

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. In this case, the attackers used Google Play as a trusted source," says Kaspersky researcher Alexey Firsh. "You This particular campaign is tied to the government of Vietnam. You can deliver a link to this app, and the victim will trust it because it's Google Play." [.].

Malware 297

Malware Spyware Phishing Government 297

SecureList

JANUARY 16, 2024

Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware previously shrouded in mystery.

Malware 116

Malware Mobile Backups Spyware 116

Security Affairs

JANUARY 8, 2023

Experts warn of a new variant of the Dridex banking malware that is targeting systems using the macOS operating system. Trend Micro experts discovered a new variant of the Dridex banking malware that targets the MacOS platform and that used a new technique to deliver documents embedded with malicious macros. doc” command.

Banking 93

Banking Malware Social Engineering Cybercrime 93

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. In fact, EM emanation that is measured from the device is practically undetectable by the malware.

IoT 116

IoT Malware Internet Internet 116

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware 86

Malware Cybercrime Banking Software 86

Security Affairs

OCTOBER 23, 2023

The HUNTER unit’s Dark Web sleuthing yielded findings that suggest otherwise, although the ultimate source of the leaks discussed in this report remains unclear. Concurrently, the actor shared spreadsheets containing four large leak samples with fragments of Aadhaar data as a proof.

Identity Theft 120

Identity Theft Banking Data breaches Malware 120

SecureList

MARCH 18, 2021

We have already seen quite a few samples written in Go, and recently cybercriminals turned their attention to Rust as well. The first to write about suspicious files in this programming language was a Twitter user, @gorelics: Suspicious agent (rust compiler) #macos #malware [link] [link] pic.twitter.com/OgZIzlgVmA. Sample in Rust.

Adware 126

Adware Encryption Technology Advertising 126

CyberSecurity Insiders

MAY 23, 2023

Stay Informed with Threat Intelligence: Leveraging threat intelligence sources is vital for tracking ransomware attacks. These sources provide up-to-date insights on emerging ransomware variants, attack techniques, and indicators of compromise, allowing organizations to stay one step ahead of potential threats.

Ransomware 109

Ransomware Cybersecurity Malware Government 109