2019, Information Security and Malware - Cyber Security Informer

Sunspot, the third malware involved in the SolarWinds supply chain attack

Security Affairs

JANUARY 12, 2021

Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot , directly involved in the SolarWinds supply chain attack. According to a new report published by the cybersecurity firm Crowdstrike, a third malware, dubbed SUNSPOT, was involved in the recently disclose SolarWinds supply chain attack.

Malware

Malware Software Hacking Cybersecurity

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. Pierluigi Paganini.

Banking

Banking Malware Manufacturing Business Services

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware

Malware DNS Firewall Software

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

Two Romanians arrested for running three malware services. Two Romanians have been arrested for running two malware crypter services called CyberSeal and DataProtector, and the CyberScan malware testing service. DataProtector was launched in 2015, while CyberScan was launched in 2019. ” continues the press release.

Malware

Malware Antivirus Cybercrime Software

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions. ” states a post published by the experts. explained. “If

Malware

Malware Mobile Spyware Encryption

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook.

Accountability

Accountability Malware Phishing Social Engineering

Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. The developers behind the Shlayer malware have successfully managed to get their malicious payloads approved by Apple through its automated notarizing process in order to run on macOS.

Malware

Malware Software Engineering Hacking

AbstractEmu, a new Android malware with rooting capabilities

Security Affairs

OCTOBER 28, 2021

AbstractEmu is a new Android malware that can root infected devices to take complete control and evade detection with different tricks. Security researchers at the Lookout Threat Labs have discovered a new Android malware, dubbed AbstractEmu , with rooting capabilities that is distributed on Google Play and prominent third-party stores (i.e.

Malware

Malware Cybercrime Mobile Banking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. The experts noticed that the threat actors have rewritten many functions of the malware to run on Linux systems. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.

Malware

Malware Encryption Telecommunications Authentication

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes.

Malware

Malware Encryption Antivirus Passwords

Joker malware infected 538,000 Huawei Android devices

Security Affairs

APRIL 11, 2021

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. ” reads the post published by Dr. Web.

Malware

Malware Spyware Mobile Antivirus

Costaricto APT: Cyber mercenaries use previously undocumented malware

Security Affairs

NOVEMBER 12, 2020

CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with undocumented malware. “The campaign, dubbed CostaRicto by BlackBerry, appears to be operated by “hackers-for-hire”, a group of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunnelling capabilities.”

Malware

Malware Phishing VPN Marketing

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The NLBrute malware allows operators to compromise protected computers by decrypting login credentials. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET has been aware of the existence of modules since the end of 2019 when its experts first spotted the “basic” components of the malware. SecurityAffairs – hacking, PoS malware).

Malware

Malware Architecture Passwords Software

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

Ukrainian national Vyacheslav Igorevich Penchukov has pleaded guilty to his key roles in the Zeus and IcedID malware operations. Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. Since May 2019, Penchukov had a prominent role in the Zeus operation.

Malware

Malware Cybercrime Banking Hacking

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT. US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. appeared first on Security Affairs.

Malware

Malware Firmware Architecture Firewall

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware

Malware DNS Government Software

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

The alert remarks that Russian nation-state actors have demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing custom malware. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Malware

Malware Cyber threats Government Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. Denis Kloster, as posted to his Vkontakte page in 2019. Kloster’s blog enthused. “We

Cybercrime

Cybercrime Advertising IoT Malware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May 2019, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

Spyware

Spyware Surveillance Architecture Software

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” LFI CVE-2018-16763 Fuel CMS 1.4.1 ” concludes the report.

Malware

Malware DDOS IoT Cybercrime

WildPressure APT expands operations targeting the macOS platform

Security Affairs

JULY 7, 2021

WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems.

Malware

Malware VPN Architecture Hacking

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Security Affairs

SEPTEMBER 17, 2021

Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen’s Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Pierluigi Paganini.

Malware

Malware Hacking Information Security

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Security Affairs

FEBRUARY 23, 2022

The code of the recently-emerged Entropy ransomware has similarities with the one of the infamous Dridex malware. The recently-emerged Entropy ransomware has code similarities with the popular Dridex malware. In 2019, the U.S. The post Sophos linked Entropy ransomware to Dridex malware. Pierluigi Paganini.

Ransomware

Ransomware Malware Cybercrime Banking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand. “Thanks to you, we are now developing in the field of information security and anonymity!,” info , allproxy[.]info It shows that in Oct.

Advertising

Advertising Cybercrime System Administration Hacking

The alleged author of NLBrute Malware was extradited to US from Georgia

Security Affairs

FEBRUARY 23, 2023

Dariy Pankov, a Russian VXer behind the NLBrute malware, has been extradited to the United States from Georgia. The Russian national Dariy Pankov, aka dpxaker, is suspected to be the author of the NLBrute malware. The malware allows operators of compromising protected computers by decrypting login credentials.

Malware

Malware Marketing Passwords Hacking

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

Threat Report Portugal Q4 2020: Data related to Phishing and malware attacks based on the Portuguese Abuse Open Feed 0xSI_f33d. The submissions were classified as either phishing or malware. Phishing and Malware Q4 2020. A new piece of malware was also tracked and analyzed during Q3 and active in Q4 – trojan URSA/mispadu.

