Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 132

Antivirus Malware DNS Cryptocurrency 132

Security Boulevard

JUNE 9, 2022

Active since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on.NET based malwares. The threat actor then leverages the AutoClose() function to drop the DNS backdoor onto the system. Lyceum.NET DNS backdoor.

DNS 98

DNS Malware Energy and Utilities Telecommunications 98

eSecurity Planet

DECEMBER 8, 2023

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. Everything You Need to Know.

DNS 115

DNS DDOS Firewall Architecture 115

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 131

Malware DNS Authentication Telecommunications 131

Malwarebytes

JUNE 1, 2022

That’s where DNS filtering comes in. But first, DNS in a nutshell. So normally, every time your customer types in your web address, their computer makes a request to a DNS server. The DNS server, in turn, tells the computer where to go. But which web-based cyberthreats in particular does DNS filtering stop, you ask?

DNS 104

DNS DDOS Phishing Spyware 104

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments.

Malware 144

Malware DNS Retail Education 144

Krebs on Security

FEBRUARY 9, 2021

Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users. Keep in mind that Windows 10 by default will automatically download and install updates on its own schedule.

DNS 333

DNS Backups Software Phishing 333

Security Boulevard

MAY 20, 2022

What Is DNS Spoofing and How Is It Prevented? What Is the DNS and DNS Server? . To fully understand DNS spoofing, it’s important to understand DNS and DNS servers. The DNS “domain name system” is then what translates the domain name into the right IP address. What Is DNS Spoofing? .

DNS 98

DNS Cyber Attacks Encryption Risk 98

Malwarebytes

JANUARY 16, 2025

The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the Peoples Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers.

Malware 116

Malware DNS Internet Internet 116

Security Affairs

JANUARY 14, 2021

Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. The attacks start with phishing messages that lead to the download of RAR archives hosted on OneDrive or MediaFire containing a malicious executable. ” continues the report.

Malware 140

Malware Surveillance Phishing Government 140

Security Boulevard

AUGUST 6, 2024

Threat Intelligence Report Date: August 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain.

DNS 69

DNS Malware Social Engineering Engineering 69

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. The victim downloads and opens the malicious app that installs FluBot.

Malware 126

Malware DNS Banking Hacking 126

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 98

Malware DNS Antivirus Encryption 98

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware and coin miners present on the infected machine. It also downloads hxxp://yxarsh.shop/1.jpg

Malware 111

Malware Cryptocurrency Advertising DNS 111

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords 145

Passwords DNS Malware Advertising 145

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software 125

Software Malware Banking Advertising 125

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware 109

Malware DNS Social Engineering Advertising 109

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 120

Malware DNS Cryptocurrency Internet 120

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware 111

Malware DNS Advertising Cryptocurrency 111

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware 135

Malware DNS Government Software 135

SecureList

JUNE 1, 2023

The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation. After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform. WIFI OUT: 0.0 - WWAN IN: 76281896.0, WWAN OUT: 100956502.0

Malware 145

Malware Backups Mobile DNS 145

Security Boulevard

APRIL 14, 2022

In April 2022, hackers targeted the customers of eight Malaysian banks by urging them to download malicious apps. The apps stole user credentials and forwarded the messages to the malware operators. The post What is DNS Spoofing and Cache Poisoning? The post What is DNS Spoofing and Cache Poisoning?

DNS 72

DNS Social Engineering Cybercrime Banking 72

Malwarebytes

JUNE 30, 2022

The vulnerability or chain of vulnerabilities allow the threat actor to download a binary, then execute it on the host. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. ZuoRAT looks like a heavily modified version of the Mirai malware. DNS hijacking.

Malware 111

Malware DNS Small Business Firmware 111

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS 122

DNS Malware Hacking Cybercrime 122

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

DECEMBER 18, 2020

At the moment, we identified approximately ~100 customers who downloaded the trojanized package containing the Sunburst backdoor. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes.

DNS 76

DNS Telecommunications Malware Encryption 76

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. It throws an exception and exits if any of those files are found.

Banking 110

Banking Malware Advertising DNS 110

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware 104

Malware Telecommunications DNS Hacking 104

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. The attack chain starts with a downloader module on a victim’s server in the form of a standalone executable format and a DLL. The DLL downloader is run by the Exchange IIS worker process w3wp.exe.

Ransomware 145

Ransomware Backups Encryption DNS 145

SecureList

JANUARY 22, 2024

We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. A downloader A completed “patching” kicked off the main payload, with the sample reaching out to its C2 for an encrypted script. org every 30 seconds and tried to download and execute the following script.

Software 142

Software Computers and Electronics DNS Malware 142

Malwarebytes

APRIL 9, 2024

Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer. Online ads from search engine result pages are increasingly being used to deliver malware to corporate users. Click here for more information about DNS filtering via our Nebula platform.

System Administration 119

System Administration DNS Engineering Social Engineering 119

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper leading to an infection chain of a wide variety of malware families. These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. Malware execution instructions.

Malware 141

Malware Cryptocurrency Passwords Software 141

Krebs on Security

AUGUST 30, 2019

On August 21, multiple United Rental customers reported receiving invoice emails with booby-trapped links that led to a malware download for anyone who clicked. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com).

Phishing 233

Phishing Marketing Accountability DNS 233

Security Affairs

FEBRUARY 3, 2023

The former is a VBScript used to download next-stage VBScript from a remote server. Upon opening the.LNK file, it uses the System Binary Proxy Execution technique through the execution of Windows-native binary (designed to execute Microsoft HTML Application (HTA) files (mshta.exe)) to download a file via the URL hxxps://secureurl[.]shop/09.01_otck/quicker[.]rtf.

Malware 98

Malware Spyware DNS Government 98

SecureList

MARCH 10, 2021

Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. In the latest campaign, we have seen several apps impersonated by the malware: the ad blockers AdShield and Netshield, as well as the OpenDNS service. Updater.exe downloads from the site transmissionbt[.]org Technical details.

DNS 145

DNS Antivirus Malware Encryption 145

Security Affairs

MARCH 16, 2021

Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.” “The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing.

Wireless 139

Wireless IoT DNS VPN 139