Security Affairs

JANUARY 1, 2024

Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake. The researchers discovered that the malware targets Chrome’s token_service table of WebData to extract tokens and account IDs of chrome profiles logged in.

Malware 145

Malware Penetration Testing Passwords Encryption 145

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 132

Malware Ransomware Encryption Phishing 132

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. The archive contained an executable named feedbackAPI.exe.

Malware 144

Malware Cryptocurrency Encryption Hacking 144

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 211

Malware VPN Internet Internet 211

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption 144

Encryption Internet Internet Firewall 144

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 322

Malware Software Technology Accountability 322

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 141

Malware Encryption Antivirus Architecture 141

Security Affairs

SEPTEMBER 5, 2024

The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning. The malware supports advanced encryption and obfuscation techniques to complicate malware analysis and hide its operations.

Malware 128

Malware Telecommunications Encryption Hacking 128

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. 4 Run a Linux command in a separate thread.

Malware 139

Malware VPN Encryption Hacking 139

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. ” concludes the report. ” concludes the report.

Malware 136

Malware Cryptocurrency Advertising Architecture 136

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it.

Malware 140

Malware Telecommunications Encryption DDOS 140

Krebs on Security

OCTOBER 28, 2020

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met. In some cases, this allows the intruders to profit even if their malware somehow fails to do its job.

Hacking 361

Hacking Ransomware Banking Accountability 361

Security Affairs

APRIL 1, 2024

Experts believe that the malware has already infected thousands of devices. The dropper masquerades as the McAfee Security app. The dropper deploys the new version of Vultur banking malware through 3 payloads, where the final 2 Vultur payloads effectively work together by invoking each other’s functionality.

Malware 141

Malware Banking Engineering Encryption 141

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

Security Affairs

SEPTEMBER 19, 2023

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group.

Malware 134

Malware Encryption Telecommunications Authentication 134

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 138

Antivirus Malware DNS Cryptocurrency 138

Security Affairs

JANUARY 12, 2022

Experts warn of a new variant of the RedLine malware that is distributed via emails as fake COVID-19 Omicron stat counter app as a lure. The malicious code can also act as a first-stage malware. Upon executing the Omicron Stats.exe, it unpacks resources encrypted with triple DES using ciphermode ECB and padding mode PKCS7.

Malware 145

Malware Manufacturing Cryptocurrency Cybercrime 145

Security Affairs

MAY 20, 2024

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute malware. The campaign shows how attackers exploit trusted internet services to carry out cyberattacks that steal personal information. This tactic allows them to avoid detection.

Malware 132

Malware Banking Software Advertising 132

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 144

Phishing Malware Computers and Electronics Internet 144

Security Affairs

NOVEMBER 5, 2023

North Korea-linked Lazarus group is using new KandyKorn macOS Malware in attacks against blockchain engineers. North Korea-linked Lazarus APT group were spotted using new KandyKorn macOS malware in attacks against blockchain engineers, reported Elastic Security Labs. Stage 1 (Dropper) – testSpeed.py

Engineering 136

Engineering Malware Cryptocurrency Encryption 136

Security Affairs

JULY 21, 2022

Researchers discovered a previously undetected malware dubbed ‘Lightning Framework’ that targets Linux systems. Researchers from Intezer discovered a previously undetected malware, tracked as Lightning Framework , which targets Linux systems. The malicious code has a modular structure and is able to install rootkits.

Malware 134

Malware Encryption Passwords Hacking 134

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. Chalubo (ChaCha-Lua-bot) is a Linux malware that was first spotted in late August 2018 by Sophos Labs while targeting IoT devices.

Malware 133

Malware Internet Internet Firmware 133

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware 145

Malware Cryptocurrency Encryption Passwords 145

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

The Last Watchdog

MARCH 17, 2021

Brent Waters, a rock star computer scientist at the University of Texas, enthusiastically accepted a distinguished scientist post to continue his award-winning studies on a couple of breakthrough areas of cryptography: attribute-based encryption and functional encryption. More about these paradigm shifters below. Treasury, the U.S.

Digital transformation 222

Digital transformation Encryption Technology Mobile 222

Security Affairs

SEPTEMBER 2, 2024

Truesec researchers dissected a variant that targets VMware ESXi systems, which appears to be a version of the same malware for Windows. ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. The ransomware uses a function called encrypt_file to handle file encryption.

Ransomware 141

Ransomware Encryption Malware Cybercrime 141

Security Affairs

DECEMBER 1, 2023

Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat. In some cases, the anti-virus solution flagged the binary as Windows malware (“Win32.Troj.Undef”). Troj.Undef”). The binary also lacks of obfuscation.

Ransomware 144

Ransomware Encryption Malware Cybercrime 144

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 140

Ransomware Encryption Insurance Malware 140

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware 131

Ransomware Encryption Passwords Backups 131

Security Affairs

APRIL 17, 2024

The malware includes three heavily obfuscated C++ payloads compiled as 64-bit Executable and Linkable Format (ELF) files and packed with UPX. As such, the data the ransomware is able to encrypt is limited to files owned by the confluence user. ” continues the report. 112 to download and unpack further payloads.

Ransomware 145

Ransomware Encryption Malware Accountability 145

Security Affairs

DECEMBER 22, 2022

The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Ransomware 145

Ransomware Encryption Malware Education 145

Security Affairs

MARCH 3, 2024

.” The sample binary analyzed by the experts is compiled for x86, the authors removed debugging information and symbol tables to hinder analysis. The recent sample of Linux variants of BIFROSE employes RC4 encryption to encrypt the collected victim data. com by using the public DNS resolver at 168.95[.]1.1.

DNS 143

DNS Malware Encryption Hacking 143

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. SecurityAffairs – hacking, malware).

Ransomware 144

Ransomware Encryption Healthcare Education 144

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware 143

Ransomware Encryption Backups Manufacturing 143

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware 143

Ransomware Encryption Antivirus VPN 143

Security Affairs

AUGUST 7, 2024

The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malware employs various evasion techniques, including using the Russian cloud service Yandex Disk for C2 communications, avoiding dedicated infrastructure to remain undetected. .”

Spyware 144

Spyware Malware Encryption Data collection 144

Security Affairs

DECEMBER 6, 2022

Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper. The sample analyzed by the expert masquerades as a software update, it shows a progress bar that represents the progress of encryption.

Ransomware 144

Ransomware Encryption Malware Architecture 144