Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 60

Jan 29, 2023

Gootkit Malware Continues to Evolve with New Components and Obfuscations

Posted by in categories: business, cybercrime/malcode

The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains.

Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.”

Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning.

Jan 28, 2023

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

Posted by in category: cybercrime/malcode

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona “badbullzvenom.”

ESentire’s Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it “found multiple mentions of the badbullzvenom account being shared between two people.”

The second threat actor, known as Frapstar, is said to identify themselves as “Chuck from Montreal,” enabling the cybersecurity firm to piece together the criminal actor’s digital footprint.

Jan 28, 2023

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Posted by in category: cybercrime/malcode

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.

“This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system,” Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said. “A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks.”

The cybersecurity company said it uncovered the artifact during an incident response effort following a Black Basta ransomware attack against an unnamed victim. Among other tools discovered in the compromised environment include the Gootkit malware loader and the Brute Ratel C4 red team framework.

Jan 27, 2023

After Google Docs, hackers turn to Microsoft OneNote to target users with malware

Posted by in categories: cybercrime/malcode, finance

Cyber attackers around the world are looking at alternate file attachment types to trap users with phishing and malware attacks, according to a report by Bleeping Computer. The alternate attachment types come in the form of online, open-source file attachments, and the latest type that has now been spotted includes Microsoft OneNote files. According to the report, hackers are exploiting OneNote attachments in emails to trick users into downloading malware.

The report stated that hackers switched to OneNote, Microsoft’s online note-taking alternative to Word, after the company disabled ‘macros’ by default in email attachments. The latter, which refer to code snippets that execute a command upon a user opening the email attachment, were long since used by attackers to get users to download malware attachments.

By using macros, hackers would store malware within Microsoft Word or Excel documents. Once a user opened the attachment, the malware would get triggered automatically. These malware, in turn, could be used for a wide range of attacks — including remote code execution, botnets, financial or identity theft, or even spyware.

Jan 26, 2023

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings

Posted by in categories: cybercrime/malcode, mobile phones

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.

Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

Roaming Mantis, also known as Shaoye, is a long-running financially motivated operation that singles out Android smartphone users with malware capable of stealing bank account credentials as well as harvesting other kinds of sensitive information.

Jan 26, 2023

Scammers posed as tech support to hack employees at two US agencies last year, officials say

Posted by in categories: cybercrime/malcode, government

Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, US cybersecurity officials revealed Wednesday.

In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the US Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC.

The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees.

Jan 25, 2023

Malware exploited critical Realtek SDK bug in millions of attacks

Posted by in categories: cybercrime/malcode, electronics

Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022.

Exploited by multiple threat actors, the vulnerability is tracked as CVE-2021–35394 and comes with a severity score of 9.8 out of 10.

Between August and October last year, sensors from Palo Alto Networks observed significant exploitation activity for this security issue, accounting for more than 40% of the total number of incidents.

Jan 24, 2023

EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

Posted by in categories: cybercrime/malcode, government, internet

An unsecured server discovered by a security researcher last week contained the identities of hundreds of thousands of individuals from the U.S. government’s Terrorist Screening Database and “No Fly List.”

Located by the Swiss hacker known as maia arson crimew, the server, run by the U.S. national airline CommuteAir, was left exposed on the public internet. It revealed a vast amount of company data, including private information on almost 1,000 CommuteAir employees.


CommuteAir also confirmed the legitimacy of the data, stating that it was a version of the “federal no-fly list” from roughly four years prior.

Continue reading “EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server” »

Jan 24, 2023

Ransomware access brokers use Google ads to breach your network

Posted by in category: cybercrime/malcode

A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims’ passwords, and ultimately breach networks for ransomware attacks.

Over the past couple of weeks, cybersecurity researchers MalwareHunterTeam, Germán Fernández, and Will Dormann have illustrated how Google search results have become a hotbed of malicious advertisements pushing malware.

These ads pretend to be websites for popular software programs, like LightShot, Rufus, 7-Zip, FileZilla, LibreOffice, AnyDesk, Awesome Miner, TradingView, WinRAR, and VLC.

Jan 24, 2023

FBI: North Korean hackers stole $100 million in Harmony crypto hack

Posted by in category: cybercrime/malcode

The FBI has concluded its investigation on the $100 million worth of ETH heist that hit Harmony Horizon in June 2022 and validated that the hackers responsible for it are the Lazarus group and APT38.

Page 60 of 220First5758596061626364Last