In a blog post, researchers from Aqua Nautilus detail their findings about malware called HeadCrab that has infected more than 1,200 Redis database servers in the past year-and-a-half. The threat actor has been using their access to the servers to mine virtual currency. Note Optimized databases like Redis are sometimes “protected” by the limited functionality …
Malware
Starting in March, Microsoft will block XLL files coming from the Internet in Office Excel. In its Microsoft 365 roadmap, Microsoft writes that it is making this change “to combat the increasing number of malware attacks in recent months.” Note Nice to see Microsoft continuing its quest to block common malware delivery methods. XLL files …
Researchers from HUMAN have taken down a sizeable ad fraud scheme that spoofed more than 1,700 apps and managed to generate 12 billion ad requests a day. By injecting JavaScript into the ads, the scammers were able to layer multiple ads, registering views for ads that users did not see. HUMAN dubbed the malicious campaign …
Don’t get me wrong. I know that it’s somewhat common knowledge to many people that Google search results or the ads that are intermingled with the results can often lead to malware or phishing sites. This has been a de-facto threat vector for anyone surfing the internet for the past two decades. This way of …
Updated on 2023-01-09: ChatGPT is Being Used to Create Malware In November 2022, OpenAI released an interface for its large language module known as ChatGPT. In a recent blog post, researchers at Check Point write that people on cybercrime forums have begun using ChatGPT to help them develop malware. Note As with many tools, ChatGPT …
Updated on 2023-01-05: New WordPress backdoor Dr.Web researchers have found a new exploit tool designed to attack WordPress sites, infect them with a backdoor, and then inject malicious scripts in their codebase. The malware targets vulnerabilities in more than 30 WordPress themes and plugins and exclusively targets Linux-based servers. Read more: Linux backdoor malware infects …
Updated on 2022-12-29 A new MasquerAds technique is being widely used by threat actors to abuse the Google Ads platform in an attempt to deliver a variety of malware to victims’ systems. Read more: “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets Overview: MasquerAds On the same note, …
Updated on 2022-12-22: FateGrab/StealDeal malware CERT-UA has a report out on a recent spear-phishing campaign that used a compromised Ministry of Defense account to target users of Delta, a platform used by Ukraine’s military forces for coordinating attacks. Read more: Кібератака на користувачів системи DELTA з використанням шкідливих програм RomCom/FateGrab/StealDeal (CERT-UA#5709) Overview Ukraine’s DELTA military …
Updated on 2022-12-29 Sekoia has a technical breakdown of RisePro, a new infostealer trojan spotted being advertised in underground cybercrime forums by Flashpoint. Per Sekoia, RisePro is currently being deployed as a second-stage payload on systems infected with the PrivateLoader malware. Read more: New RisePro Stealer distributed by the prominent PrivateLoader “RisePro” Stealer and Pay-Per-Install …
Updated on 2022-12-26 GuLoader has been updated with new anti-evasion techniques to dodge traditional security solutions. The new version is also hostile to systems running virtual machines. Read more: Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy Updated on 2022-12-21 OALABS has released IOCs for the Guloader malware. Get them while …
Updated on 2022-12-16 Zimperium found bad actors abusing Flutter, an open-source UI software development kit, to deliver loan scam apps with severe privacy and security risks, in a campaign dubbed MoneyMonger. Updated on 2022-12-15 Zimperium has a report on MoneyMonger, a threat actor that develops and offers money-lending apps but also steals personal information from …
Updated on 2022-12-13 Check Point has a technical breakdown of Azov, a data wiper that was deployed in the wild in September and November. The malware was delivered on systems previously infected with the SmokeLoader malware, tried to frame known security researchers as its authors, and according to Check Point, was “an egregious false flag …
Updated on 2022-12-12 Back in 2020, several security firms claimed that a financially-motivated hacking group named Silence might have connections to EvilCorp, a Russian cybercrime cartel that was sanctioned by the US government. In a report published last week, Cisco Talos says they’ve seen attacks where the Silence gang’s Truebot malware installed Grace (aka FlawedGrace …
Updated on 2022-12-12 Russian security firm Positive Technologies has an analysis of BlueFox, a new infostealer advertised on underground forums under a Malware-as-a-Service model. Their report is in Russian. An English-language report on the same malware is also available via Sekoia. Read more: Опасайтесь синих лис: разбор нового MaaS-стилера BlueFox Overview Sekoia researchers have analyzed …
Updated on 2022-12-12: Cobalt Mirage APT sub-group Secureworks researchers have published a technical analysis of Drokbk, a new malware strain used by what the company calls Cluster B, a smaller sub-group of the larger Cobalt Mirage Iranian APT. Secureworks researchers say Drokbk is deployed post-intrusion as a persistence mechanism and that the malware uses GitHub …
