2014, Information Security and Malware - Cyber Security Informer

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation.

Malware

Malware Government Hacking Cybersecurity

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. ” reads the advisory. ” concludes the report.

Hacking

Hacking Firmware Software Manufacturing

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Advertising Cryptocurrency Accountability

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January.

Malware

Malware Wireless Mobile Advertising

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. The post Romanians arrested for running underground malware services appeared first on Security Affairs.

Malware

Malware Antivirus Cybercrime Software

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group.

Malware

Malware Advertising InfoSec Hacking

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

FBI arrested a Russian national for recruiting employee of US firm to plant malware

Security Affairs

AUGUST 26, 2020

after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. “He explained the malware attacks the systems in two ways.

Malware

Malware DDOS Advertising Hacking

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Google Drive).

Malware

Malware Phishing Advertising Antivirus

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date. ” concludes the report.

Cyber Attacks

Cyber Attacks Hacking Government Malware

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

The botnet was linked to a new malware hosting domain that has been serving Mirai variants for several different botnets over the past year. This payload contains the logic to change the execution path to a temporary location, wget a file from a malware hosting page, provide execution permissions, and execute it.”

Malware

Malware Internet Internet DDOS

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once Pierluigi Paganini.

Software

Software Malware Telecommunications Antivirus

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The campaigns were classified as either phishing or malware. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way. Phishing and Malware Q2 2020. Malware by Numbers.

Threat Reports

Threat Reports Phishing Banking Malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Ransomware

France, Japan, and New Zealand warn of a surgein Emotet attacks

Security Affairs

SEPTEMBER 8, 2020

The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. ” reads the alert.

Malware

Malware Advertising Banking Hacking

Visa shares details for two attacks on North American hospitality merchants

Security Affairs

OCTOBER 4, 2020

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. According to a security alert published last week, the attacks took place in May and June 2020, respectively. ” reads the VISA security alert.”In ” continues the report.

Malware

Malware Advertising Accountability Hacking

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK. The macros download and execute the FRIENDSPEAK code, which in turn downloads the MIXLABEL malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Malware Telecommunications Advertising

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Spyware

Spyware Malware Advertising Cryptocurrency

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. These included PClock, CryptoLocker 2.0, Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Spyware VPN Malware

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. Pierluigi Paganini.

Malware

Malware Advertising Antivirus Banking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

How to check if an email or a domain was used in Emotet attacks?

Security Affairs

OCTOBER 1, 2020

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign.

Malware

Malware Advertising Banking Passwords

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. In the arsenal of the group, there is custom malware specifically developed the targeting of switch applications on Windows servers, they also developed malware to target interbank payment processors.

Banking

Banking Malware Advertising Hacking

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

According to BleepingComputer, in July, systems at the toymaker were infected with the TrickBot malware which was used by several cybercrime gangs to deliver malware like Ryuk or Conti. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Retail Malware

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

’ The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Recently Kaspersky experts reported that Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA , to target entities worldwide.

Cyber Attacks

Cyber Attacks Manufacturing Hacking Advertising

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. ” The botnet is scanning the Internet for misconfigured Docker API endpoints, Experts noticed that the Ngrok malware has already infected many vulnerable servers.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

DECEMBER 12, 2024

These are the first known mobile malware families linked to the Russian APT. Gamaredon has been launching cyber-espionage campaigns on Ukraine since at least 2014. The two malware families can collect data such as SMS messages, call logs, phone call audio, photos from device cameras, device location, and contact lists.

Mobile

Mobile Malware Surveillance Social Engineering

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

Government

Government Banking Advertising Malware

Google removes 17 Joker -infected apps from the Play Store

Security Affairs

SEPTEMBER 27, 2020

Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. ” reads the post published by ZScaler. Pierluigi Paganini.

Malware

Malware Advertising Spyware Encryption

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Encryption

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

“They are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014. This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” 5 members of the group have been notified of suspicion of treason.”

Government

Government Software Cyber threats Cyber Attacks

FBI deleted China-linked PlugX malware from over 4,200 US computers

Mazda Connect flaws allow to hack some Mazda vehicles

Trending Sources

REMnux 7, a Linux toolkit for malware analysts released

QSnatch malware infected over 62,000 QNAP NAS Devices

Is the Abaddon RAT the first malware using Discord as C&C?

CDRThief Linux malware steals VoIP metadata from Linux softswitches

New MrbMiner malware infected thousands of MSSQL DBs

Pre-Installed malware spotted on other Android phones sold in US

Carbanak malware returned in ransomware attacks

FBI and NSA joint report details APT28’s Linux malware Drovorub

Romanians arrested for running underground malware services

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

FBI arrested a Russian national for recruiting employee of US firm to plant malware

QQAAZZ crime gang charged for laundering money stolen by malware gangs

EnemyBot malware adds new exploits to target CMS servers and Android devices

A Google Drive weakness could allow attackers to serve malware

The Mask APT is back after 10 years of silence

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Administrator of RSOCKS Proxy Botnet Pleads Guilty

China-linked Moshen Dragon abuses security software to sideload malware

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Threat Report Portugal: Q2 2020

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

France, Japan, and New Zealand warn of a surgein Emotet attacks

Visa shares details for two attacks on North American hospitality merchants

FIN11 gang started deploying ransomware to monetize its operations

XCSSET Mac spyware spreads via Xcode Projects

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

REvil Ransomware member win the auction for KPot stealer source code

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

France national cyber-security agency warns of a surge in Emotet attacks

US Cyber Command details implants used in attacks on parliaments and embassies

New Lobshot hVNC malware spreads via Google ads

How to check if an email or a domain was used in Emotet attacks?

North Korea-linked APT group BeagleBoyz targets banks

Toymaker giant Mattel disclosed a ransomware attack

Israel announced to have foiled an attempted cyber-attack on defence firms

Doki, an undetectable Linux backdoor targets Docker Servers

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

CISA alert warns of Emotet attacks on US govt entities

Google removes 17 Joker -infected apps from the Play Store

Leading Law firm Seyfarth Shaw discloses ransomware attack

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Stay Connected