article thumbnail

PlugX malware deleted from thousands of systems by FBI

Malwarebytes

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the Peoples Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers.

Malware 113
article thumbnail

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. “If you have ever run this script on Windows 7 or Windows Server 2008 R2 , you probably noticed a weird recurring result and perhaps thought that it was a false positive just as I did.

Hacking 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. ru in 2008.

Malware 303
article thumbnail

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit , a fairly common but dangerous trojan horse that spreads by appending itself to other files. He said Saicoo did not address his concern that the driver package on its website was bundled with malware. Image: Virustotal.com.

Malware 356
article thumbnail

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware 272
article thumbnail

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

” The US-linked hackers targeted the Chinese organizations between September 2008 and June 2019. The Chinese security firm also adds that the APT-C-39 hacking group employed several Vault 7 tools in its operations, including the Fluxwire backdoor, and the Grasshopper malware builder. Pierluigi Paganini.

Hacking 145
article thumbnail

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. ” reads the report published by Google.

Malware 129