Information Management Today

ZLoader Malware adds Zeus’s anti-analysis feature

Security Affairs

MAY 3, 2024

Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan based on the leaked ZeuS source code. This feature prevents malware execution outside the infected machine, a feature that had been abandoned by many malware variants that borrow the Zeus leaked source code. X source code, but implemented differently.”

Data structuring

Data structuring Communications IT Information Security

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments. telemetry. . com” reads the report.

Retail

Retail Education Communications Government

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

Cisco reported that multiple threat actors are customizing the SapphireStealer information stealer after the leak of its source code. Cisco Talos researchers reported that multiple threat actors have created their own version of the SapphireStealer after that the source code of the stealer was released on GitHub.

Data collection

Data collection Archiving IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper.

Ransomware

Ransomware Encryption Libraries IT

New improved versions of LodaRAT spotted in the wild

Security Affairs

NOVEMBER 19, 2022

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta. LodaRAT is written in AutoIt, the researchers pointed out that it is easy to obtain its original source code from the compiled binaries by using an AutoIt decompiler. ” continues the report.

Encryption

Encryption Communications Access IT

New Linux Malware Surges, Surpassing Android

eSecurity Planet

AUGUST 2, 2022

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Linux malware growth has occurred even as Windows, Android and macOS have all seen a decline in new malware samples.

Encryption

Encryption Marketing IoT Ransomware

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts. BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Phishing

Phishing Sales Encryption Cybersecurity

FUD Malware obfuscation engine BatCloak continues to evolve

Security Affairs

JUNE 12, 2023

Researchers detailed a fully undetectable (FUD) malware obfuscation engine named BatCloak that is used by threat actors. Researchers from Trend Micro have analyzed the BatCloak, a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Encryption

Encryption Security IT Information Security

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

Libraries

Libraries Information Security Cybersecurity Security

New Condi DDoS botnet targets TP-Link Wi-Fi routers

Security Affairs

JUNE 21, 2023

Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a new strain of malware called Condi that was observed exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers. ” concludes the report.”Thus,

Sales

Sales Communications IT Security

Updated Android spyware GravityRAT steals WhatsApp Backups

Security Affairs

JUNE 16, 2023

The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for a GravityRAT sample via a tweet. The GravityRAT malware Access Trojan (RAT) is believed to be the work of Pakistani hacker groups, it was mainly employed in attacks aimed at Indian users.

Access

Access IT Security Information Security

Leaked LockBit 3.0 ransomware builder used by multiple threat actors

Security Affairs

AUGUST 27, 2023

The leak of the source code of the LockBit 3.0 A similar difference in compilation time was identified in the malware’s template binaries (embedded and incomplete versions of the malware used to build the final version ready for distribution).” One a limited number of samples enable communication to C2.

Ransomware

Ransomware Communications Encryption Security

HelloXD Ransomware operators install MicroBackdoor on target systems

Security Affairs

JUNE 13, 2022

The malware could target both Windows and Linux systems, in the recent attacks observed by security experts at Palo Alto Unit 42 team, the operators employed the open-source backdoor MicroBackdoor to maintain persistence on infected hosts. “The ransom note was modified between the observed samples.

Ransomware

Ransomware Security Cybersecurity IT

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” continues the report.

Encryption

Encryption Passwords Mining IT

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. In April 2021, more than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. explained. “If

Encryption

Encryption Libraries Cloud Security

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

The HUNTER unit’s Dark Web sleuthing yielded findings that suggest otherwise, although the ultimate source of the leaks discussed in this report remains unclear. Concurrently, the actor shared spreadsheets containing four large leak samples with fragments of Aadhaar data as a proof.

Sales

Sales e-Discovery Data breaches Risk

JOKERSPY used to target a cryptocurrency exchange in Japan

Security Affairs

JUNE 27, 2023

The investigation is still ongoing, the experts pointed out that the samples are still largely undetected The researchers analyzed a total of four samples that were uploaded to VirusTotal, with the earliest sample that was uploaded by an anonymous actor to the platform on April 18, 2023. The analysis of the sh.py

Access

Access Security IT Information Security

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. In fact, EM emanation that is measured from the device is practically undetectable by the malware.

IoT

IoT Paper Cybersecurity Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities. “Based on my observations, all the samples download a Sliver (Golang) backdoor, though from different URLs.”

