Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Encryption 87

Encryption Security IT Information Security 87

Security Affairs

JUNE 21, 2023

Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a new strain of malware called Condi that was observed exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers. ” concludes the report.”Thus,

Sales 87

Sales Communications IT Security 87

Security Affairs

JUNE 16, 2023

The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet. The GravityRAT malware Access Trojan (RAT) is believed to be the work of Pakistani hacker groups, it was mainly employed in attacks aimed at Indian users.

Access 92

Access IT Security Information Security 92

Security Affairs

AUGUST 27, 2023

The leak of the source code of the LockBit 3.0 A similar difference in compilation time was identified in the malware’s template binaries (embedded and incomplete versions of the malware used to build the final version ready for distribution).” One a limited number of samples enable communication to C2.

Ransomware 95

Ransomware Communications Encryption Security 95

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. explained. “If

Encryption 138

Encryption Libraries Cloud Security 138

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” continues the report.

Encryption 134

Encryption Passwords Mining IT 134

Security Affairs

JUNE 13, 2022

The malware could target both Windows and Linux systems, in the recent attacks observed by security experts at Palo Alto Unit 42 team, the operators employed the open-source backdoor MicroBackdoor to maintain persistence on infected hosts. “The ransom note was modified between the observed samples.

Ransomware 84

Ransomware Security Cybersecurity IT 84

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. ” continues the report.

Authentication 97

Authentication Libraries Encryption Marketing 97

Security Affairs

JUNE 27, 2023

The investigation is still ongoing, the experts pointed out that the samples are still largely undetected The researchers analyzed a total of four samples that were uploaded to VirusTotal, with the earliest sample that was uploaded by an anonymous actor to the platform on April 18, 2023. The analysis of the sh.py

Access 88

Access Security IT Information Security 88

Security Affairs

OCTOBER 23, 2023

The HUNTER unit’s Dark Web sleuthing yielded findings that suggest otherwise, although the ultimate source of the leaks discussed in this report remains unclear. Concurrently, the actor shared spreadsheets containing four large leak samples with fragments of Aadhaar data as a proof.

Sales 120

Sales e-Discovery Data breaches Risk 120

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads.

Communications 142

Communications Encryption Security IT 142

Security Affairs

JANUARY 8, 2023

Experts warn of a new variant of the Dridex banking malware that is targeting systems using the macOS operating system. Trend Micro experts discovered a new variant of the Dridex banking malware that targets the MacOS platform and that used a new technique to deliver documents embedded with malicious macros. doc” command.

IT 95

IT Security Information Security 95

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Retail 88

Retail Access Education Security 88

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. In fact, EM emanation that is measured from the device is practically undetectable by the malware.

IoT 116

IoT Paper Cybersecurity Security 116

Security Affairs

JANUARY 31, 2024

Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities. “Based on my observations, all the samples download a Sliver (Golang) backdoor, though from different URLs.”

Authentication 90

Authentication Military Communications Security 90

Security Affairs

APRIL 26, 2023

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62) “Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. ” reads the analysis published by Unit 42.

Communications 95

Communications Military Government Libraries 95

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Mining 94

Mining Passwords Access Security 94

Security Affairs

DECEMBER 27, 2022

The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the RisePro info-stealing malware. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the information-stealing malware dubbed RisePro, Flashpoint warns. Source: Flashpoint).

Marketing 89

Marketing Libraries Cybersecurity IT 89

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Metadata 145

Metadata IT Access Security 145

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. There was a 10-fold increase in the number of samples of Mozi found in the wild, Mihai Maganu, a threat researcher at CrowdStrike, wrote in a blog post.

IoT 145

IoT Cybersecurity Communications Cloud 145

Security Affairs

JULY 11, 2022

Victims of the ransomware reported that the malware adds the .0mega Source [link]. A new article in my Digest #0mega #Ransomware [link] Extension: 0mega R/n: DECRYPT-FILES.txt Sample ransom note and exe-file not yet found. BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide.

Ransomware 103

Ransomware Encryption Security Information Security 103

Security Affairs

SEPTEMBER 3, 2022

The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer , which allows to secretly steal a copy of the data exfiltrated from the victims.

Sales 97

Sales Communications Marketing IT 97

Security Affairs

FEBRUARY 1, 2023

Lockbit ransomware operators have released a new version of their malware, LockBit Green, that also targets cloud-based services. Lockbit ransomware operators have implemented a new version of their malware, dubbed LockBit Green, which was designed to include cloud-based services among its targets. ” explained Cocomazzi.

Ransomware 81

Ransomware Cloud IT Security 81

Security Affairs

APRIL 3, 2022

“As part of our research, we have collected four driver samples — two pairs of 32-bit and 64-bit samples. “All four driver samples are digitally signed with stolen certificates from game development companies, either the US-based Frostburn Studios or the Korean 433CCR Company (433??? Pierluigi Paganini.

IT 84

IT Security Information Security 84

Security Affairs

MAY 2, 2022

Last week, the malware researcher Jakub Kroustek from AVAST, discovered a sample of a new REvil encryptor. The expert noticed that the sample does not encrypt files, it only adds a random extension to the victim’s files. Tweets by WhichbufferArda. To nominate, please visit:? Pierluigi Paganini.

Ransomware 86

Ransomware Encryption Cybersecurity Security 86

Security Affairs

JULY 5, 2022

AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. ” reported ReversingLabs.

Ransomware 104

Ransomware Risk Security Information Security 104

Security Affairs

MARCH 20, 2021

.” A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing). Source LeMagIT. Conservation started on March 14.” “Cyber ??

Ransomware 142

Ransomware Computer and Electronics Sales Encryption 142

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. Sources also confirm that both the State of California and the U.S. Irvine, Calif.-based

Ransomware 180

Ransomware IT Phishing Financial Services 180

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground.

Ransomware 133

Ransomware Encryption Archiving Security 133

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Passwords 135

Passwords Cybersecurity IT Security 135

Security Affairs

OCTOBER 10, 2021

ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. ” continues the report.

Libraries 86

Libraries Access Communications IT 86

Security Affairs

AUGUST 4, 2021

China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Experts found many similarities between the malware and the DropboxAES RAT that was first spotted by researchers at Secureworks and that was previously attributed to APT31.

Libraries 134

Libraries Security IT Cybersecurity 134

Security Affairs

JULY 1, 2023

In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. Public key is hardcoded in the ransomware binary and differs per sample.” The authors used Microsoft Linker version 14.35.

Ransomware 98

Ransomware Encryption Libraries Education 98

Security Affairs

NOVEMBER 13, 2021

The name Abcbot used to track the bot comes from the source path “abc-hello.” ” The presence of the “dga.go” string in Abcbot’s source path suggests that authors would implement DGA in subsequent versions. SecurityAffairs – hacking, Malware). Pierluigi Paganini.

Passwords 105

Passwords Cloud Security IT 105

Security Affairs

OCTOBER 30, 2020

Threat actors behind the Operation Earth Kitsune used SLUB (for SLack and githUB) malware and two new backdoors tracked as dneSpy and agfSpy to exfiltrate data from the infected systems and for taking over them. Experts discovered that the exploit was infecting the victim machine with three separate malware samples.

Communications 129

Communications Access IT Security 129

Security Affairs

MAY 8, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Security 83

Security IoT Ransomware Libraries 83

Security Affairs

APRIL 27, 2023

The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was leaked online in 2021. The gang’s affiliates must keep the RTM Locker malware builds private to prevent they can be analyzed. The group threatens to ban every affiliate who does leak samples.

Encryption 86

Encryption Ransomware Education Access 86