Archive for the ‘Malware’ Category

Chromeloader Malware Drops Malicious Browser Extensions to Track User’s Online Activity

An ongoing, widespread Chromeloader malware campaign has been warned by Microsoft and VMware. It has been identified that this malicious campaign is dropping node-WebKit malware and ransomware, as well as dangerous browser extensions. ChromeLoader was observed in the wild for the first time in January 2022 for Windows users and in March 2022 for Mac […]

Leave a Comment

Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate, but related, campaigns between March and June 2022 that were delivering multiple malware, including the ModernLoader bot (aka Avatar bot), RedLine info-stealer and cryptocurrency miners to victims. ModernLoader is a .NET remote access trojan that supports multiple […]

Leave a Comment

7 open-source malware analysis tools you should try out

There are two main types of malware analysis: static and dynamic. Performing static analysis of a malicious binary means concentrating on analyizing its code without executing it. This type of analysis may reveal to malware analysts not only what the malware does, but also its developer’s future intentions (e.g., currently unfinished functionalities). Dynamic analysis looks […]

Leave a Comment

Disk wiping malware knows no borders

Fortinet announced the latest semiannual FortiGuard Labs Global Threat Landscape Report which revealed that ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS). Additional highlights of the report: Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both […]

Leave a Comment

Escanor Malware delivered in Weaponized Microsoft Office Documents

Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to […]

Leave a Comment

Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited

Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited Microsoft has published a fix for a zero-day bug discovered in 2019 that it originally did not consider a vulnerability. The tech giant patched CVE-2022-34713 – informally known as “DogWalk” – on Tuesday, noting in its advisory that it has already been exploited. According to Microsoft, exploitation of the […]

Leave a Comment

GitHub blighted by “researcher” who created thousands of malicious projects

Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI. This person went by the curious nickname of Remind Supply Chain Risks, and the packages had project names that were generally similar to well-known projects, presumably in the hope that some of them would […]

Leave a Comment

Gootkit AaaS malware is still active and uses updated tactics

Gootkit access-as-a-service (AaaS) malware is back with tactics and fileless delivery of Cobalt Strike beacons. Gootkit runs on an access-a-as-a-service model, it is used by different groups to drop additional malicious payloads on the compromised systems. Gootkit has been known to use fileless techniques to deliver threats such as the SunCrypt, and REvil (Sodinokibi) ransomware, Kronos trojans, and Cobalt Strike. In the […]

Leave a Comment

Threat Actors Circumvent Microsoft Efforts to Block Macros

Microsoft’s announcement that it would block macros in Microsoft Office apps by default didn’t stop threat actors—they have simply resorted to new tricks. “Threat actors across the landscape responded by shifting away from macro-based threats,” Proofpoint researchers noted in a blog post. In fact, an analysis of campaign data, “which include threats manually analyzed and contextualized,” […]

Leave a Comment

Google OAuth client library flaw allowed to deploy of malicious payloads

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token to deploy […]

Leave a Comment

Microsoft warns of the rise of cryware targeting hot wallets

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Data stolen from this kind of malware includes private keys, seed phrases, and […]

Leave a Comment

New Nerbian RAT spreads via malspam campaigns using COVID-19

Researchers spotted a new remote access trojan, named Nerbian RAT, which implements sophisticated evasion and anti-analysis techniques. Researchers from Proofpoint discovered a new remote access trojan called Nerbian RAT that implements sophisticated anti-analysis and anti-reversing capabilities. The malware spreads via malspam campaigns using COVID-19 and World Health Organization (WHO) themes. The name of the RAT […]

Leave a Comment

CERT-UA warns of malspam attacks distributing the Jester info stealer

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of attacks spreading info-stealing malware Jester Stealer. The Computer Emergency Response Team of Ukraine (CERT-UA) has detected malspam campaigns aimed at spreading an info-stealer called Jester Stealer. The malicious messages spotted by the Ukrainian CERT have the subject line “chemical attack” and contain a link to a […]

Leave a Comment

Vulnerable Docker Installations Are A Playhouse for Malware Attacks

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]

Leave a Comment

Nation-state Hackers Target Journalists with Goldbackdoor Malware

A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight. Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing […]

Leave a Comment

China-linked Hafnium APT leverages Tarrask malware to gain persistence

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities in the United States […]

Leave a Comment

macOS Malware of Chinese Hackers Storm Cloud Exposed

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Leave a Comment

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In mid-January, […]

Leave a Comment

Microsoft Safety Scanner

Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats. Download Microsoft Safety Scanner (32-bit) Download Microsoft Safety Scanner (64-bit)  Note Starting November 2019, Safety Scanner will be SHA-2 signed […]

Leave a Comment

Microsoft: Data-wiping malware disguised as ransomware targets Ukraine again

Microsoft said today that it has observed a destructive attack taking place in Ukraine where a malware strain has wiped infected computers and then tried to pass as a ransomware attack, but without providing a ransomware payment and recovery mechanism. “At present and based on Microsoft visibility, our investigation teams have identified the malware on […]

Leave a Comment