2014, Encryption and Malware - Cyber Security Informer

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

OCTOBER 10, 2019

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. Based on these similarities, we're quite sure the new malware was developed by the COMPfun authors. The COMpfun malware was initially documented by G-DATA in 2014.

Malware

Malware Engineering Encryption Hacking

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

JULY 5, 2020

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Ransomware Firewall Backups

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

MAY 25, 2020

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt. Custom Ragnar Locker ransom note (Source: Sophos).

Encryption

Encryption Ransomware Energy and Utilities Advertising

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. ” reads the analysis published by the experts.

Malware

Malware Passwords Encryption Advertising

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware

Ransomware Cybercrime Malware Encryption

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

The Hacker News

MAY 20, 2022

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. XorDdos' modular

Malware

Malware Encryption

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. Pierluigi Paganini.

DDOS

DDOS Encryption DNS Advertising

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. states the analysis published by FireEye.

Malware

Malware Scams Social Engineering Phishing

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

The library did not disclose the family of malware that infected its system, but experts believe that the computers were infected with ransomware. “Some Californian libraries are also affected by a ransomware attack that encrypted computers at 26 community libraries in Contra Costa County on January 3.” Pierluigi Paganini.

Malware

Malware Cyber Attacks Advertising Ransomware

Tedrade banking malware families target users worldwide

Security Affairs

JULY 19, 2020

The four malware families are named Guildma, Javali, Melcoz, and Grandoreiro, experts believe are the result of a Brazilian banking group/operation that is evolving its capabilities targeting banking users abroad. Experts noticed that the malware uses the BITSAdmin tool to download the additional modules. ” continues Kaspersky.

Banking

Banking Malware Phishing Advertising

Catch Hospitality Group discloses PoS malware infection at its restaurants

Security Affairs

NOVEMBER 23, 2019

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Pierluigi Paganini.

Malware

Malware Data breaches Advertising Encryption

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” reads the post published by the company. Pierluigi Paganini.

Encryption

Encryption Advertising Accountability Hacking

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware

Malware Firmware Manufacturing Advertising

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. The account didn’t resume posting on the forum until April 2014. 5, 2014 , but historic DNS records show BHproxies[.]com com on Mar.

Accountability

Accountability Advertising Marketing Malware

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware

Malware Advertising Passwords Manufacturing

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Security Affairs

OCTOBER 3, 2020

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. The social network giant revealed that malware has a Chinese origin and allowed hackers to siphon $4 million from users’ advertising accounts. Pierluigi Paganini.

Malware

Malware Advertising Accountability Authentication

After 1 Million of malware samples analyzed

Security Affairs

NOVEMBER 25, 2019

Malware Hunter – One year after its launch, Marco Ramilli shared the results of its project that has analyzed more than 1 Million malware samples. Malware Hunter is a python powered project driven by three main components: collectors, processors and public API. Malware Analyses Distribution. How it works.

Malware

Malware Penetration Testing Banking Advertising

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware

Ransomware Encryption Malware Advertising

Operators behind Nefilim Ransomware threaten to release stolen data

Security Affairs

MARCH 17, 2020

A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. At the time of writing it is still unclear which is the attack vector exploited by Nefilim operators, experts believe the malware was mainly deployed via RDP. Nefilim appends the.

Ransomware

Ransomware Encryption Cybercrime Advertising

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

Cicada 3301 is the name given to three sets of puzzles posted under the name “3301” online between 2012 and 2014. A second round of puzzles began one year later on January 4, 2013, and then a third round following the confirmation of a fresh clue posted on Twitter on January 4, 2014. ” reported Truesec.

Ransomware

Ransomware Encryption Malware Cybercrime

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising Encryption Hacking

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. Guys, another new #China ( #PRC ) made #DDoS #ELF #malware , I called it: " #Linux /Kaiji", coded in #Go lang, packed, VT low detection=1.

IoT

IoT Malware DDOS Advertising

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. This creates a “chain of trust” between a signature on a piece of software and a CA—like DigiCert or Let’s Encrypt—that operating systems trust. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware.

Malware

Malware Software System Administration Ransomware

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. If not stopped, Dexphot ultimately ran a cryptocurrency miner on the device, with monitoring services and scheduled tasks triggering re-infection when defenders attempt to remove the malware.” msiexec.exe, unzip.exe, rundll32.exe,

Cryptocurrency

Cryptocurrency Malware Encryption Advertising

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Mobile

Mobile Financial Services Banking Malware

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. The ransomware attack took place on September 23, the threat actors breached the network of the company and deployed the malware. Tyler Technologies, Inc. ” reported BleepingComputer.

