Malware and Security Intelligence - Cyber Security Informer

Anubis, a new info-stealing malware spreads in the wild

Security Affairs

AUGUST 27, 2020

Microsoft warned of a recently uncovered piece of malware, tracked as Anubis that was designed to steal information from infected systems. This week, Microsoft warned of a recently uncovered piece of malware, tracked as Anubis, that was distributed in the wild to steal information from infected systems. Pierluigi Paganini.

Malware

Malware Advertising Cryptocurrency Cybercrime

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

The Hacker News

SEPTEMBER 17, 2021

Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence

Malware

Malware Security Intelligence Phishing

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

The Hacker News

FEBRUARY 20, 2025

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.

Malware

Malware Security Intelligence

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

The Hacker News

FEBRUARY 24, 2025

The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop

Software

Software Malware Security Intelligence Cybersecurity

Hackers Exploit Google Ads to Spread Malware Disguised as Popular Software

Penetration Testing

MARCH 31, 2024

A new report released by AhnLab Security Intelligence Center (ASEC) uncovers a disturbing tactic hackers are using to spread malware: they’re leveraging Google Ads tracking features to redirect unsuspecting users to malicious websites.

Penetration Testing

Penetration Testing Software Malware Security Intelligence

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. Crooks are attempting to take advantage of COVID-19 pandemic spreading malware via pirate streaming services and movie piracy sites during the COVID-19 outbreak, Microsoft warns. Pierluigi Paganini.

Malware

Malware Security Intelligence Adware Social Engineering

Trickbot is the most prolific malware operation using COVID-19 themed lures

Security Affairs

APRIL 18, 2020

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals. Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19 themed lures. This means we’re seeing a changing of lures, not a surge in attacks.”

Malware

Malware Advertising Security Intelligence Phishing

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

The Hacker News

MAY 21, 2021

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The Hacker News

FEBRUARY 6, 2025

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).

Malware

Malware Phishing Security Intelligence Hacking

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. ” reported Akamai.

Malware

Malware DDOS Internet Internet

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Pierluigi Paganini. SecurityAffairs – COVID-19, malspam).

Small Business

Small Business Malware Manufacturing Security Intelligence

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Recently, researchers from AhnLab Security Intelligence Center (ASEC) observed North Koreas Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. Malware in Encrypted Traffic. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

The Hacker News

JULY 2, 2024

The AhnLab Security Intelligence Center (ASEC), which identified the attack in May 2024, did not attribute it to a known threat actor or group, but noted that the tactics overlap with that of Andariel, a sub-cluster within the

Hacking

Hacking Malware Security Intelligence

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Security Affairs

MARCH 10, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. reported Akamai.

DDOS

DDOS Security Intelligence Malware Hacking

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

Hot for Security

MAY 21, 2021

Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft. It turns out that some malware only impersonates a ransomware attack, leaving the files untouched but scaring people with the possibility of a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The Hacker News

JUNE 3, 2024

Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report

Manufacturing

Manufacturing Education Malware Security Intelligence

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604)

Penetration Testing

DECEMBER 8, 2024

The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun deploying Mauri ransomware in their attacks....

Ransomware

Ransomware Security Intelligence Cybersecurity Malware

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

JPHP Interpreter Used to Distribute Downloader Malware

Penetration Testing

MARCH 19, 2025

AhnLab Security intelligence Center (ASEC) has recently uncovered a malware campaign utilizing the JPHP interpreter to distribute downloader The post JPHP Interpreter Used to Distribute Downloader Malware appeared first on Cybersecurity News.

Malware

Malware Security Intelligence Cybersecurity

Attackers Exploit Construction Site Trust, Deliver TrollAgent Malware

Penetration Testing

FEBRUARY 22, 2024

Security experts at the AhnLab Security Intelligence Center (ASEC) have recently uncovered a malware distribution campaign targeting a Korean construction-related association website.

Malware

Malware Penetration Testing Security Intelligence Software

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

The Hacker News

NOVEMBER 13, 2022

A newly discovered evasive malware leverages the Secure Shell (SSH) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks.

DDOS

DDOS Malware Cryptocurrency Security Intelligence

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS

DNS Penetration Testing Malware Hacking

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

The Hacker News

JUNE 30, 2022

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

Malware

Malware Security Intelligence

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Malware

Malware Phishing Security Intelligence Hacking

WogRAT Backdoor: The Stealthy Malware Lurking in Online Notepads

Penetration Testing

MARCH 4, 2024

A newly discovered backdoor malware dubbed ‘WogRAT’ is raising alarms for both Windows and Linux users.

Penetration Testing

Penetration Testing Malware Security Intelligence

LummaC2 Infostealer Malware Spreads via Crack Programs and Phishing

Penetration Testing

JANUARY 13, 2025

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have unveiled a sophisticated distribution tactic for the LummaC2 malware. The post LummaC2 Infostealer Malware Spreads via Crack Programs and Phishing appeared first on Cybersecurity News.

Phishing

Phishing Malware Security Intelligence Cybersecurity

LummaC2 Malware Masquerading as Total Commander Crack to Infect Windows Users

Penetration Testing

FEBRUARY 22, 2025

A recent investigation by the AhnLab Security Intelligence Center (ASEC) has uncovered a malvertising campaign that distributes LummaC2 The post LummaC2 Malware Masquerading as Total Commander Crack to Infect Windows Users appeared first on Cybersecurity News.

