Security Affairs

APRIL 16, 2024

Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the Apple iOS spyware LightSpy Blackberry researchers discovered a renewed cyber espionage campaign targeting South Asia with an Apple iOS spyware called LightSpy. ” reads the report published by BlackBerry.

Spyware 132

Spyware Mobile Malware Encryption 132

Security Affairs

MARCH 27, 2021

Researchers spotted a sophisticated Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls. Experts from security firm Zimperium have spotted a new sophisticated Android spyware that masquerades itself as a System Update application. ” concludes the report.

Spyware 117

Spyware Malware Surveillance Mobile 117

SecureList

JUNE 21, 2023

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest of the chain and obtaining the final spyware payload. running on iOS 15.3.1

Spyware 145

Spyware Encryption Passwords Backups 145

SecureList

FEBRUARY 5, 2025

The infected apps in Google Play had been downloaded more than 242,000 times. When initialized, it downloads a JSON configuration file from a GitLab URL embedded in the malware body. It encrypts data with AES-256 in CBC mode before sending and decrypts server responses with AES-128 in CBC mode.

Malware 141

Malware Encryption Mobile Cryptocurrency 141

Security Affairs

JUNE 15, 2020

The Earth Empusa threat group is distributing new Android spyware, dubbed ActionSpy, through watering hole attacks to targets Turkic minority group. Attackers injected the malicious code to deploy the spyware in websites, some of them were actually fake. The server, in turn, may send some commands to the compromised device.

Spyware 105

Spyware Advertising Encryption Phishing 105

Security Affairs

SEPTEMBER 8, 2019

Security experts at Google have removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” ” Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” ” states the analysis. The C&C URL 6.

Spyware 111

Spyware Advertising Malware Cryptocurrency 111

Security Affairs

JULY 18, 2019

The researchers attribute the spyware to the Russia-linked and Gamaredon Group. EvilGnome allows attackers to take screenshots, steal files, capture audio recordings from the microphone, and download and execute other payloads. die3” to encrypt or decrypt data to and from the C&C. Pierluigi Paganini.

Spyware 109

Spyware Malware Advertising Cyber Attacks 109

Security Affairs

MARCH 11, 2019

In July, the experts discovered a new sophisticated version of the AZORult Spyware that was involved in a large email campaign on July 18. ” One of the variants analyzed by BleepingComputer encrypts data and appends the.promorad extension to encrypted files, then it creates ransom notes named _readme.txt as shown below. .

Encryption 109

Encryption Ransomware Cryptocurrency Passwords 109

Security Affairs

APRIL 16, 2019

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. The rootkit injects a downloader into a svchost.exe process. The data sent to the C2 is encrypted with AES. Pierluigi Paganini.

Spyware 102

Spyware Adware Malware Accountability 102

Security Affairs

SEPTEMBER 27, 2020

Experts from Amnesty International uncovered a surveillance campaign that targeted Egyptian civil society organizations with a new version of FinSpy spyware. “While continuing research into this group’s activity, we discovered it has distributed samples of FinSpy for Microsoft Windows through a fake Adobe Flash Player download website.

Spyware 144

Spyware Surveillance Advertising Mobile 144

Malwarebytes

APRIL 11, 2024

Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. Pegasus is one of the world’s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices. Use a password manager.

Spyware 129

Spyware Government Mobile Password Management 129

SecureList

NOVEMBER 28, 2024

Except for the first-stage loader and the PipeShell plugin, all plugins are downloaded from the C2 and then loaded into memory, leaving no trace on disk. However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform.

Malware 117

Malware Government Software Spyware 117

Security Affairs

SEPTEMBER 10, 2023

Researchers from Kaspersky discovered several Telegram mods on the Google Play Store that contained spyware, the campaign was tracked as Evil Telegram. One of the apps was downloaded more than ten million times before it was removed from Google Play. The app sends this temporary file to the command server at certain intervals.”

Spyware 137

Spyware Advertising Encryption Hacking 137

Security Affairs

AUGUST 30, 2018

The BusyGasper Android spyware has been active since May 2016, it implements unusual features for this type of malware. “The sample has a multicomponent structure and can download a payload or updates from its C&C server, which happens to be an FTP server belonging to the free Russian web hosting service Ucoz.”

Spyware 72

Spyware Malware Advertising Banking 72

Security Affairs

SEPTEMBER 27, 2020

The spyware is able to steal SMS messages, contact lists and device information along with to sign victims up for premium service subscriptions. ” According to the experts the 17 different samples were uploaded to Google Play in September 2020 and they had a total of 120,000 downloads.

Malware 145

Malware Advertising Spyware Encryption 145

Security Affairs

MARCH 8, 2020

Experts uncovered a new Coronavirus (COVID-19 ) -themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. ’ The executable employed in this campaign is a strain of the GuLoader malware downloader. The malware can also execute commands from a command and control (C2) server.

Malware 145

Malware Scams Social Engineering Phishing 145

SecureList

OCTOBER 4, 2022

While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. As the Tor Browser website is blocked in China, individuals from this country often resort to downloading Tor from third-party websites. Download page of the malicious Tor Browser installer.

Encryption 145

Encryption Spyware Malware Software 145

Security Affairs

JULY 16, 2021

The spyware is able to steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. dex file as before.

