2015, Information Security and Malware - Cyber Security Informer

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. revealed that the XcodeGhost malware impacted 128 million iOS users. The post Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015 appeared first on Security Affairs.

Malware

Malware Hacking Mobile Passwords

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

GravityRAT malware also targets Android and macOS

Security Affairs

OCTOBER 19, 2020

Researchers from Kaspersky Lab have spotted new variants of the GravityRAT malware that now can be also used to infect Android and macOS devices. GravityRAT is a malware strain known for checking the CPU temperature of Windows computers to avoid being executed in sandboxes and virtual machines. Pierluigi Paganini.

Malware

Malware Computers and Electronics Spyware Advertising

REMnux 7, a Linux toolkit for malware analysts released

Security Affairs

JULY 26, 2020

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware.

Malware

Malware Advertising Software Engineering

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. DataProtector was launched in 2015, while CyberScan was launched in 2019. Pierluigi Paganini.

Malware

Malware Antivirus Cybercrime Software

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Advertising Cryptocurrency Accountability

Is the Abaddon RAT the first malware using Discord as C&C?

Security Affairs

OCTOBER 25, 2020

Researchers from MalwareHunterTeam have spotted a new piece of remote access trojan (RAT) dubbed ‘Abaddon’ that is likely the first malware using the Discord platform as command and control. The Abaddon malware connects to the Discord command and control server to check for new commands to execute. "Abaddon"

Malware

Malware Advertising Ransomware Encryption

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January.

Malware

Malware Wireless Mobile Advertising

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group.

Malware

Malware Advertising IoT Government

North Korea-Linked APT Group Kimsuky spotted using new malware

Security Affairs

NOVEMBER 2, 2020

North Korea-linked APT group Kimsuky was recently spotted using a new piece of malware in attacks on government agencies and human rights activists. The new malware appears to have been developed recently, but threat actors might have used Backdating, or timestomping to thwart analysis attempts (anti-forensics).

Malware

Malware Advertising Spyware Government

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware

Malware Data collection Manufacturing Healthcare

FBI arrested a Russian national for recruiting employee of US firm to plant malware

Security Affairs

AUGUST 26, 2020

after attempting to recruit an employee at a targeted company to plant a malware. US authorities arrested the Russian national Egor Igorevich Kriuchkov (27) after attempting to recruit an employee at a targeted company to plant a piece of malware. “He explained the malware attacks the systems in two ways.

Malware

Malware DDOS Advertising Hacking

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Malware

Malware DDOS IoT Cybercrime

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

File encryption 2013 – 2015. Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. RaaS rollout 2015 – 2018. Crypt0L0cker, and TorrentLocker.

Ransomware

Ransomware Hacking Encryption Penetration Testing

A Google Drive weakness could allow attackers to serve malware

Security Affairs

AUGUST 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post A Google Drive weakness could allow attackers to serve malware appeared first on Security Affairs. At the time of writing, there is no evidence that the vulnerability has been exploited by threat actors in attacks in the wild.

Malware

Malware Phishing Advertising Antivirus

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. A malware campaign conducted by alleged Russian threat actors has been targeting users in Eastern European in the crypto industry. ” continues the report. Stolen data are exfiltrated through Telegram.

Cryptocurrency

Cryptocurrency Malware Media Phishing

North Korea-linked Andariel APT used a new malware named EarlyRat last year

Security Affairs

JUNE 29, 2023

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

Malware

Malware Cybercrime Phishing Internet

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The BeagleBoyz have attempted to steal nearly $2 billion since at least 2015, according to public estimates. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising Hacking

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The campaigns were classified as either phishing or malware. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way. Phishing and Malware Q2 2020. Malware by Numbers.

Threat Reports

Threat Reports Phishing Banking Malware

Visa shares details for two attacks on North American hospitality merchants

Security Affairs

OCTOBER 4, 2020

Visa revealed that two unnamed North American hospitality merchants have been infected with some strains of point-of-sale (POS) malware. According to a security alert published last week, the attacks took place in May and June 2020, respectively. ” reads the VISA security alert.”In ” continues the report.

Malware

Malware Advertising Accountability Hacking

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Spyware

Spyware Malware Advertising Cryptocurrency

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

Anton on Security

MARCH 1, 2021

As one vendor once said, “you have an adversary problem, not a malware problem.” There was a concept of human+machine chess that looked really awesome in 1998–2015, but then was quickly and mercilessly killed by the improving neural networks. We need to hunt and not rely solely on automated systems for things like detection?—?hence

Information Security

Information Security Malware Cybersecurity

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies. US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies.

Malware

Malware Advertising Hacking Government

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. Pierluigi Paganini. SecurityAffairs – hacking, UEFI).

Firmware

Firmware Spyware Surveillance Hacking

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Security Affairs

OCTOBER 25, 2020

Upon installing the malware, Emotet will download additional payloads on the machine, including ransomware, and use it to send spam emails. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. since August.

