Schneier on Security

FEBRUARY 7, 2023

Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently. The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader.

Malware 262

Malware Phishing Cybercrime 262

Troy Hunt

AUGUST 29, 2023

Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure.

Malware 325

Malware Passwords Password Management Antivirus 325

The Hacker News

OCTOBER 8, 2024

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads.

Engineering 141

Engineering Malware 141

Schneier on Security

MARCH 8, 2023

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.” ” Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. This is impressive stuff.

Malware 266

Malware Firmware Software Hacking 266

Tech Republic Security

JANUARY 18, 2023

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 202

Malware Cybersecurity 202

Schneier on Security

DECEMBER 6, 2024

The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise.

Spyware 335

Spyware Mobile Malware 335

Tech Republic Security

NOVEMBER 8, 2023

A new malware is bypassing an Android 13 security measure that restricts permissions to apps downloaded out of the legitimate Google Play Store.

Malware 198

Malware Phishing Software Mobile 198

The Hacker News

AUGUST 23, 2024

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said.

Malware 140

Malware Cybersecurity 140

Schneier on Security

JUNE 9, 2023

The code within the exploit downloads several subsequent stages from the C&C server, that include additional exploits for privilege escalation. After successful exploitation, a final payload is downloaded from the C&C server, that is a fully-featured APT platform.

Malware 249

Malware Backups Mobile 249

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. ru , which for many years was a place to download pirated e-books. WHO RUNS CRYPTOR[.]BIZ?

Malware 251

Malware Antivirus Cybercrime Hacking 251

Krebs on Security

SEPTEMBER 19, 2024

Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. This malware attack pretends to be a CAPTCHA intended to separate humans from bots.

Phishing 320

Phishing Scams Malware Passwords 320

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 283

Malware Cybercrime Software Accountability 283

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. 252 do serve actual software downloads, but none of them are likely to be malicious if one visits the sites through direct navigation.

Software 301

Software Advertising Malware Accountability 301

Penetration Testing

NOVEMBER 12, 2024

In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications, primarily... The post Researcher Finds Trojanized Apps with 2 Million Downloads on Google Play appeared first on Cybersecurity News.

Cybersecurity 138

Cybersecurity Malware 138

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 322

Malware Software Technology Accountability 322

Security Affairs

JULY 22, 2024

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. SocGholish attack chain involves a malicious JavaScript file that downloads further stages. top, with BOINC accessed directly by IP.

Malware 143

Malware Cryptocurrency Hacking Software 143

Schneier on Security

APRIL 30, 2021

Apple just patched a MacOS vulnerability that bypassed malware checks. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Apple mistakenly assumed that applications will always have certain specific attributes. Are you sure you want to open it?”

Internet 315

Internet Internet Malware 315

The Hacker News

DECEMBER 2, 2024

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.

Social Engineering 143

Social Engineering Malware Mobile Engineering 143

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 139

Malware Cybercrime Software Phishing 139

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. ” concludes the report.

Malware 144

Malware Cryptocurrency Encryption Hacking 144

The Hacker News

JUNE 18, 2024

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

Cryptocurrency 140

Cryptocurrency Malware Cybersecurity 140

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 140

Phishing Malware 140

Security Affairs

SEPTEMBER 13, 2024

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.

Malware 132

Malware Internet Internet Ransomware 132

Adam Levin

FEBRUARY 8, 2021

An Android app with over 10 million installations spread malware to its users in a recent update. A December 2020 update infected users with a Trojan-style malware that bombards users with unwanted advertising. Barcode Scanner is an app available in the Google Play store for Android devices.

Mobile 303

Mobile Advertising Malware Risk 303

Security Affairs

MAY 26, 2024

The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. “Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware.”

Malware 142

Malware Banking Accountability Phishing 142

The Hacker News

JULY 21, 2024

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC.

Malware 142

Malware 142

Malwarebytes

OCTOBER 31, 2024

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. The FakeCall malware abuses this trust by hijacking the user’s call to a financial institution.

Banking 145

Banking Malware Phishing Risk 145

The Hacker News

JUNE 20, 2024

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts.

Malware 138

Malware 138

Penetration Testing

SEPTEMBER 8, 2024

A new and sophisticated malware campaign has been detected by eSentire’s Threat Response Unit (TRU), leveraging DLL side-loading to distribute the LummaC2 stealer and a malicious Chrome extension.

Malware 113

Malware Cybersecurity 113

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Malware 127

Malware Social Engineering Software Mobile 127

SecureList

DECEMBER 17, 2024

The attackers would then send what appeared to be the photo itself but was actually a malware installer. In reality, this was malware with no parcel-tracking functionality whatsoever. The link directed users to a phishing site offering to download Mamont for Android ( 12936056e8895e6a662731c798b27333 ).

Scams 72

Scams Malware Social Engineering Banking 72

The Hacker News

MAY 10, 2024

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms.

Malware 143

Malware Cryptocurrency Cyber Attacks 143

The Hacker News

APRIL 8, 2024

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023.

Malware 144

Malware Phishing 144

Krebs on Security

SEPTEMBER 13, 2023

Info-stealers like RedLine typically are deployed via opportunistic email malware campaigns, and by secretly bundling the trojans with cracked versions of popular software titles made available online. Also, unless you really know what you’re doing, please don’t download and install pirated software.

Cybercrime 323

Cybercrime Passwords Authentication Malware 323

Security Affairs

AUGUST 25, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 127

Malware Social Engineering Ransomware Cybercrime 127

Schneier on Security

SEPTEMBER 14, 2023

An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. Google removed fake Signal and Telegram apps from its Play store. org, a dedicated website mimicking the official Signal.org.

Malware 335

Malware Accountability Hacking Spyware 335

The Hacker News

OCTOBER 28, 2024

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview.

Malware 136

Malware 136