Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking 276

Hacking Accountability Government Social Engineering 276

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 80

Malware Cryptocurrency Engineering Encryption 80

Krebs on Security

FEBRUARY 28, 2024

But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. It didn’t dawn on Doug until days later that the missed meeting with Mr. Lee might have been a malware attack. MacOS computers include X-Protect , Apple’s built-in antivirus technology.

Malware 323

Malware Cryptocurrency Software Phishing 323

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.

Malware 336

Malware Identity Theft Cybercrime Accountability 336

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 299

Malware Cybercrime Software Accountability 299

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 89

Malware Cryptocurrency Software Hacking 89

SecureList

MARCH 10, 2025

We continued to monitor the group throughout the rest of the year, observing intense activity that included updates to SideWinder’s toolset and the creation of a massive new infrastructure to spread malware and control compromised systems. The documents used various themes to deceive victims into believing they are legitimate.

Energy and Utilities 119

Energy and Utilities Malware Government Phishing 119

Tech Republic Security

JANUARY 11, 2022

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

Accountability 218

Accountability Malware 218

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware 144

Malware Software Encryption Internet 144

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 72

Malware Adware Antivirus Marketing 72

Security Boulevard

FEBRUARY 2, 2025

Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. The post Hackers Hijack JFK File Release: Malware & Phishing Surge appeared first on Security Boulevard.

Phishing 72

Phishing Malware Cyber threats 72

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Retail 253

Retail Advertising Cryptocurrency Marketing 253

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics 108

Computers and Electronics Telecommunications Malware Surveillance 108

Schneier on Security

FEBRUARY 28, 2020

It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous. Google says that 63 percent of the malicious documents it blocks each day are different than the ones its systems flagged the day before.

Phishing 358

Phishing Malware 358

The Hacker News

JANUARY 28, 2025

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.

Cyber Attacks 114

Cyber Attacks Malware 114

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Image: spur.us. as a media sharing device on a local network that was somehow exposed to the Internet.

Malware 290

Malware Passwords Accountability Advertising 290

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering 116

Social Engineering Malware Cryptocurrency Engineering 116

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. These sealed documents will not be uploaded to CM/ECF.

Computers and Electronics 363

Computers and Electronics Software Engineering Accountability 363

Schneier on Security

JANUARY 28, 2021

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware.

Malware 256

Malware Phishing Ransomware Cybercrime 256

Schneier on Security

DECEMBER 6, 2022

The malware focuses on databases, archives, and user documents. The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions.exe,dll,lnk,sys or.msi, and ignores several system folders in the C:Windows directory.

Ransomware 291

Ransomware Government Malware 291

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 325

Malware Software Technology Accountability 325

Malwarebytes

JANUARY 22, 2025

The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. Make sure you are using an updated anti-malware solution that is capable of scanning inside archives, and you have that setting enabled.

Internet 141

Internet Internet Malware Risk 141

Schneier on Security

NOVEMBER 28, 2022

Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information. […]. ” The researchers received no explanation in the other case. […]. A few notes.

Antivirus 360

Antivirus Cryptocurrency Accountability Malware 360

Schneier on Security

SEPTEMBER 24, 2020

The hackers also have created malware disguised as Android applications, the reports said. It looks like the standard technique of getting the victim to open a document or application. Both are popular messaging tools in Iran.

Government 282

Government Hacking Mobile Encryption 282

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. ” wherein Shmakov acknowledged writing the malware as a freelance project.

Mobile 283

Mobile Malware Technology Government 283

The Hacker News

AUGUST 2, 2024

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery.

Malware 138

Malware Cybersecurity 138

Security Affairs

FEBRUARY 2, 2025

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). reads the court document.

Spyware 109

Spyware Hacking Surveillance Malware 109

Security Affairs

MAY 26, 2024

The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. “Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware.”

Malware 140

Malware Banking Accountability Phishing 140

Security Affairs

NOVEMBER 21, 2024

Stolen files allegedly include contracts, insurance, and financial documents. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Ransomhub claimed to have stolen 313 gigabytes of data from the Mexican government office. ” reported the Associated Press. Knight, also known as Cyclops 2.0,

Government 144

Government Hacking Ransomware Insurance 144

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. In particular, Avast and AVG solutions are of interest to the malware.

Malware 143

Malware Encryption Architecture Phishing 143

Malwarebytes

APRIL 3, 2025

Combined with other known phishing techniques, QR codes provide criminals with a potent tool for collecting usernames and passwords, distributing malware, and other malicious activities. Use anti-malware protection on your devices Your mobile devices are in need of protection just as much as your computer. Disable features like these.

Phishing 139

Phishing Banking Mobile Accountability 139

The Hacker News

FEBRUARY 15, 2024

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS.

Banking 143

Banking Malware Mobile 143

The Hacker News

JULY 17, 2024

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The first campaign on June 24, 2024 used an Office document, while the second

Malware 133

Malware Government Cybersecurity 133

Krebs on Security

SEPTEMBER 17, 2020

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. APT41 was known to hide its malware inside fake resumes that were sent to targets. Image: FBI. APT41’s activities span from the mid-2000s to the present day.

Antivirus 363

Antivirus Hacking Software Government 363

Krebs on Security

APRIL 9, 2024

Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users. Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs.

DNS 299

DNS Social Engineering Malware Media 299

SecureList

APRIL 17, 2025

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny while the use of some malware families is reported for decades, information about others disappears after days, months or several years. io public file storage.

Malware 92

Malware Encryption Architecture Engineering 92