Malware – Page 10 – Search.AI.Wiki

Chinese GREF APT distributes spyware via trojanized Signal and Telegram apps on Google Play and Samsung Galaxy stores

China-linked APT group GREF is behind a malware campaign distributing spyware via trojanized Signal and Telegram apps on Google Play

ESET researchers uncovered a cyberespionage campaign carried out by the China-linked APT group known as GREF that is distributing spyware …

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

FBI coordinated an international law enforcement operation, named Operation ‘Duck Hunt’, that dismantled the Qakbot botnet.

The FBI announced that the Qakbot botnet has been dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Qakbot, …

FBI: Operation ‘Duck Hunt’ dismantled the Qakbot botnet

FBI coordinated an international law enforcement operation, named Operation ‘Duck Hunt’, that dismantled the Qakbot botnet.

The FBI announced that the Qakbot botnet has been dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’

Qakbot, …

Japan’s JPCERT warns of new ‘MalDoc in PDF’ attack technique

Japan’s JPCERT warns of a new recently detected ‘MalDoc in PDF’ attack that embeds malicious Word files into PDFs.

Japan’s computer emergency response team (JPCERT) has recently observed a new attack technique, called ‘MalDoc in PDF’, that bypasses detection by …

Rhysida ransomware group claims the hack of Prospect Medical

The Rhysida ransomware group claimed to have hacked Prospect Medical Holdings and sensitive information from the company.

In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings, which are located in multiple states, …

Updated Kmsdx botnet targets IoT devices

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting …

Leaked LockBit 3.0 ransomware builder used by multiple threat actors

The leak of the source code of the LockBit 3.0 ransomware builder in 2022 allowed threat actors to create new variants of the threat.

Lockbit v3, aka Lockbit Black, was detected in June 2022, but in September 2022 a builder …

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cloud

…

Whiffy Recon malware triangulates the position of infected systems via Wi-Fi

Experts observed the SmokeLoader malware delivering a new Wi-Fi scanning malware strain dubbed Whiffy Recon.

Secureworks Counter Threat Unit (CTU) researchers observed the Smoke Loader botnet dropping a new Wi-Fi scanning malware named Whiffy Recon. The malicious code triangulates the …

Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware.

The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks …

FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million.

The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat …

Carderbee APT targets Hong Kong orgs via supply chain attacks

A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations.

Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra …

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data.

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple …

Snatch gang claims the hack of the Department of Defence South Africa

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site.

The Snatch ransomware group added the Department of Defence South Africa to its data leak site.

The mission of …

BlackCat ransomware group claims the hack of Seiko network

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site.

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber …

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system.

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices …

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Over

…

Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection

Threat actors are using Android Package (APK) files with unsupported compression methods to prevent malware analysis.

On June 28th, researchers from Zimperium zLab researchers observed that Joe Sandbox announced the availability of an Android APK that could not be analyzed …

Bronze Starlight targets the Southeast Asian gambling sector

Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector.

SentinelOne observed China-linked APT group Bronze Starlight (aka APT10, Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia.

The …

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries

EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries.

The experts …