Malware 145

Malware Mobile Spyware Encryption 145

eSecurity Planet

FEBRUARY 16, 2021

Adware, also known as malvertising , is a type of malware that downloads or displays advertisements to the user interface. Users sometimes unknowingly infect themselves with adware installed by default when they download and install other applications. Additional features of botnets include spam, ad and click fraud, and spyware.

Malware 105

Malware Adware Spyware Antivirus 105

IT Security Guru

APRIL 26, 2021

Whether it’s through downloading a rogue attachment or playing a game from an unprotected website, computer viruses are common. Spyware – Without realising it, gamers could be targeted through spyware schemes, especially if they are dealing with an untrustworthy online gaming operation.

Cybersecurity 131

Cybersecurity Spyware VPN Passwords 131

Security Affairs

SEPTEMBER 24, 2023

In 2016, researchers from the non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried out by the Stealth Falcon. The remaining components are encrypted and stored within a binary registry value.” The researchers noticed code similarities with Deadglyph.

Malware 142

Malware Spyware Architecture Encryption 142

SecureList

JUNE 7, 2021

In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into downloading the malware. The main body is a modular framework, containing registration, spyware, VMX detection and other modules. download main body from C&C. Main body download. –test.

Malware 144

Malware Encryption Internet Internet 144

SecureList

SEPTEMBER 8, 2023

The collected information is then encrypted and cached into a temporary file named tgsync.s3. Encryption of exfiltrated data The app’s malicious functionality does not end at stealing messages. We reported the threat to Google but, as of the time of writing, some of the apps are still available for downloading.

Encryption 144

Encryption Spyware Accountability Malware 144

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Backups 145

Backups Ransomware Malware Firewall 145

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 98

Spyware Hacking Malware Social Engineering 98

SecureList

SEPTEMBER 26, 2022

These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. The whole infection chain of NullMixer is as follows: The user visits a website to download cracked software, keygens or activators.

Malware 143

Malware Cryptocurrency Passwords Software 143

Security Affairs

AUGUST 21, 2022

In the past, the Donot Team spyware was found in attacks outside of South Asia. The investigation also discovered links between the spyware and infrastructure used in these attacks, and Innefu Labs, a cybersecurity company based in India. ” continues the report. ” continues the report. ” the researchers concluded.

Malware 100

Malware Spyware Phishing Government 100

Malwarebytes

AUGUST 26, 2021

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. We saw the FORCEDENTRY exploit successfully deployed against iOS versions 14.4

Spyware 106

Spyware Surveillance Social Engineering Government 106

Security Affairs

JUNE 18, 2020

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years. The attack chain begins with the deployment of a TCP downloader that fetches the next stage payload.

DNS 122

DNS Advertising Spyware Software 122

Security Boulevard

DECEMBER 30, 2021

For example, the same or similar custom encryption schemes are used by these malware families. As a spyware, it gathers classified information from infected systems without the consent of the user and sends gathered information to remote threat actors. Krachulka Banking Malware.DLL File Download Variant-1.

Banking 111

Banking Malware Spyware Phishing 111

SecureList

SEPTEMBER 3, 2024

In June, the FBI announced that it had obtained over 7,000 decryption keys for files encrypted by Lockbit ransomware attacks. Number of new ransomware modifications, Q2 2023 – Q2 2024 ( download ) Number of users attacked by ransomware Trojans In Q2 2024, Kaspersky solutions protected 85,819 unique users from ransomware Trojans.

Mobile 114

Mobile Antivirus Adware Ransomware 114

Security Affairs

JUNE 22, 2023

Kaspersky researchers dug into Operation Triangulation and discovered more details about the exploit chain employed to deliver the spyware to iOS devices. Kaspersky initially reported that the exploit used in the attack downloads multiple subsequent stages from the C2 server, including additional exploits for privilege escalation.

Spyware 98

Spyware Malware Mobile Encryption 98

The Last Watchdog

FEBRUARY 28, 2021

It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms. Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). Don’t worry though.

Cyber threats 113

Cyber threats Computers and Electronics Adware Spyware 113

Security Affairs

APRIL 28, 2020

Experts also discovered malicious apps on the APK download site APKpure. . Kaspersky experts found a similar sample on Google Play, it implements high levels of encryption, furthermore, the malicious code was able to download and execute additional malicious payloads that would be suitable to the specific device environment (i.e

Malware 141

Malware Advertising Marketing Hacking 141

SecureList

MARCH 20, 2024

Instead, it is a full-fledged spyware application that collects SMS messages, keystrokes, etc. Encrypted C2 address in a chat invitation Tambir supports more then 30 commands that it can retrieve from the C2. Tambir Tambir is an Android backdoor that targets users in Turkey. Collects system information (e.g. IMSI, system language, etc.)

Malware 129

Malware Mobile Firmware Spyware 129

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 98

Spyware Data breaches VPN Hacking 98

CyberSecurity Insiders

JANUARY 31, 2021

It is not unusual to have your system or network infected with malware, such as spyware, that often lingers secretly with no apparent symptoms. Malware can be categorized based on how it behaves (adware, spyware and ransomware), and how it propagates from one victim to another (viruses, worms and trojans). Don’t worry though.

Malware 107

Malware Computers and Electronics Adware Spyware 107