Tag: malware
-
Russian suspected Phobos ransomware admin extradited to US over $16M extortion
by
in SecurityNewsThis malware is FREE for EVERY crook ($300 decryption keys sold separately) First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/suspected_phobos_admin/
-
Bitwarden exploited in new Facebook malvertising campaign
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/bitwarden-exploited-in-new-facebook-malvertising-campaign
-
Infostealers deployed via novel BabbleLoader malware
by
in SecurityNews
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/infostealers-deployed-via-novel-babbleloader-malware
-
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/24/perfctl_malware_strikes_again/
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
China-linked actor’s malware DeepData exploits FortiClient VPN zero-day
by
in SecurityNewsChinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a…
-
Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal.”At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and…
-
Malvertising: Fake-Werbung auf Facebook zielt auf Bitwarden-Nutzer ab
by
in SecurityNews
Tags: malwareSicherheitsforscher haben eine Malwaretising-Kampagne beobachtet, bei der ein angebliches Sicherheitsupdate für Bitwarden via Facebook beworben wurde. First seen on heise.de Jump to article: www.heise.de/news/Malvertising-Fake-Werbung-auf-Facebook-zielt-auf-Bitwarden-Nutzer-ab-10057183.html
-
Malvertising-Kampagne streute Bitwarden-Meldungen und Anzeigen auf Facebook
by
in SecurityNewsCyberkriminelle haben mit vermeintlichen Alarmmeldungen des weitverbreiteten Passwortmanagers Bitwarden Opfer dazu verleitet, Malware auf ihren Geräten zu installieren. Als Sicherheitsupdate getarnt, erhielten Nutzer in Wirklichkeit eine bösartige Browser-Erweiterung. Die zurzeit pausierte Kampagne startete am 3. November 2024 und zielte auf Nutzer im Alter von 18 bis 65 Jahren in ganz Europa. Die Hacker suchten nach…
-
Malware delivered via malicious QR codes sent in the post
by
in SecurityNewsCybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/malware-malicious-qr-codes-the-post
-
North Korean Hackers Target Job Seekers with Malware-Laced Video Apps
by
in SecurityNewsA recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of North Korean IT workers tracked as CL-STA-0237. This group used malware-infected video conference... First seen on securityonline.info Jump to article: securityonline.info/north-korean-hackers-target-job-seekers-with-malware-laced-video-apps/
-
Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
by
in SecurityNewsA Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing… First seen on hackread.com Jump to article: hackread.com/facebook-malvertising-malware-via-fake-bitwarden/
-
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
by
in SecurityNewsCybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.BabbleLoader is an “extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory,” Intezer security First…
-
Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
Switzerland’s National Cyber Security Centre has warned of a new QR code scam in fake MeteoSwiss letters spreading Android malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/swiss-cyberagency-qr-code-mail-scam/
-
Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched. The post Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-vpn-zero-day-exploited-in-malware-attacks-remains-unpatched-report/
-
North Korean IT Worker Network Tied to BeaverTail Phishing Campaign
by
in SecurityNewsBeaverTail malware has been used to target tech job seekers through fake recruiters, Palo Alto Networks’ Unit 42 has found First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-it-worker-beavertail/
-
PXA Stealer: New Malware Targets Governments and Education Across Europe and Asia
by
in SecurityNewsCisco Talos recently identified a sophisticated cyber campaign targeting sensitive information in government and educational sectors across Europe and Asia. Operated by a Vietnamese-speaking threat actor, this campaign leverages a... First seen on securityonline.info Jump to article: securityonline.info/pxa-stealer-new-malware-targets-governments-and-education-across-europe-and-asia/
-
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 20
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven…
-
Lumma Stealer statt KI-App: Malware befällt Windows und macOS
Vorsicht vor falschen KI-Tools wie EditProAI: Lumma Stealer bedroht Windows und macOS. So erkennt und vermeidet ihr die gut getarnte Malware. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/lumma-stealer-statt-ki-app-malware-befaellt-windows-und-macos-304346.html
-
Fake AI video generators infect Windows, macOS with infostealers
by
in SecurityNewsFake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with-infostealers/
-
NSO Group used WhatsApp exploits even after Meta-owned company sued it
by
in SecurityNewsCourt filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. >>As a threshold matter, NSO admits that it developed and sold the spyware…
-
Swiss cheesed off as postal service used to spread malware
by
in SecurityNewsQR codes arrive via an age-old delivery system First seen on theregister.com Jump to article: www.theregister.com/2024/11/16/swiss_malware_qr/
-
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
by
in SecurityNewsA threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA.Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind DEEPDATA,…
-
Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
by
in SecurityNewsThe Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. Glove Stealer is a .NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators,…
-
macOS HM Surf vuln might already be under exploit by major malware family
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/21/microsoft_macos_hm_surf/
-
Black Lotus, Emotet, Beep, and Dark Pink, still the top malware threats of 2024
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/black-lotus-emotet-beep-and-dark-pink-still-the-top-malware-threats-of-2024
-
Botnet exploits GeoVision zero-day to install Mirai malware
by
in SecurityNewsA malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-exploits-geovision-zero-day-to-install-mirai-malware/