Antivirus, Hacking and Information Security

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. SecurityAffairs – Mitsubishi Electric, hacking).

Antivirus

Antivirus Hacking Advertising Media

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” Keeping devices updated and using reliable antivirus software also helps prevent malware-related data theft.

Financial Services

Financial Services Passwords Accountability Antivirus

Experts warn of flaws in popular Antivirus solutions

Security Affairs

OCTOBER 5, 2020

Researchers disclosed details of security flaws in popular antivirus software that could allow threat actors to increase privileges. Antivirus solutions that are supposed to protect the systems from infection may unintentionally allow malware in escalating privileges on the system. . SecurityAffairs – hacking, antivirus).

Antivirus

Antivirus Malware Advertising Software

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. SecurityAffairs – hacking, BSI).

Antivirus

Antivirus Software Manufacturing Information Security

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Security Affairs

APRIL 2, 2025

Delivered via phishing and hosted on compromised SharePoint sites, it remains undetected by most antivirus solutions, posing a serious security risk. Despite its mild obfuscation, it remains fully undetected (FUD) by most antivirus solutions. ” concludes the report.

Antivirus

Antivirus Cybercrime Malware Encryption

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware

Malware Scams Identity Theft Antivirus

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Banshee Stealer)

Malware

Malware Advertising Antivirus Cybercrime

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

The DarkWatchman malware can evade detection by standard antivirus software. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Malware

Malware Phishing Telecommunications Retail

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Security Affairs

FEBRUARY 13, 2025

Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK — SteamDB (@SteamDB) February 12, 2025 The game PirateFi was released as beta, but multiple antivirus flagged it as “Trojan.Win32.Lazzzy.gen.” Lazzzy.gen.” SteamDB estimates that over 800 users may have downloaded the game.

Malware

Malware Antivirus Accountability Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Chinese Android phone )

Malware

Malware Manufacturing Mobile Spyware

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware

Malware Cryptocurrency Mobile Firmware

On the Irish Health Services Executive Hack

Security Boulevard

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. The antivirus server was later encrypted in the attack).

Hacking

Hacking Antivirus CISO Ransomware

Memorial Hospital and Manor suffered a ransomware attack

Security Affairs

NOVEMBER 6, 2024

” The hospital identified the ransomware attack early Saturday after antivirus software installed on the employees’ PCs flagged potential risks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, hospital)

Ransomware

Ransomware Healthcare Antivirus Data breaches

Antivirus firm Dr.Web disconnected all servers following a cyberattack

Security Affairs

SEPTEMBER 19, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Doctor Web ) It’s unclear if the attackers have stolen data from the antimalware firm.

Antivirus

Antivirus Malware Hacking Information Security

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Security Affairs

FEBRUARY 4, 2025

It gathers system details, including antivirus information, encodes the data, and sends it to a remote server. “Consequently, it highlights the critical need for robust security measures for both individuals and institutions to safeguard against evolving cyber threats.”

Banking

Banking Malware Antivirus Cyber threats

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Security Affairs

MAY 5, 2022

Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.

Antivirus

Antivirus Hacking Software Cybersecurity

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Security Affairs

AUGUST 27, 2022

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. sys, for the Genshin Impact video game to disable antivirus software. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.”

Antivirus

Antivirus Ransomware Malware Cybercrime

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

The PowerShell code avoids antivirus detection by using Get-Command to execute the payload. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine) The report includes Indicators of Compromise(IoCs) for this threat along with Snort rules for its detection.

Phishing

Phishing Antivirus Encryption Hacking

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

Recommendations include timely patching, using strong and unique passwords, enabling multi-factor authentication, implementing security tools to detect abnormal activity, auditing accounts, scanning for open ports, segmenting networks, updating antivirus software, and creating offline backups.

Architecture

Architecture Internet Internet Malware

Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine

Security Affairs

FEBRUARY 17, 2023

Cisco addressed a critical vulnerability in the ClamAV open source antivirus engine that can lead to remote code execution on vulnerable devices. Cisco fixed a critical flaw, tracked as CVE-2023-20032 (CVSS score: 9.8), in the ClamAV open source antivirus engine.

Antivirus

Antivirus Engineering Malware Hacking

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

Security Affairs

MARCH 4, 2021

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. ” “Mandiant Threat Intelligence discovered a sample of the SUNSHUTTLE backdoor uploaded to an online multi-Antivirus scan service.” SecurityAffairs – hacking, SolarWinds).

Malware

Malware Hacking Antivirus Information Security

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Security Affairs

APRIL 21, 2025

The malware maintains a low detection rate among antivirus solutions due to its minimal permission model and narrow focus on NFC relay attacks. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Malware

Malware Social Engineering Banking Engineering

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Security Affairs

OCTOBER 16, 2022

The vulnerability is due to the method (cpio) in which Zimbra’s antivirus engine (Amavis) scans inbound emails. The experts pointed out that the vulnerability is due to the method ( cpio ) used by Zimbra’s antivirus engine ( Amavis ) to scan the inbound emails. SecurityAffairs – hacking, Zimbra). reported Rapid7.

Hacking

Hacking Antivirus Telecommunications Engineering

Avast disables the JavaScript engine component due to a severe issue

Security Affairs

MARCH 11, 2020

Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. Ormandy pointed out that the main Avast antivirus process, AvastSvc.exe, which, runs as SYSTEM. SecurityAffairs – hacking, Avast). Pierluigi Paganini.