Malware

Malware Security Intelligence Cybersecurity Engineering

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

VMware and Microsoft are warning of a widespread Chromeloader malware campaign that distributes several malware families. The malware is able to redirect the user’s traffic and hijacking user search queries to popular search engines, including Google, Yahoo, and Bing. SecurityAffairs – hacking, malware).

Malware

Malware Adware Ransomware Security Intelligence

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. We therefore named this malware Purple Lambert.”

Malware

Malware Hacking Government Telecommunications

Stealthy Crypto-Mining Malware Hijacking PCs via USB Drives

Penetration Testing

FEBRUARY 12, 2025

A new report from AhnLab Security Intelligence Center (ASEC) reveals a concerning trend: the distribution of cryptocurrency-mining malware The post Stealthy Crypto-Mining Malware Hijacking PCs via USB Drives appeared first on Cybersecurity News.

Malware

Malware Cryptocurrency Security Intelligence Cybersecurity

Russian hackers use PowerShell USB malware to drop backdoors

Bleeping Computer

JUNE 15, 2023

The Russian state-sponsored hacking group Gamaredon (aka Armageddon, or Shuckworm) continues to target critical organizations in Ukraine's military and security intelligence sectors, employing a refreshed toolset and new infection tactics. [.]

Malware

Malware Security Intelligence Hacking

InnoLoader Malware Evades Detection Posing as Cracked Software

Penetration Testing

JUNE 29, 2024

The AhnLab Security Intelligence Center (ASEC) has issued a warning about a new breed of malware that disguises itself as cracked software and legitimate tools. This malware, dubbed “InnoLoader,” is far from ordinary.

Software

Software Malware Security Intelligence Cybersecurity

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5)

Ransomware

Ransomware Malware Encryption Security Intelligence

Malware authors join forces and target organisations with Domino Backdoor

Malwarebytes

APRIL 18, 2023

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members.

Malware

Malware Banking Ransomware Passwords

ACRStealer Malware Exploits Google Docs as Command-and-Control Infrastructure

Penetration Testing

FEBRUARY 20, 2025

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have identified a new surge in ACRStealer, a stealthy infostealer The post ACRStealer Malware Exploits Google Docs as Command-and-Control Infrastructure appeared first on Cybersecurity News.

Malware

Malware Security Intelligence Cybersecurity

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance

Surveillance Malware Authentication Accountability

Online Ed is the New Corporate Threat Vector

Security Boulevard

APRIL 19, 2021

In the last 30 days, education was the most targeted sector, receiving more than 60% of all malware encounters, or more than 5 million incidents, according to Microsoft Security Intelligence. The post Online Ed is the New Corporate Threat Vector appeared first on Security Boulevard. Department of.

Education

Education Security Intelligence Government Malware

ModiLoader Malware Leveraging CAB Header Batch Files to Evade Detection

Penetration Testing

JANUARY 21, 2025

The AhnLab Security Intelligence Center (ASEC) warns a novel malware distribution tactic involving the use of Microsoft Windows The post ModiLoader Malware Leveraging CAB Header Batch Files to Evade Detection appeared first on Cybersecurity News.

Malware

Malware Security Intelligence Cybersecurity

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Attacks showing up in commodity malware like those used by the threat actor CHIMBORAZO indicate broader exploitation in the near term.” states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat. jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns. Today was only about a dozen replychain and nothing else.

Malware

Malware Passwords Advertising Ransomware

Organizations in aerospace and travel sectors under attack, Microsoft warns

Security Affairs

MAY 13, 2021

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. com or similar sites.

Security Intelligence

Security Intelligence Phishing Malware Hacking

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. The sites appear as a clone of Google Drive web pages used to serve the SolarMaker malware. pic.twitter.com/cBeTfteyGl — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. ” state Microsoft. Pierluigi Paganini.

Antivirus

Antivirus Security Intelligence Malware Insurance

Anubis, a new info-stealing malware spreads in the wild

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

Trending Sources

Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

Hackers Exploit Google Ads to Spread Malware Disguised as Popular Software

Crooks spread malware via pirated movies during COVID-19 outbreak

Trickbot is the most prolific malware operation using COVID-19 themed lures

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

North Korea-linked APT Emerald Sleet is using a new tactic

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware

Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604)

Microsoft warns TA505 changed tactic in an ongoing malware campaign

JPHP Interpreter Used to Distribute Downloader Malware

Attackers Exploit Construction Site Trust, Deliver TrollAgent Malware

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

French Firms Rocked by Kasbah Hacker?

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

WogRAT Backdoor: The Stealthy Malware Lurking in Online Notepads

LummaC2 Infostealer Malware Spreads via Crack Programs and Phishing

LummaC2 Malware Masquerading as Total Commander Crack to Infect Windows Users

IT giants warn of ongoing Chromeloader malware campaigns

Purple Lambert, a new malware of CIA-linked Lambert APT group

Stealthy Crypto-Mining Malware Hijacking PCs via USB Drives

Russian hackers use PowerShell USB malware to drop backdoors

InnoLoader Malware Evades Detection Posing as Cracked Software

STRRAT RAT spreads masquerading as ransomware

Malware authors join forces and target organisations with Domino Backdoor

ACRStealer Malware Exploits Google Docs as Command-and-Control Infrastructure

European firm DSIRF behind the attacks with Subzero surveillance malware

Online Ed is the New Corporate Threat Vector

ModiLoader Malware Leveraging CAB Header Batch Files to Evade Detection

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Organizations in aerospace and travel sectors under attack, Microsoft warns

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Stay Connected