Threat Reports

Threat Reports Phishing Malware Banking

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

MAY 7, 2021

The NCSC, NSA, CISA, and CSE have previously issued a joint report regarding the group’s campaigns aimed at organizations involved in COVID-19 vaccine development throughout 2020 using WellMess and WellMail malware. The news joint repost, speculate the SVR has reacted to the report by changing their TTPs. ” states the report.

Cybersecurity

Cybersecurity Hacking Government Malware

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

JUNE 7, 2024

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

Malware

Malware Cyber threats Cyber Attacks Software

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The BSI urges operators running vulnerable instances to install available security updates and configure them securely. ” reads the alert published by the BSI.

Information Security

Information Security Internet Internet Healthcare

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Krebs on Security

SEPTEMBER 24, 2022

At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” ” A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.

Cybercrime

Cybercrime Data breaches Malware Ransomware

Chip maker Advantech hit by Conti ransomware gang

Security Affairs

NOVEMBER 28, 2020

billion in 2019. The operators also announced that the stolen data will be permanently removed from its servers and it will provide security tips on how to secure the network to prevent future infections. Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7

Ransomware

Ransomware Encryption IoT Malware

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane. “Initially the malware sets up an attacker controlled DNS server by acquiring the IP Address of the domain name “cyberclub[.]one” “The dropped binary is a .NET

DNS

DNS Telecommunications Malware Phishing

Operation Triangulation: previously undetected malware targets iOS devices

Security Affairs

JUNE 1, 2023

According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing. “The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data” reads the analysis published by Kaspersky. .”

Malware

Malware Backups Mobile Hacking

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. NSO’s witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.” ” reads a court filing.

Spyware

Spyware Surveillance Malware Hacking

China-linked APT group uses new Macma macOS backdoor version

Security Affairs

JULY 24, 2024

The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. “ The APT group was spotted using the malware families in attacks against Taiwanese organizations and a U.S.

Malware

Malware DNS Hacking Information Security

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware. The two individuals are charged with selling and supporting the Warzone RAT and other malware. ” concludes DoJ.

Malware

Malware Hacking Cybercrime Advertising

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Security Affairs

NOVEMBER 10, 2020

BleepingComputer has seen a non-public security advisory issued by Microsoft that is warning its customers of malware campaigns using fake Microsoft Teams updates. Threat actors also distributed other malware, like the Bladabindi ( NJRat ) backdoor and ZLoader info-stealer, and of course Cobalt Strike.

Ransomware

Ransomware Malware Engineering Passwords

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attackers deleting activity logs. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019. Pierluigi Paganini.

Banking

Banking Cyber Attacks Accountability Media

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The backdoor unpacking process is composed of several stages, the second-stage malicious code is stored inside the malware PE file.

Telecommunications

Telecommunications Manufacturing Malware Education

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.” Source LeMagIT.

Ransomware

Ransomware Hacking Computers and Electronics Malware

Toymaker giant Mattel disclosed a ransomware attack

Security Affairs

NOVEMBER 4, 2020

The good news that the company excluded the theft of internal information. billion in revenue for 2019. The company filed a 10-Q form with the Securities and Exchange Commission (SEC), Mattel disclosed that it suffered a ransomware attack on July 28th, 2020. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Ransomware

Ransomware Advertising Retail Malware

Sunspot, the third malware involved in the SolarWinds supply chain attack

TinyNuke banking malware targets French organizations

Trending Sources

Chinese StormBamboo APT compromised ISP to deliver malware

Romanians arrested for running underground malware services

New enhanced Joker Malware samples appear in the threat landscape

YouTube creators’ accounts hijacked with cookie-stealing malware

Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature

AbstractEmu, a new Android malware with rooting capabilities

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Ezuri memory loader used in Linux and Windows malware

Joker malware infected 538,000 Huawei Android devices

Costaricto APT: Cyber mercenaries use previously undocumented malware

Dariy Pankov, the NLBrute malware author, pleads guilty

BRATA Android Malware evolves and targets the UK, Spain, and Italy

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

US and UK link new Cyclops Blink malware to Russian state hackers?

Tomiris called, they want their Turla malware back

Russia-linked threat actors targets critical infrastructure, US authorities warn

Administrator of RSOCKS Proxy Botnet Pleads Guilty

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

EnemyBot malware adds new exploits to target CMS servers and Android devices

WildPressure APT expands operations targeting the macOS platform

A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp?

Meet the Administrators of the RSOCKS Proxy Botnet

The alleged author of NLBrute Malware was extradited to US from Georgia

Threat Report Portugal: Q4 2020

Russia-linked APT29 group changes TTPs following April advisories

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Chip maker Advantech hit by Conti ransomware gang

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Operation Triangulation: previously undetected malware targets iOS devices

NSO Group used WhatsApp exploits even after Meta-owned company sued it

China-linked APT group uses new Macma macOS backdoor version

US Feds arrested two men involved in the Warzone RAT operation

Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike

Mitsubishi Electric Corp. was hit by a new cyberattack

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Toymaker giant Mattel disclosed a ransomware attack

Stay Connected