Engineering

Engineering Antivirus Advertising Hacking

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Security Affairs

NOVEMBER 5, 2024

“An important question arising from this analysis is not just how to defend against threats like ToxicPanda but why contemporary antivirus solutions have struggled to detect a threat that is, in technical terms, relatively straightforward. Spain and Peru, at 3.9% and 3.4%, indicate a potential expansion into Latin America.

Banking

Banking Malware Accountability Authentication

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

Security Affairs

JULY 18, 2024

The seller described the solution as a post-exploitation framework with modules designed to infiltrate enterprise networks and evade antivirus programs, was claimed to have been developed over three years at a cost of $1 million. in cybercrime forum. Similar ads by users “killerAV” and “lefroggy” appeared on the RAMP and xss[.]is

Advertising

Advertising Cybercrime Hacking Ransomware

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs

JUNE 11, 2021

Shareholders are now demanding that the information security should be dealt with by the upper management and CEOs should be held accountable for the data security measures. Given all these points, this article will talk about five most important things any CEO should know regarding their organization’s data security.

Technology

Technology Hacking Cyber threats Software

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. This underscores once again that, while such tools may look enticing, they pose a serious threat to user data security.” in a temporary folder.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Microsoft Defender can now protect servers against ProxyLogon attacks

Security Affairs

MARCH 21, 2021

Microsoft announced that its Defender Antivirus and System Center Endpoint Protection now protects users against attacks exploiting Exchange Server vulnerabilities. “Today, we have taken an additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update. .

Antivirus

Antivirus Small Business Security Intelligence Hacking

Romanians arrested for running underground malware services

Security Affairs

NOVEMBER 22, 2020

“Two Romanian suspects have been arrested yesterday for allegedly running the CyberSeal and Dataprotector crypting services to evade antivirus software detection.” The pair also operated the Cyberscan service which allowed their clients to test their malware against antivirus tools. SecurityAffairs – hacking, cybercrime).

Malware

Malware Antivirus Cybercrime Software

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Fake AV websites used to distribute info-stealer malware

Security Affairs

MAY 25, 2024

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. The fake websites were masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes. exe.zip”) that was used to deploy the Lumma information stealer.

Malware

Malware Antivirus Cryptocurrency Hacking

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

“While the Windows system is in safe mode antivirus software doesn’t work. The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. “It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Antivirus

Antivirus Cryptocurrency Malware Software

Medusa Ransomware targeted over 40 organizations in 2025

Security Affairs

MARCH 7, 2025

Upon gaining initial access to the target, Medusa hackers use remote management and monitoring (RMM) tools like SimpleHelp and AnyDesk for maintaining persistence and employ BYOVD with KillAV to disable antivirus, a tactic seen in BlackCat and RansomHub ransomware operations.

Ransomware

Ransomware Antivirus Healthcare Encryption

ESET fixed high-severity local privilege escalation bug in Windows products

Security Affairs

FEBRUARY 18, 2024

Below is the list of impacted programs and versions: ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate 16.2.15.0 and earlier ESET Endpoint Antivirus for Windows and Endpoint Security for Windows 10.1.2058.0, 10.0.10017.0, 10.0.10017.0,

Antivirus

Antivirus Internet Internet Cybersecurity

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Security Affairs

SEPTEMBER 29, 2022

The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. The tool was specifically designed to avoid detection by security solutions such as endpoint detection and response (EDR) and antivirus (AV). SecurityAffairs – hacking, Brute Ratel).

Hacking

Hacking Cybercrime Ransomware Antivirus

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. SecurityAffairs – Fortinet, hacking). Pierluigi Paganini.

Encryption

Encryption Antivirus Advertising DNS

Hiding Malware inside a model of a neural network

Security Affairs

JULY 26, 2021

Tests conducted by the experts demonstrated how to embed 36.9MB of malware into a 178MB-AlexNet model within 1% accuracy loss, this means that the threat is completely transparent to antivirus engines. 58 antivirus engines were involved in the detection works, and no suspicious was detected. SecurityAffairs – hacking, neural network).

Malware

Malware Antivirus Artificial Intelligence Engineering

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Webinars

Trending Sources

Experts warn of flaws in popular Antivirus solutions

Webinars

The German BSI agency recommends replacing Kaspersky antivirus software

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

FBI warns of malicious free online document converters spreading malware

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Banshee macOS stealer supports new evasion mechanisms

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Valve removed the game PirateFi from the Steam video game platform because contained a malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

New Triada Trojan comes preinstalled on Android devices

On the Irish Health Services Executive Hack

Memorial Hospital and Manor suffered a ransomware attack

Antivirus firm Dr.Web disconnected all servers following a cyberattack

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Cactus ransomware gang claims the Schneider Electric hack

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Russia-linked Gamaredon targets Ukraine with Remcos RAT

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine

Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Avast disables the JavaScript engine component due to a severe issue

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Microsoft Defender can now protect servers against ProxyLogon attacks

Romanians arrested for running underground malware services

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Fake AV websites used to distribute info-stealer malware

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Medusa Ransomware targeted over 40 organizations in 2025

ESET fixed high-severity local privilege escalation bug in Windows products

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums

Some Fortinet products used hardcoded keys and weak encryption for communications

Hiding Malware inside a model of a neural network

Stay Connected