Technology

Technology Ransomware Encryption Advertising

Mount Locker ransomware operators demand multi-million dollar ransoms

Security Affairs

SEPTEMBER 28, 2020

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to the popular malware researchers Michael Gillespie , the Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key.

Ransomware

Ransomware Encryption Advertising Engineering

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware

Malware Advertising Retail Antivirus

Maze ransomware uses Ragnar Locker virtual machine technique

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

Newly Discovered Malware Evades Detection by Hijacking Communications

eSecurity Planet

MARCH 1, 2022

Symantec this week reported a highly sophisticated malware called “Backdoor.Daxin” that “appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets” and appears to be linked to China. The malware then sends information back to remote servers.

Malware

Malware Government Encryption Architecture

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Baka is a sophisticated e-skimmer developed by a skilled malware developer that implements a unique obfuscation method and loader. The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” ” reads the alert published by VISA.

eCommerce

eCommerce Malware Encryption Advertising

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Encryption

Fuckunicorn ransomware targets Italy in COVID-19 lures

Security Affairs

MAY 27, 2020

The new ransomware was first spotted by the malware researcher JamesWT_MHT that shared samples with the malware community. Upon executing the malware it displays a fake Coronavirus Map from the Center for Systems Science and Engineering at Johns Hopkins University. Pierluigi Paganini.

Ransomware

Ransomware Encryption Advertising Malware

North Korea-Linked Lazarus APT is behind the VHD ransomware

Security Affairs

JULY 28, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection.

Ransomware

Ransomware Malware Advertising VPN

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Security Affairs

JANUARY 30, 2020

Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files. The encrypted files and ransom note are associated with a Ryuk ransomware infection. It is not clear if the malware was developed by the threat actors behind Ryuk Ransomware for data exfiltration. EWA Technologies Inc.,

Ransomware

Ransomware Government Advertising Encryption

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. “This group is known for frequently changing malware and driving global trends in criminal malware distribution,” MITRE assessed. healthcare organizations.

Healthcare

Healthcare Backups Ransomware Insurance

New Reductor Nation-State Malware Compromises TLS

Snake Ransomware isolates infected Systems before encrypting files

Trending Sources

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Ragnar Ransomware encrypts files from virtual machines to evade detection

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Ukrainian Police Nab Six Tied to CLOP Ransomware

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

Is the Abaddon RAT the first malware using Discord as C&C?

German encrypted email service Tutanota suffers DDoS attacks

QSnatch malware infected over 62,000 QNAP NAS Devices

New Coronavirus-themed malspam campaign delivers FormBook Malware

Malware attack took down 600 computers at Volusia County Public Library

Tedrade banking malware families target users worldwide

Catch Hospitality Group discloses PoS malware infection at its restaurants

Zoom now supports end-to-end encrypted (E2EE) calls

xHelper, the Unkillable Android malware that re-Installs after factory reset

CDRThief Linux malware steals VoIP metadata from Linux softswitches

New MATA Multi-platform malware framework linked to NK Lazarus APT

Raccoon Malware, a success case in the cybercrime ecosystem

Who’s Behind the Botnet-Based Service BHProxies?

QNAP urges users to update Malware Remover after QSnatch joint alert

SILENTFADE a long-running malware campaign targeted Facebook AD platform

After 1 Million of malware samples analyzed

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

SentinelOne released free decryptor for ThiefQuest ransomware

Operators behind Nefilim Ransomware threaten to release stolen data

A new variant of Cicada ransomware targets VMware ESXi systems

Dacls RAT, the first Lazarus malware that targets Linux devices

Kaiji, a new Linux malware targets IoT devices in the wild

Stolen Nvidia certificates used to sign malware—here’s what to do

Clop Ransomware attempts to disable Windows Defender and Malwarebytes

Microsoft warns of Dexphot miner, an interesting polymorphic threat

EventBot, a new Android mobile targets financial institutions across Europe

Tyler Technologies finally paid the ransom to receive the decryption key

Mount Locker ransomware operators demand multi-million dollar ransoms

Report: Threat of Emotet and Ryuk

Maze ransomware uses Ragnar Locker virtual machine technique

Newly Discovered Malware Evades Detection by Hijacking Communications

Visa warns of new sophisticated credit card skimmer dubbed Baka

Leading Law firm Seyfarth Shaw discloses ransomware attack

Fuckunicorn ransomware targets Italy in COVID-19 lures

North Korea-Linked Lazarus APT is behind the VHD ransomware

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

New Ransom Payment Schemes Target Executives, Telemedicine

Stay Connected