Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more.

Spyware 144

Spyware Surveillance Advertising Mobile 144

SecureList

SEPTEMBER 28, 2021

Kaspersky has been tracking deployments of this spyware since 2011. Both of them are encrypted with RC4. All communications between the server are encrypted with RC4. The Trojan’s Cryptography Library to encrypt/decrypt exchanged data. The encrypted VFS file. Names differ between samples.

Encryption 145

Encryption Malware Spyware Architecture 145

Malwarebytes

APRIL 11, 2023

The term was first used by Brian Krebs in 2011 after a proof of concept was conducted at DEF CON by Wall of Sheep. There are many categories of malware that cybercriminals could install through juice jacking, including adware, cryptominers, ransomware, spyware, or Trojans.

Mobile 98

Mobile Malware Banking Spyware 98

Security Affairs

MARCH 27, 2023

The threat actor abused Bitly shortener and an ad hoc BlogSpot account to protect the malicious code, lastly stored in an encrypted zip archive hosted on Mega.nz. Lower.exe, a sample of “GCleaner” spyware, historically, this piece of malware was initially faking CCleaner to drop additional malware ( link ).

Malware 98

Malware Social Engineering Encryption Marketing 98

SecureList

NOVEMBER 28, 2024

However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform. The access management software facilitates access to the encrypted partition of the drive. There are also some changes to the victimology.

Malware 106

Malware Government Software Spyware 106

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper that includes more than just specific malware families; it drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware and many others. Configuration is stored in several registry keys in encrypted and base64 encoded form. NullMixer execution chain.

Malware 125

Malware Cryptocurrency Passwords Software 125

SecureList

MARCH 1, 2021

The word “covid” in various combinations was typically used in the names of packages hiding spyware and banking Trojans, adware or Trojan droppers. This is a typical example of the kind of old-school text-message scams that were popular in 2011 and 2012. Pandemic theme in mobile threats. apk and coviddetect.apk.

Mobile 143

Mobile Malware Adware Banking 143