The hackers behind the recent ransomware attacks against VMware ESXi hypervisor have reportedly modified the malware in a way that makes it more difficult for victims to use available decryption tools. A modified encryption routine encrypts a significantly larger amount of data. Note Of course they improve. On the other hand, all exposed vulnerable systems …
Malware
In a blog post, researchers from Aqua Nautilus detail their findings about malware called HeadCrab that has infected more than 1,200 Redis database servers in the past year-and-a-half. The threat actor has been using their access to the servers to mine virtual currency. Note Optimized databases like Redis are sometimes “protected” by the limited functionality …
Starting in March, Microsoft will block XLL files coming from the Internet in Office Excel. In its Microsoft 365 roadmap, Microsoft writes that it is making this change “to combat the increasing number of malware attacks in recent months.” Note Nice to see Microsoft continuing its quest to block common malware delivery methods. XLL files …
Researchers from HUMAN have taken down a sizeable ad fraud scheme that spoofed more than 1,700 apps and managed to generate 12 billion ad requests a day. By injecting JavaScript into the ads, the scammers were able to layer multiple ads, registering views for ads that users did not see. HUMAN dubbed the malicious campaign …
Don’t get me wrong. I know that it’s somewhat common knowledge to many people that Google search results or the ads that are intermingled with the results can often lead to malware or phishing sites. This has been a de-facto threat vector for anyone surfing the internet for the past two decades. This way of …
Updated on 2023-01-09: ChatGPT is Being Used to Create Malware In November 2022, OpenAI released an interface for its large language module known as ChatGPT. In a recent blog post, researchers at Check Point write that people on cybercrime forums have begun using ChatGPT to help them develop malware. Note As with many tools, ChatGPT …
Updated on 2023-01-05: BitRAT campaign Qualys has an analysis of a malspam campaign distributing the BitRAT malware. Read more: BitRAT Now Sharing Sensitive Bank Data as a Lure Overview A new malware campaign was found leveraging sensitive data stolen from a Colombian cooperative bank to trick users into installing BitRAT via phishing emails.
Updated on 2023-01-05: New WordPress backdoor Dr.Web researchers have found a new exploit tool designed to attack WordPress sites, infect them with a backdoor, and then inject malicious scripts in their codebase. The malware targets vulnerabilities in more than 30 WordPress themes and plugins and exclusively targets Linux-based servers. Read more: Linux backdoor malware infects …
Updated on 2022-12-29 A new MasquerAds technique is being widely used by threat actors to abuse the Google Ads platform in an attempt to deliver a variety of malware to victims’ systems. Read more: “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets Overview: MasquerAds On the same note, …
Updated on 2022-12-22: FateGrab/StealDeal malware CERT-UA has a report out on a recent spear-phishing campaign that used a compromised Ministry of Defense account to target users of Delta, a platform used by Ukraine’s military forces for coordinating attacks. Read more: Кібератака на користувачів системи DELTA з використанням шкідливих програм RomCom/FateGrab/StealDeal (CERT-UA#5709) Overview Ukraine’s DELTA military …
Updated on 2022-12-29 Sekoia has a technical breakdown of RisePro, a new infostealer trojan spotted being advertised in underground cybercrime forums by Flashpoint. Per Sekoia, RisePro is currently being deployed as a second-stage payload on systems infected with the PrivateLoader malware. Read more: New RisePro Stealer distributed by the prominent PrivateLoader “RisePro” Stealer and Pay-Per-Install …
Updated on 2022-12-26 GuLoader has been updated with new anti-evasion techniques to dodge traditional security solutions. The new version is also hostile to systems running virtual machines. Read more: Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy Updated on 2022-12-21 OALABS has released IOCs for the Guloader malware. Get them while …
Updated on 2022-12-16 Zimperium found bad actors abusing Flutter, an open-source UI software development kit, to deliver loan scam apps with severe privacy and security risks, in a campaign dubbed MoneyMonger. Updated on 2022-12-15 Zimperium has a report on MoneyMonger, a threat actor that develops and offers money-lending apps but also steals personal information from …
Updated on 2022-12-13 Check Point has a technical breakdown of Azov, a data wiper that was deployed in the wild in September and November. The malware was delivered on systems previously infected with the SmokeLoader malware, tried to frame known security researchers as its authors, and according to Check Point, was “an egregious false flag …
Updated on 2022-12-13 Trend Micro also has a report on a new Go-based malware strain named CHAOS RAT, used in recent crypto-mining attacks against Linux servers. The malware appears to have been open-sourced on GitHub. Overview Trend Micro researchers spotted a cryptocurrency mining campaign against Linux machines using the open-source Chaos RAT to deploy Monero …