Authentication

Authentication Military Communications Security

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Retail

Retail Access Education Security

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. ” continues the report.

Authentication

Authentication Libraries Encryption Marketing

Dridex targets MacOS users with a new delivery technique

Security Affairs

JANUARY 8, 2023

Experts warn of a new variant of the Dridex banking malware that is targeting systems using the macOS operating system. Trend Micro experts discovered a new variant of the Dridex banking malware that targets the MacOS platform and that used a new technique to deliver documents embedded with malicious macros. doc” command.

IT

IT Security Information Security

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads.

Communications

Communications Encryption Security IT

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62) “Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. ” reads the analysis published by Unit 42.

Communications

Communications Military Government Libraries

The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

Security Affairs

SEPTEMBER 3, 2022

The information-stealing malware Prynt Stealer contains a backdoor that allows stealing the data it has infiltrated from victims. Zscaler researchers discovered Telegram channel-based backdoor in the information stealing malware, Prynt Stealer , which allows to secretly steal a copy of the data exfiltrated from the victims.

Sales

Sales Communications Marketing IT

Uncovering the link between PrivateLoader PPI service and RisePro stealer

Security Affairs

DECEMBER 27, 2022

The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the RisePro info-stealing malware. The pay-per-install (PPI) malware downloader service PrivateLoader is being used to distribute the information-stealing malware dubbed RisePro, Flashpoint warns. Source: Flashpoint).

Marketing

Marketing Libraries Cybersecurity IT

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Mining

Mining Passwords Access Security

New LockBit Green ransomware variant borrows code from Conti ransomware

Security Affairs

FEBRUARY 1, 2023

Lockbit ransomware operators have released a new version of their malware, LockBit Green, that also targets cloud-based services. Lockbit ransomware operators have implemented a new version of their malware, dubbed LockBit Green, which was designed to include cloud-based services among its targets. ” explained Cocomazzi.

Ransomware

Ransomware Cloud IT Security

China-linked APT Deep Panda employs new Fire Chili Windows rootkit

Security Affairs

APRIL 3, 2022

“As part of our research, we have collected four driver samples — two pairs of 32-bit and 64-bit samples. “All four driver samples are digitally signed with stolen certificates from game development companies, either the US-based Frostburn Studios or the Korean 433CCR Company (433??? Pierluigi Paganini.

IT

IT Security Information Security

The mystery behind the samples of the new REvil ransomware operation

Security Affairs

MAY 2, 2022

Last week, the malware researcher Jakub Kroustek from AVAST, discovered a sample of a new REvil encryptor. The expert noticed that the sample does not encrypt files, it only adds a random extension to the victim’s files. Tweets by WhichbufferArda. To nominate, please visit:? Pierluigi Paganini.

Ransomware

Ransomware Encryption Cybersecurity Security

How You Can Start Learning Malware Analysis

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Metadata

Metadata IT Access Security

Experts warn of the new 0mega ransomware operation

Security Affairs

JULY 11, 2022

Victims of the ransomware reported that the malware adds the .0mega Source [link]. A new article in my Digest #0mega #Ransomware [link] Extension: 0mega R/n: DECRYPT-FILES.txt Sample ransom note and exe-file not yet found. BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide.

Ransomware

Ransomware Encryption Security Information Security

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. There was a 10-fold increase in the number of samples of Mozi found in the wild, Mihai Maganu, a threat researcher at CrowdStrike, wrote in a blog post.

IoT

IoT Cybersecurity Communications Cloud

Previously undetected FontOnLake Linux malware used in targeted attacks

Security Affairs

OCTOBER 10, 2021

ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. ” continues the report.

Libraries

Libraries Access Communications IT

AstraLocker ransomware operators shut down their operations

Security Affairs

JULY 5, 2022

AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. ” reported ReversingLabs.

Ransomware

Ransomware Risk Security Information Security

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

.” A REvil ransomware sample on malware analysis site Hatching Triage was discovered by TechTarget sister publication LeMagIT Friday, which contained a link to a REvil ransomware demand for $50 million in Monero (213,151 XMR as of publishing). Source LeMagIT. Conservation started on March 14.” “Cyber ??

Ransomware

Ransomware Computer and Electronics Sales Encryption

Victims of FonixCrypter ransomware could decrypt their files for free

Security Affairs

JANUARY 30, 2021

FonixCrypter ransomware operators shut down their operations, released the master decryption key for free, and deleted malware’s source code. The FonixCrypter gang also closed its Telegram channel that was used to advertise the malware in the cybercrime underground.

