Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware 145

Malware Advertising Ransomware Encryption 145

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Malwarebytes

NOVEMBER 16, 2021

This Android app, purported as a secure messaging application that uses end-to-end encryption, is the latest ruse cybercriminals put upon smartphone users, particularly those based in India, to infect their devices with GravityRAT, a piece of malicious software that is known to spy on people and steal their data.

Malware 144

Malware Encryption Media Marketing 144

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware 143

Malware Firmware Advertising Manufacturing 143

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Read or write the files on the device’s external storage.

Encryption 111

Encryption Malware Media Authentication 111

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. states the analysis published by FireEye.

Malware 145

Malware Scams Social Engineering Phishing 145

Security Affairs

JANUARY 22, 2020

The library did not disclose the family of malware that infected its system, but experts believe that the computers were infected with ransomware. “Some Californian libraries are also affected by a ransomware attack that encrypted computers at 26 community libraries in Contra Costa County on January 3.” Pierluigi Paganini.

Malware 141

Malware Cyber Attacks Advertising Ransomware 141

Security Affairs

NOVEMBER 23, 2019

The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain.The Catch Hospitality Group has suffered a malware attack, a point-of-sale malware has infected systems (POS) at several restaurants of the chain. Pierluigi Paganini.

Malware 133

Malware Data breaches Advertising Encryption 133

Security Affairs

OCTOBER 15, 2020

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” reads the post published by the company. Pierluigi Paganini.

Encryption 111

Encryption Advertising Accountability Hacking 111

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware 145

Malware Firmware Manufacturing Advertising 145

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware 113

Malware Encryption Advertising Passwords 113

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware 124

Malware Ransomware Advertising Encryption 124

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 225

Advertising Antivirus Software Malware 225

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 133

Cybercrime Malware Cryptocurrency Advertising 133

Security Affairs

DECEMBER 17, 2019

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Dacls is the first malware linked to the Lazarus group that targets Linux systems. com /cms/ wp -content/uploads/2015/12/. Pierluigi Paganini.

Malware 113

Malware Advertising Encryption Hacking 113

Security Affairs

NOVEMBER 25, 2019

Malware Hunter – One year after its launch, Marco Ramilli shared the results of its project that has analyzed more than 1 Million malware samples. Malware Hunter is a python powered project driven by three main components: collectors, processors and public API. Malware Analyses Distribution. How it works.

Malware 140

Malware Penetration Testing Banking Advertising 140

Security Affairs

OCTOBER 3, 2020

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. The social network giant revealed that malware has a Chinese origin and allowed hackers to siphon $4 million from users’ advertising accounts. Pierluigi Paganini.

Malware 135

Malware Advertising Accountability Authentication 135

Malwarebytes

MARCH 15, 2022

Those certificates are now being used to sign malware. This creates a “chain of trust” between a signature on a piece of software and a CA—like DigiCert or Let’s Encrypt—that operating systems trust. From there, any cybercriminal that wanted to could grab the certificates and use them to sign their malware.

Malware 135

Malware Software System Administration Ransomware 135

Security Affairs

MAY 5, 2020

Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. Guys, another new #China ( #PRC ) made #DDoS #ELF #malware , I called it: " #Linux /Kaiji", coded in #Go lang, packed, VT low detection=1.

IoT 145

IoT Malware DDOS Advertising 145

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware 143

Ransomware Encryption Malware InfoSec 143

Security Affairs

AUGUST 2, 2020

The Taiwanese vendor QNAP urges its users to update the Malware Remover app following the alert on the QSnatch malware. The Taiwanese company QNAP is urging its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware. Webshell functionality for remote access.

Malware 126

Malware Advertising Passwords Manufacturing 126

Security Affairs

MARCH 17, 2020

A new ransomware dubbed Nefilim appeared in the threat landscape at the end of February, it borrows its code from other malware, the Nemty ransomware. At the time of writing it is still unclear which is the attack vector exploited by Nefilim operators, experts believe the malware was mainly deployed via RDP. Nefilim appends the.

