Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. “In these new samples, the signature was edited such that an End of Content (EOC) marker replaced a NULL tag for the ‘parameters’ element of the SignatureAlgorithm signing the leaf X.509

Software 125

Software Hacking Cybercrime Information Security 125

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance 122

Surveillance Mobile Spyware Telecommunications 122

Security Boulevard

JULY 28, 2021

found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. Continue reading Stylish Magento Card Stealer loads Without Script Tags at Sucuri Blog. The post Stylish Magento Card Stealer loads Without Script Tags appeared first on Security Boulevard.

Antivirus 70

Antivirus Malware Encryption Hacking 70

The Hacker News

JANUARY 18, 2024

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language.

Malware 79

Malware Phishing 79

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG.

Accountability 137

Accountability Malware Phishing Social Engineering 137

Security Affairs

DECEMBER 14, 2022

Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. Pierluigi Paganini.

Malware 98

Malware Phishing Passwords Hacking 98

The Hacker News

DECEMBER 14, 2022

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags.

Malware 92

Malware Hacking Phishing 92

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies. SocksEscort[.]com

Malware 195

Malware VPN Internet Internet 195

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime 128

Cybercrime Malware Software Hacking 128

Heimadal Security

AUGUST 2, 2021

Its target was the stealing of COVID-19 vaccine investigations at that time, using malware tagged as “WellMess” or “WellMail” Then, the U.S. The post Russia’s SVR WellMess Malware Is Seemingly Still in the Game appeared first on Heimdal Security Blog. Presidency accused Russian […].

Malware 105

Malware Cybersecurity 105

Malwarebytes

JUNE 16, 2023

Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. Every High Sierra Cyber Security account claiming to offer exploits for well known products was actually offering up malicious repositories harbouring malware. This was a risky gambit for the creators of this malware scam.

Malware 83

Malware Scams Accountability Media 83

Tech Republic Security

FEBRUARY 10, 2021

Malware designed to steal log-in information saved in browsers has infected 16 million computers and swiped credentials for up to 174,800 accounts.

Accountability 134

Accountability Malware 134

The Hacker News

OCTOBER 31, 2023

The threat actor known as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets.

Spyware 109

Spyware Malware 109

Malwarebytes

JANUARY 22, 2024

Researchers at Google’s Threat Analysis Group (TAG) have published their findings about a group they have dubbed Coldriver. The group uses social engineering techniques to persuade their targets to open documents or download malware. This backdoor is custom malware, likely developed by or for Coldriver, called Spica.

Social Engineering 92

Social Engineering Government Media DNS 92

Security Boulevard

MARCH 28, 2024

In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business said they saw 97 zero-day. The post Google: Zero-Day Attacks Rise, Spyware and China are Dangers appeared first on Security Boulevard.

Spyware 134

Spyware Cybersecurity Mobile Malware 134

Bleeping Computer

NOVEMBER 30, 2021

Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload. [.].

Malware 144

Malware 144

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing 122

Manufacturing Government Phishing Passwords 122

Malwarebytes

NOVEMBER 1, 2022

Yet, the developer is still on Google Play dispensing its latest HiddenAds malware. Our analysis of this malware starts with us finding an app named Bluetooth Auto Connect (full app information at the bottom of this article). Delaying malicious behavior is a common tactic to evade detection by malware developers.

Phishing 90

Phishing Malware Mobile Adware 90

Security Affairs

JUNE 5, 2021

The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware.

Malware 119

Malware Banking Ransomware Encryption 119

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 228

Mobile Malware Technology Government 228

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. ” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. CVE-2017-0199 ). Pierluigi Paganini.

Internet 99

Internet Internet Engineering Malware 99

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware 91

Ransomware Malware Social Engineering Media 91

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. Pierluigi Paganini.

Malware 140

Malware Media Surveillance Encryption 140

SecureList

MARCH 31, 2022

This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. The malware operator exclusively used compromised web servers located in South Korea for this attack. Then, the spawned malware overwrites the legitimate application with the Trojanized application. Backdoor creation.

Malware 117

Malware Encryption Cryptocurrency Architecture 117

Bleeping Computer

FEBRUARY 3, 2021

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [.].

Malware 139

Malware 139

Security Boulevard

JULY 19, 2023

Well, in this case it comes with a hefty hidden price tag. We're talking about malware, and one sneaky culprit in particular: HotRat. Would you like to get the last version of Microsoft Office or Adobe Photoshop? And what about some games like Age of Empires IV or Sniper Elite 4? All for free!

Software 96

Software Malware 96

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity 117

Cybersecurity Media Accountability Software 117

The Hacker News

JULY 19, 2022

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service (DDoS) attacks against Russian sites.

DDOS 96

DDOS Malware 96

Schneier on Security

SEPTEMBER 3, 2019

Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. released on February 7.).

Hacking 225

Hacking Surveillance Malware Government 225

Malwarebytes

NOVEMBER 16, 2021

And new Mac malware that was disclosed on Thursday provides a concrete example of why this is not just theory. Google’s Threat Analysis Group (TAG) discovered a watering hole campaign in Hong Kong, targeting journalists and pro-democracy political groups. Fake Adobe Flash Player installer used to install the malware.

Malware 97

Malware Software Antivirus Government 97

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Spyware 115

Spyware Surveillance Mobile Hacking 115

Bleeping Computer

MAY 7, 2022

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. [.].

Antivirus 97

Antivirus Malware Technology 97

The Hacker News

APRIL 20, 2021

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware.

Internet 145

Internet Internet Advertising Malware 145

Bleeping Computer

DECEMBER 7, 2022

Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware. [.].

Internet 77

Internet Internet Malware 77

Bleeping Computer

MARCH 30, 2022

The Google Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. [.].

Phishing 91

Phishing Malware 91

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing 95

Phishing Media Passwords Malware 95

The Hacker News

AUGUST 23, 2022

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.

Accountability 98

Accountability Government Malware Software 98