Ransomware

Ransomware Encryption Archiving Security

Crooks use weaponized coronavirus map to deliver malware

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Passwords

Passwords Cybersecurity IT Security

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

Synoptek , a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. Sources also confirm that both the State of California and the U.S. Irvine, Calif.-based

Ransomware

Ransomware IT Phishing Financial Services

New evolving Abcbot DDoS botnet targets Linux systems

Security Affairs

NOVEMBER 13, 2021

The name Abcbot used to track the bot comes from the source path “abc-hello.” ” The presence of the “dga.go” string in Abcbot’s source path suggests that authors would implement DGA in subsequent versions. SecurityAffairs – hacking, Malware). Pierluigi Paganini.

Passwords

Passwords Cloud Security IT

China-linked APT31 targets Russia for the first time

Security Affairs

AUGUST 4, 2021

China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Experts found many similarities between the malware and the DropboxAES RAT that was first spotted by researchers at Secureworks and that was previously attributed to APT31.

Libraries

Libraries Security IT Cybersecurity

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

The name Abcbot used to track the bot comes from the source path “abc-hello.”. “Our continued analysis on this malware family reveals a clear link with the Xanthe-based cryptojacking campaign discovered by Cisco’s Talos security research team in late 2020. ” reads the analysis published by Cado Security.

Mining

Mining Honeypots Cloud Security

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security IoT Ransomware Libraries

Operation Earth Kitsune: hackers target the Korean diaspora

Security Affairs

OCTOBER 30, 2020

Threat actors behind the Operation Earth Kitsune used SLUB (for SLack and githUB) malware and two new backdoors tracked as dneSpy and agfSpy to exfiltrate data from the infected systems and for taking over them. Experts discovered that the exploit was infecting the victim machine with three separate malware samples.

Communications

Communications Access IT Security

ZLoader Malware adds Zeus’s anti-analysis feature

New Agent Raccoon malware targets the Middle East, Africa and the US

Webinars

Trending Sources

Talos wars of customizations of the open-source info stealer SapphireStealer

Webinars

Ransomware Toolkit Cryptonite turning into an accidental wiper

New improved versions of LodaRAT spotted in the wild

New Linux Malware Surges, Surpassing Android

ScrubCrypt used to drop VenomRAT along with many malicious plugins

FUD Malware obfuscation engine BatCloak continues to evolve

Threat actors target the infoSec community with fake PoC exploits

New Condi DDoS botnet targets TP-Link Wi-Fi routers

Updated Android spyware GravityRAT steals WhatsApp Backups

Leaked LockBit 3.0 ransomware builder used by multiple threat actors

HelloXD Ransomware operators install MicroBackdoor on target systems

Ezuri memory loader used in Linux and Windows malware

New enhanced Joker Malware samples appear in the threat landscape

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

JOKERSPY used to target a cryptocurrency exchange in Japan

Researchers used electromagnetic signals to classify malware infecting IoT devices

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

New Lobshot hVNC malware spreads via Google ads

YTStealer info-stealing malware targets YouTube content creators

Dridex targets MacOS users with a new delivery technique

Raindrop, a fourth malware employed in SolarWinds attacks

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

Uncovering the link between PrivateLoader PPI service and RisePro stealer

New shc Linux Malware used to deploy CoinMiner

New LockBit Green ransomware variant borrows code from Conti ransomware

China-linked APT Deep Panda employs new Fire Chili Windows rootkit

The mystery behind the samples of the new REvil ransomware operation

How You Can Start Learning Malware Analysis

Experts warn of the new 0mega ransomware operation

Attacks Escalating Against Linux-Based IoT Devices

Previously undetected FontOnLake Linux malware used in targeted attacks

AstraLocker ransomware operators shut down their operations

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Victims of FonixCrypter ransomware could decrypt their files for free

Crooks use weaponized coronavirus map to deliver malware

Ransomware at IT Services Provider Synoptek

New evolving Abcbot DDoS botnet targets Linux systems

China-linked APT31 targets Russia for the first time

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs newsletter Round 364 by Pierluigi Paganini

Operation Earth Kitsune: hackers target the Korean diaspora

Stay Connected