Tag: malware
-
Hackers target Ukrainian state agencies, critical infrastructure with new ‘Wrecksteel’ malware
by
in SecurityNewsA Ukrainian cyber agency said a suspected espionage campaign using the new malware has been active seen the fall, with at least three incidents detected in March. First seen on therecord.media Jump to article: therecord.media/hackers-ukraine-critical-infrastructure-malware
-
Evilginx stiehlt Zugangsdaten und trickst die Multi-Faktor-Authentifizierung aus
by
in SecurityNewsEine böswillige Mutation des weit verbreiteten Nginx-Webservers erleichtert bösartige Adversary-in-the-Middle-Attacken. Sophos-X-Ops haben in einem Versuchsaufbau das kriminelle Potential von Evilginx analysiert und geben Tipps für den Schutz. Evilginx ist eine Malware, die auf dem legitimen und weit verbreiteten Open-Source-Webserver Nginx basiert. Sie kann dazu verwendet werden, Benutzernamen, Passwörter und Sitzungs-Token zu stehlen und sie bietet…
-
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
by
in SecurityNewsThe cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
-
Evilginx: Die nginx-Mutation, die MFA-Schutz aushebelt
by
in SecurityNewsSicherheitsforscher von Sophos X-Ops haben die Funktionsweise und das Gefährdungspotenzial von Evilginx untersucht. Die auf dem weit verbreiteten Open-Source-Webserver nginx basierende Malware stellt eine erhebliche Bedrohung für die IT-Sicherheit dar, indem sie gezielte Adversary-in-the-Middle (AitM)-Angriffe ermöglicht und dabei sogar Multi-Faktor-Authentifizierung (MFA) aushebeln kann. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evilginx-nginx-mutation-mfa-schutz
-
Hackers Selling SnowDog RAT Malware With Remote Control Capabilities Online
by
in SecurityNewsA sophisticated remote access trojan (RAT) dubbedSnowDoghas surfaced on underground cybercrime forums, prompting alarms among cybersecurity experts. Advertised as a tool for “corporate espionage and advanced intrusions,” the malware is being sold by an unidentified threat actor with claims of stealth, evasion, and remote control capabilities. The SnowDog RAT: Features and Risks The seller claims…
-
Malware infizierte PDFMail Anhänge nehmen weiter zu
by
in EntwicklungCPR hat analysiert, wie Cyberkriminelle PDF-Angriffe weiterentwickeln und wie sich diese Angriffe trotz modernster Schutzmechanismen verbreiten. Gleichzeitig zeigt die Untersuchung, welche Maßnahmen Unternehmen und Einzelpersonen ergreifen können, um sich wirksam vor solchen Bedrohungen zu schützen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/malware-infizierte-pdf-e-mail-anhaenge-nehmen-weiter-zu/a40372/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
GoResolver: A Powerful New Tool for Analyzing Golang Malware
by
in SecurityNewsAnalyzing malware has become increasingly challenging, especially with the growing popularity of programming languages like Golang. Golang, or Go, has captivated developers for its extensive features but has also proven to be an attractive choice for malware authors, thanks to its embedded libraries, sizable binaries, and potential for obfuscation. To combat these challenges, Volexity has…
-
Beware fake AutoCAD, SketchUp sites dropping malware
by
in SecurityNewsMalware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/fake-autocad-sketchup-malware/
-
Customer info allegedly stolen from Royal Mail, Samsung via compromised supplier
by
in SecurityNewsStamp it out: Infostealer malware at German outfit may be culprit First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/royal_mail_data_spectos/
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Open-source malware doubles, data exfiltration attacks dominate
by
in SecurityNewsThere’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/open-source-malware-index-q1-2025/
-
New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows
by
in SecurityNewsFIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system…
-
Latin America targeted with Chinese malware, says Joint Chiefs chair nominee
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/latin-america-targeted-with-chinese-malware-says-joint-chiefs-chair-nominee
-
SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers
by
in SecurityNewsA recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing a stealthy malware loader, Emmenhtal, in conjunction with the SmokeLoader malware. This campaign demonstrates advanced tactics by financially motivated threat actors to distribute infostealers like CryptBot and Lumma Stealer. The attack chain begins with weaponized 7z archives and culminates in…
-
What is subdomain hijacking?
by
in SecurityNewsSubdomain hijacking is a cybersecurity risk where attackers exploit abandoned DNS records to take control of legitimate subdomains. This can lead to phishing attacks, credential theft, and malware distribution. Organizations must regularly audit DNS records, remove outdated entries, and strengthen cloud security policies to prevent these vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/what-is-subdomain-hijacking/
-
Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack
by
in SecurityNewsA sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy cryptomining payloads. The attack, identified by Wiz Threat Research and attributed to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances configured with weak or default credentials. The attackers utilize these vulnerabilities to execute XMRig-C3 cryptominers without leaving detectable…
-
Latest Ivanti bug, paired with malware, earns an alert from CISA
by
in SecurityNewsA recent alert from CISA builds on previous research about a vulnerability in Ivanti products that China-linked hackers have used to insert malware into networks. First seen on therecord.media Jump to article: therecord.media/cisa-alert-ivanti-bug-resurge-malware
-
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
by
in SecurityNewsA recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate business tools, including UltraViewer, AutoCAD, and SketchUp. Malicious Infrastructure and Infection Chain The TookPS malware…
-
Threat-informed defense for operational technology: Moving from information to action
by
in SecurityNews
Tags: access, ai, attack, automation, blueteam, cloud, control, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, finance, fortinet, framework, group, incident response, infrastructure, intelligence, law, malicious, malware, mitre, network, phishing, PurpleTeam, ransomware, RedTeam, resilience, risk, service, soar, strategy, tactics, technology, threat, tool, usaThe rise of cybercrime-as-a-service Today’s macro threat landscape is a flourishing ecosystem of cybercrime facilitated by crime-as-a-service (CaaS) models. Cybercriminal networks now operate like legitimate businesses, with specialized units dedicated to activities such as money laundering, malware development, and spear phishing. This ecosystem lowers the barrier to entry for cybercrime, enabling low-skilled adversaries to launch…
-
China’s FamousSparrow APT Hits Americas with SparrowDoor Malware
by
in SecurityNewsChina-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports. First seen on hackread.com Jump to article: hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/
-
Gootloader Malware Resurfaces in Google Ads for Legal Docs
by
in SecurityNewsAttackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/gootloader-malware-google-ads-legal-docs
-
Counterfeit Android devices found preloaded with Triada malware
by
in SecurityNewsA new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/counterfeit-android-devices-found-preloaded-with-triada-malware/
-
Gootloader Malware Spreads via Google Ads with Weaponized Documents
The notorious Gootloader malware has resurfaced with a new campaign that combines old tactics with modern delivery methods. This latest iteration leverages Google Ads to target users searching for legal document templates, such as non-disclosure agreements (NDAs) or lease agreements. The campaign exemplifies the evolving strategies of threat actors who exploit trust in legitimate platforms…
-
Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
by
in SecurityNewsCybersecurity researchers have shed light on an “auto-propagating” cryptocurrency mining botnet called Outlaw (aka Dota) that’s known for targeting SSH servers with weak credentials.”Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems,” Elastic Security Labs said in a new analysis First…
-
No Frills, Big Impact: How Outlaw Malware Quietly Hijacks Linux Servers
by
in SecurityNewsSecurity researchers at Elastic Security Labs have released an in-depth analysis of a long-running Linux malware campaign known as Outlaw. Despite its unsophisticated code and crude attack methods, Outlaw remains remarkably persistent. This malware is a great example of how… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/outlaw-malware-linux-servers/