Ransomware 137

Ransomware Encryption Cybercrime Advertising 137

Security Affairs

SEPTEMBER 2, 2024

The stated intent was to recruit “intelligent individuals” by presenting a series of puzzles to be solved; no new puzzles were published on January 4, 2015. Truesec researchers dissected a variant that targets VMware ESXi systems, which appears to be a version of the same malware for Windows. ” reported Truesec.

Ransomware 141

Ransomware Encryption Malware Cybercrime 141

Security Affairs

DECEMBER 2, 2019

Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems.

Ransomware 145

Ransomware Encryption Advertising Malware 145

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. If not stopped, Dexphot ultimately ran a cryptocurrency miner on the device, with monitoring services and scheduled tasks triggering re-infection when defenders attempt to remove the malware.” msiexec.exe, unzip.exe, rundll32.exe,

Cryptocurrency 145

Cryptocurrency Malware Encryption Advertising 145

Security Affairs

APRIL 30, 2020

Security experts from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe. Researchers from Cybereason Nocturnus team discovered a new piece of Android malware dubbed EventBot that targets banks, financial services across Europe.

Mobile 143

Mobile Financial Services Banking Malware 143

Security Affairs

OCTOBER 11, 2020

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. The ransomware attack took place on September 23, the threat actors breached the network of the company and deployed the malware. Tyler Technologies, Inc. ” reported BleepingComputer.

Technology 145

Technology Ransomware Encryption Advertising 145

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware 277

Ransomware Cybercrime Accountability Malware 277

Security Affairs

SEPTEMBER 28, 2020

A new ransomware gang named Mount Locker has started its operations stealing victims’ data before encrypting. According to the popular malware researchers Michael Gillespie , the Mount Locker uses ChaCha20 to encrypt the files and an embedded RSA-2048 public key to encrypt the encryption key.

Ransomware 144

Ransomware Encryption Advertising Engineering 144

Security Affairs

JUNE 29, 2021

Like other ransomware gangs, Lorenz operators also implement double-extortion model by stealing data before encrypting it and threatening them if the victim doesn’t pay the ransom. Lorenz sends the name of the infected system to a C2 before encrypting the file. Lorenz places a header before the encrypted file instead.

Ransomware 135

Ransomware Encryption Passwords Malware 135

Security Affairs

SEPTEMBER 17, 2020

The Maze ransomware operators now use a virtual machine to encrypt a computer, a tactic previously adopted by the Ragnar Locker malware. The Maze ransomware operators have adopted a new tactic to evade detection, their malware now encrypts a computer from within a virtual machine. Pierluigi Paganini.

Ransomware 145

Ransomware Encryption Advertising Malware 145

Security Affairs

JANUARY 31, 2020

Emotet , the most widespread malware worldwide and Ryuk , a ransomware type, are growing threats and real concerns for businesses and internet users in 2020. This study also concludes that a total of 377 Portuguese domains to spread different types of malware in the same period. SecurityAffairs – malware, hacking).

Malware 144

Malware Advertising Retail Antivirus 144

Security Affairs

SEPTEMBER 6, 2020

Baka is a sophisticated e-skimmer developed by a skilled malware developer that implements a unique obfuscation method and loader. The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” ” reads the alert published by VISA.

eCommerce 145

eCommerce Malware Encryption Advertising 145

Security Affairs

MARCH 16, 2020

Experts warn of a new malware strain, dubbed PXJ Ransomware, that does share the same underlying code with existing ransomware families. The name PXJ ransomware comes from the file extension that it appends to encrypted files. The AES key is then encrypted with the stronger asymmetric key, in this case, the RSA crypto-system.”.

Ransomware 133

Ransomware Encryption Malware Advertising 133

Security Affairs

MAY 27, 2020

The new ransomware was first spotted by the malware researcher JamesWT_MHT that shared samples with the malware community. Upon executing the malware it displays a fake Coronavirus Map from the Center for Systems Science and Engineering at Johns Hopkins University.

Ransomware 145

Ransomware Encryption Advertising Malware 145

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware 145

Ransomware Advertising Malware Encryption 145

Security Affairs

JANUARY 30, 2020

Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files. The encrypted files and ransom note are associated with a Ryuk ransomware infection. It is not clear if the malware was developed by the threat actors behind Ryuk Ransomware for data exfiltration. EWA Technologies Inc.,

Ransomware 136

Ransomware Government Advertising Encryption 136