Malware

Malware Banking Advertising Ransomware

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

According to BleepingComputer, in July, systems at the toymaker were infected with the TrickBot malware which was used by several cybercrime gangs to deliver malware like Ryuk or Conti. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Retail Malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Cybercrime

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. ” The botnet is scanning the Internet for misconfigured Docker API endpoints, Experts noticed that the Ngrok malware has already infected many vulnerable servers.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

France, Japan, and New Zealand warn of a surgein Emotet attacks

Security Affairs

SEPTEMBER 8, 2020

In the middle-August, the malware was employed in fresh COVID19-themed spam campaign. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. ” reads the alert.

Malware

Malware Advertising Banking Hacking

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

Ukrainian national Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID malware operations. DoJ sentenced the Ukrainian national Vyacheslav Igorevich Penchukov (37) to prison and ordered him to pay millions of dollars in restitution for his role in the Zeus and IcedID malware operations.

Cybercrime

Cybercrime Banking Malware Hacking

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

’ The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Recently Kaspersky experts reported that Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA , to target entities worldwide.

Cyber Attacks

Cyber Attacks Manufacturing Hacking Advertising

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Researchers from FireEye’s Mandiant observed FIN11 hackers using spear-phishing messages distributing a malware downloader dubbed FRIENDSPEAK. The macros download and execute the FRIENDSPEAK code, which in turn downloads the MIXLABEL malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Malware Telecommunications Advertising

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The systems at the pharmaceutical company were targeted with the BookCode malware, while in the attack against a Ministry of Health the APT group used the wAgent malware.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Google removes 17 Joker -infected apps from the Play Store

Security Affairs

SEPTEMBER 27, 2020

Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. ” reads the post published by ZScaler. Pierluigi Paganini.

Malware

Malware Advertising Spyware Encryption

Evilnum group targets legal entities with a new Janicab variant

Security Affairs

DECEMBER 12, 2022

A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. The campaign took place in 2020 and 2021, but experts speculate it has been active since 2015. The malware can be used to execute commands on the infected system and deploy additional tools.

Malware

Malware Hacking Phishing Information Security

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Russian state-sponsored APT actors’ campaign against Ukrainian critical infrastructure, 2015 and 2016. .

Malware

Malware Cyber threats Government Hacking

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

” The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. Another older issue added to the catalog is CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware. Follow me on Twitter: @securityaffairs and Facebook.

IoT

IoT Accountability Authentication Hacking

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

OCTOBER 13, 2020

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw announced it was the victim of an “aggressive malware” attack, but the media immediately reported a ransomware infection later confirmed by the firm. Pierluigi Paganini.

Ransomware

Ransomware Advertising Malware Encryption

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Carbanak malware returned in ransomware attacks

Trending Sources

GravityRAT malware also targets Android and macOS

REMnux 7, a Linux toolkit for malware analysts released

Romanians arrested for running underground malware services

CDRThief Linux malware steals VoIP metadata from Linux softswitches

New MrbMiner malware infected thousands of MSSQL DBs

Is the Abaddon RAT the first malware using Discord as C&C?

Pre-Installed malware spotted on other Android phones sold in US

FBI and NSA joint report details APT28’s Linux malware Drovorub

North Korea-Linked APT Group Kimsuky spotted using new malware

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

FBI arrested a Russian national for recruiting employee of US firm to plant malware

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

EnemyBot malware adds new exploits to target CMS servers and Android devices

Purple Lambert, a new malware of CIA-linked Lambert APT group

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

A Google Drive weakness could allow attackers to serve malware

Enigma info-stealing malware targets the cryptocurrency industry

North Korea-linked Andariel APT used a new malware named EarlyRat last year

North Korea-linked APT group BeagleBoyz targets banks

Threat Report Portugal: Q2 2020

Visa shares details for two attacks on North American hospitality merchants

XCSSET Mac spyware spreads via Xcode Projects

Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

US Cyber Command details implants used in attacks on parliaments and embassies

Second-ever UEFI rootkit used in North Korea-themed attacks

REvil Ransomware member win the auction for KPot stealer source code

New Emotet attacks use a new template urging recipients to upgrade Microsoft Word

Toymaker giant Mattel disclosed a ransomware attack

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Doki, an undetectable Linux backdoor targets Docker Servers

France, Japan, and New Zealand warn of a surgein Emotet attacks

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Israel announced to have foiled an attempted cyber-attack on defence firms

FIN11 gang started deploying ransomware to monetize its operations

North Korea-linked Lazarus APT targets the COVID-19 research

Google removes 17 Joker -infected apps from the Play Store

Evilnum group targets legal entities with a new Janicab variant

Russia-linked threat actors targets critical infrastructure, US authorities warn

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Leading Law firm Seyfarth Shaw discloses ransomware attack

Stay Connected