Security Affairs

OCTOBER 30, 2024

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number.

Banking 137

Banking Malware Accountability Phishing 137

Security Affairs

SEPTEMBER 22, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 132

Malware Healthcare IoT Cryptocurrency 132

Security Affairs

JULY 14, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 134

Malware Spyware Internet Internet 134

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 145

Malware DNS Firewall Software 145

Security Affairs

JULY 22, 2024

Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates ) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client).

Malware 143

Malware Cryptocurrency Hacking Software 143

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware 130

Malware Risk Architecture Cryptocurrency 130

Security Affairs

AUGUST 25, 2024

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. Sedexp uses udev rules to maintain persistence. ” concludes the report.

Malware 144

Malware Hacking Ransomware Cybercrime 144

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. Aqua Nautilus researchers shed light on a Linux malware, dubbed perfctl malware, that over the past 3-4 years targeted misconfigured Linux servers. ” reads the report.

Malware 140

Malware Cryptocurrency Encryption Software 140

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

Malware 230

Malware Manufacturing IoT Software 230

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Malware 127

Malware Social Engineering Software Mobile 127

Security Affairs

JULY 14, 2024

A Dark Gate malware campaign from March-April 2024 demonstrates how attackers exploit legitimate tools and services to distribute malware. Palo Alto Networks Unit 42 researchers shared details about a DarkGate malware campaign from March-April 2024. The malware is considered a sophisticated threat and is continuously improved.

Malware 139

Malware Cybercrime Software Phishing 139

Security Affairs

SEPTEMBER 24, 2024

HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.

Artificial Intelligence 139

Artificial Intelligence Phishing Malware Encryption 139

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 125

Malware Architecture Cryptocurrency Cyber Attacks 125

Security Affairs

AUGUST 23, 2024

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. ” reads the report published by Cado Security.

Malware 136

Malware Passwords Cryptocurrency Software 136

Security Affairs

AUGUST 18, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 136

Malware Social Engineering Ransomware Government 136

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 127

Malware Spyware Banking Ransomware 127

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 131

Malware Ransomware Encryption Phishing 131

Schneier on Security

SEPTEMBER 2, 2022

Government officials in the country of just over 600,000 people said certain government services remained temporarily disabled for security reasons and that the data of citizens and businesses were not endangered. Polovic said some retail tax collection was affected.

Retail 288

Retail Government Ransomware Information Security 288

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub. Image: Mandiant.

Malware 322

Malware Software Technology Accountability 322

Security Affairs

SEPTEMBER 13, 2024

A new Linux malware called Hadooken targets Oracle WebLogic servers, it has been linked to several ransomware families. Aqua Security Nautilus researchers discovered a new Linux malware, called Hadooken, targeting Weblogic servers. Upon execution, the malware drops a Tsunami malware and deploys a cryptominer.

Malware 132

Malware Internet Internet Ransomware 132

Security Affairs

MAY 25, 2024

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. The sites hosting malware are avast-securedownload.com (Avast.apk), bitdefender-app.com (setup-win-x86-x64.exe.zip), exe.zip”) that was used to deploy the Lumma information stealer.

Malware 141

Malware Antivirus Cryptocurrency Hacking 141

Security Affairs

MAY 26, 2024

The government experts reported that the group carried out at least two massive campaigns since May 20, threat actors aimed at distributing SmokeLoader malware via email. “Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware.”

Malware 142

Malware Banking Accountability Phishing 142

Security Affairs

SEPTEMBER 8, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 122

Malware Insurance Ransomware Government 122

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing 140

Phishing Malware Accountability Hacking 140

Security Affairs

AUGUST 28, 2024

million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware organization. “The U.S.

Malware 136

Malware Computers and Electronics Cybercrime Internet 136

Security Affairs

AUGUST 16, 2024

Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. ” concludes the report. ” concludes the report.

Malware 135

Malware Cryptocurrency Advertising Architecture 135

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware.

Malware 135

Malware Spyware Phishing Cyber threats 135

Security Affairs

MAY 22, 2024

A threat actor is targeting organizations in Africa and the Middle East by exploiting Microsoft Exchange Server flaws to deliver malware. According to the researchers, the malware campaign targeting MS Exchange Server has been active since at least 2021. The keylogger was used to collect account credentials.

Malware 142

Malware Accountability Technology Internet 142

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android devices in 197 countries. million Android-based TV boxes belonging to users in 197 countries.

Malware 143

Malware Firmware Antivirus Manufacturing 143

Security Affairs

SEPTEMBER 5, 2024

The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning. The malware supports advanced encryption and obfuscation techniques to complicate malware analysis and hide its operations.

Malware 127

Malware Telecommunications Encryption Hacking 127

Security Affairs

NOVEMBER 19, 2024

Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST.

VPN 125

VPN Malware Spyware Passwords 125

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. ” Microsoft Threat Intelligence team identified two samples of the Tickler malware in compromised environments as recently as July 2024. The tenants were used as C2 servers for the malware.

Malware 135

Malware Social Engineering Education Government 135

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware 142

Malware DDOS Internet Internet 142

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages.

Malware 144

Malware Phishing Surveillance Internet 144

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. By” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, malware)

Malware 140

Malware Telecommunications Encryption DDOS 140

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

Security Affairs

JULY 2, 2024

Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to install previously unknown malware as root on vulnerable switches. Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches.

Malware 141

Malware Software Authentication Hacking 141