Tag: malware
-
Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign
Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems.”This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems,” French cybersecurity company Sekoia…
-
Israeli orgs targeted with wiper malware via ESET-branded emails
Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/18/israel-wiper-eset/
-
UAT-5647 Unleashes RomCom Malware in Attacks on Ukraine and Poland
In a sophisticated and persistent cyber campaign, the UAT-5647 threat actor group, known for its ties to Russian-speaking adversaries, has launched a series of targeted attacks against Ukrainian government and... First seen on securityonline.info Jump to article: securityonline.info/uat-5647-unleashes-romcom-malware-in-attacks-on-ukraine-and-poland/
-
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/
-
Attackers Hijack 360 Total Security to Deliver SSLoad
In a recent attack discovered by ANY.RUN researchers, cybercriminals exploited 360 Total Security antivirus software to distribute a Rust-based malware known as SSLoad. This was achieved through the use of... First seen on securityonline.info Jump to article: securityonline.info/attackers-hijack-360-total-security-to-deliver-ssload/
-
ChatGPT zum Schreiben von Malware missbraucht
OpenAI hat bestätigt, dass Cyberkriminelle den KI-Chatbot ChatGPT zum Schreiben und Verbessern von Malware missbraucht haben. Mehr als 20 derartige Operationen wurden bislang entdeckt und beendet. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/chatgpt-zum-schreiben-von-malware-missbraucht
-
Android PINs exfiltrated by newly emergent TrickMo malware variants
First seen on scworld.com Jump to article: www.scworld.com/brief/android-pins-exfiltrated-by-newly-emergent-trickmo-malware-variants
-
ATM cash theft aimed by new FASTCash malware for Linux
First seen on scworld.com Jump to article: www.scworld.com/brief/atm-cash-theft-aimed-by-new-fastcash-malware-for-linux
-
A new Linux variant of FASTCash malware targets financial systems
North Korea-linked actors deploy a new Linux variant of FASTCash malware to target financial systems, researcher HaxRob revealed. The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash >>payment switch
-
HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware
The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts. Once executed, these scripts decode and execute the malicious payload, as this new distribution method makes detection and prevention more challenging due…
-
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT.The activity, observed by Zscaler ThreatLabz in July 2024, involves a multi-stage process to deliver the RAT payload.”DarkVision RAT communicates with its command-and-control (C2) server using a custom network First…
-
Linux-Malware perfctl betrifft Millionen Geräte – Malware auf Linux tarnt sich und läuft oft lange unentdeckt
First seen on security-insider.de Jump to article: www.security-insider.de/-linux-malware-perfctl-bedroht-millionen-geraete-a-3794b3e5c2adb4548c074ac4452c40dd/
-
Per Fake-Lockscreen: Android-Malware greift PINs und Entsperrmuster ab
Danach können die Angreifer das Zielgerät bei Bedarf selber entsperren. Auch in Deutschland soll es viele Infektionen mit dem Banking-Trojaner geben. First seen on golem.de Jump to article: www.golem.de/news/per-fake-lockscreen-android-malware-greift-pins-und-entsperrmuster-ab-2410-189843.html
-
Per Fake-Lockscreen: Android-Malware greift PINs und Entsperrmuster ab
Danach können die Angreifer das Zielgerät bei Bedarf selber entsperren. Auch in Deutschland soll es viele Infektionen mit dem Banking-Trojaner geben. First seen on golem.de Jump to article: www.golem.de/news/per-fake-lockscreen-android-malware-greift-pins-und-entsperrmuster-ab-2410-189843.html
-
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates.French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.Hijack Loader, also known as DOILoader, IDAT Loader, and First…
-
>>Water Makara<< Employs Astaroth Malware in Targeted Attacks on Brazilian Organizations
In a new report by Trend Micro Research, a spear-phishing campaign has emerged in Brazil, using a combination of obfuscated JavaScript and Astaroth malware to target companies across various industries.... First seen on securityonline.info Jump to article: securityonline.info/water-makara-employs-astaroth-malware-in-targeted-attacks-on-brazilian-organizations/
-
TrickMo malware steals Android PINs using fake lock screen
Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trickmo-malware-steals-android-pins-using-fake-lock-screen/
-
CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address
Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk as it can compromise system integrity and steal sensitive data. The malware is a UPX-packed…
-
TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs
The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further investigation, where researchers have identified 40 variants, 16 droppers, and 22 active Command and Control servers associated with this threat. These variants employ advanced techniques like zip file manipulation and obfuscation to evade detection. Despite the lack of IOC release, the…
-
GorillaBot mit über 300.000 DDoS-Angriffen – Neue Botnet-Malware zielt auf kritische Infrastrukturen
First seen on security-insider.de Jump to article: www.security-insider.de/gorillabot-neue-bedrohung-ddos-angriffe-2024-a-3618bcc52095890daeaf5438028f2c8a/
-
Perfectl Malware
Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also exploit CVE-2023-33246, a vulnerability with a severity…
-
OpenAI bestätigt Nutzung von ChatGPT zur Malware-Entwicklung
OpenAI hat in einem offiziellen Bericht bestätigt, dass ChatGPT in mehreren Fällen nachweislich zur Entwicklung von Malware eingesetzt wurde. First seen on heise.de Jump to article: www.heise.de/news/OpenAI-gibt-zu-ChatGPT-wird-zur-Malware-Entwicklung-genutzt-9979470.html
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 15
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000! GorillaBot: The New King of DDoS Attacks Hidden cryptocurrency mining and theft campaign affected over…
-
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/
-
Pig Butchering Scams Are Going High Tech
Scammers in Southeast Asia are increasingly turning to AI, deepfakes, and dangerous malware in a way that makes their pig butchering operations even more convincing. First seen on wired.com Jump to article: www.wired.com/story/pig-butchering-scams-go-high-tech/
-
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…
-
OpenAI reveals ChatGPT use by CyberAv3ngers, Android malware developers
First seen on scworld.com Jump to article: www.scworld.com/news/openai-reveals-chatgpt-use-by-cyberav3ngers-android-malware-developers
-
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…