Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. The archive contained an executable named feedbackAPI.exe.

Malware 144

Malware Cryptocurrency Encryption Hacking 144

The Hacker News

AUGUST 30, 2024

Cybersecurity researchers have disclosed a new campaign that potentially targets users in the Middle East through malware that disguises itself as Palo Alto Networks GlobalProtect virtual private network (VPN) tool.

VPN 126

VPN Malware Encryption Cybersecurity 126

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. million malware, adware, and riskware attacks on mobile devices. Last month, we wrote a total of four private crimeware reports on Android malware, three of which are summarized below. In 2023 , our technologies blocked 33.8 and sends it to the C2.

Malware 131

Malware Mobile Firmware Spyware 131

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 140

Malware Cryptocurrency Encryption Software 140

The Hacker News

MAY 19, 2023

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat.

Malware 136

Malware Encryption 136

CyberSecurity Insiders

JANUARY 24, 2023

The next time when you search for a software download on the Google search engine, be cautious, as the software might also bring in new trouble as malware or might strictly act as a source to malware spread that can steal data and encrypt all the information on the web.

Advertising 137

Advertising Malware Engineering Software 137

Google Security

JULY 24, 2024

Posted by Jasika Bawa, Lily Chen, and Daniel Rubery, Chrome Security Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads. In fact, files sent for deep scanning are over 50x more likely to be flagged as malware than downloads in the aggregate.

Passwords 88

Passwords Encryption Malware Antivirus 88

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 145

Encryption Ransomware Backups VPN 145

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /. CLOP’s victim shaming blog on the deep web.

Ransomware 338

Ransomware Cybercrime Malware Encryption 338

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. “While tracking the recent waves of Ivanti exploitation, we identified a number of activities leading to the download and deployment of an ELF file which turned out to be a Linux version of NerbianRAT.

Malware 139

Malware VPN Encryption Hacking 139

Security Affairs

SEPTEMBER 5, 2024

The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning. The malware supports advanced encryption and obfuscation techniques to complicate malware analysis and hide its operations.

Malware 128

Malware Telecommunications Encryption Hacking 128

SecureList

APRIL 18, 2022

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Geography of the Yanluowang attacks, December 4th, 2021 – April 8th, 2022 ( download ). The encryption code for big files. Yanluowang description.

Encryption 140

Encryption Ransomware Backups VPN 140

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it.

Malware 140

Malware Telecommunications Encryption DDOS 140

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 136

Engineering Malware Cryptocurrency Encryption 136

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 138

Antivirus Malware DNS Cryptocurrency 138

Security Affairs

JULY 21, 2022

Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework , which targets Linux systems. The malicious code has a modular structure and is able to install rootkits.

Malware 134

Malware Encryption Passwords Hacking 134

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. We’ve archived the leak and made it available for download on GitHub.”

Malware 145

Malware Cryptocurrency Encryption Passwords 145

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 144

Phishing Malware Computers and Electronics Internet 144

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The malware employed in the multi-faceted campaign shared the same C2 infrastructure, suggesting attackers coordinated efforts to maximize the impact of the attacks.

Malware 132

Malware Banking Software Advertising 132

eSecurity Planet

OCTOBER 24, 2023

Malware attacks pose a significant risk to both individuals and businesses, infiltrating computer systems, compromising sensitive data and disrupting operations, leading to financial and data loss — and even extortion. Here are 15 important controls and best practices for preventing malware.

Malware 117

Malware Antivirus Software Passwords 117

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality. The dropper masquerades as the McAfee Security app.

Malware 141

Malware Banking Engineering Encryption 141

Malwarebytes

AUGUST 3, 2022

Before initialization, the malware effectively suppresses all error reporting by calling SetErrorMode with 0x8007 as parameter. As we will see later, that malware uses multiple threads and so it allocates a global object and assigns a mutex to it to make sure no two clashing operations can take place at the same time. main function.

Malware 141

Malware Encryption Antivirus Architecture 141

SecureList

JUNE 1, 2023

The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation. After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform. WIFI OUT: 0.0 - WWAN IN: 76281896.0, WWAN OUT: 100956502.0

Malware 145

Malware Backups Mobile DNS 145

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 134

Malware Encryption Telecommunications Authentication 134

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware. Please download and read the attached encrypted document carefully.

Phishing 279

Phishing Antivirus Scams Malware 279

SecureList

MARCH 31, 2022

This malware is a full-featured backdoor containing sufficient capabilities to control the compromised victim. The malware operator exclusively used compromised web servers located in South Korea for this attack. Then, the spawned malware overwrites the legitimate application with the Trojanized application. Backdoor creation.

Malware 138

Malware Encryption Cryptocurrency Architecture 138

SecureList

MAY 4, 2022

Dropper modules also patch Windows native API functions, related to event tracing (ETW) and anti-malware scan interface (AMSI), to make the infection process stealthier. Keeps Cobalt Strike module encoded several times, and AES256 CBC encrypted blob. Besides event logs there are numerous other techniques in the actor’s toolset.

Malware 145

Malware Encryption Architecture Technology 145

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. We have seen news of ChatGPT leaking user’s information and law enforcement asking for backdoors in encryption routines. This is changing.

Malware 115

Malware Passwords Identity Theft Banking 115

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. The attackers use the web shell to download and run the primary Cerber payload. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user.

Ransomware 145

Ransomware Encryption Malware Accountability 145

Krebs on Security

OCTOBER 8, 2020

Each day, millions of malware-laced emails are blasted out containing booby-trapped attachments. From there, the infected system will report home to a malware control server operated by the spammers who sent the missive. ” WHO IS DR. SAMUIL? Have a Coke and a Molotov cocktail. Image: twitter.com/multivpn.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

Security Affairs

NOVEMBER 11, 2024

Fortinet researchers discovered a new phishing campaign spreading a variant of the commercial malware Remcos RAT. Since 2017, threat actors leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the DRIDEX banking Trojan.

Phishing 136

Phishing Malware Banking Encryption 136

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. The malware also drops a ransom note that requests the payment of the ransom in Bitcoin. 94/zambo/groenhuyzen.exe. .

Ransomware 145

Ransomware Encryption Engineering Malware 145

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware 134

Malware DNS Government Software 134

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 123

Passwords Malware Encryption Cryptocurrency 123

Security Affairs

DECEMBER 1, 2023

Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”). Troj.Undef”). The binary also lacks of obfuscation.

Ransomware 144

Ransomware Encryption Malware Cybercrime 144

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking 357

Hacking Cybercrime DNS Antivirus 357

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. Cuba ransomware has been actively distributed through the Hancitor malware , a commodity malware that partnered with ransomware gangs to help them gain initial access to target networks. ” states the alert.

Ransomware 145

Ransomware Hacking Malware Encryption 145