Search.AI.Wiki

Category: Malware

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Twitter

North Korea-linked Kimsuky APT uses new recon tool ReconShark

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign.

SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark.

The reconnaissance …

Fleckpe Android malware totaled +620K downloads via Google Play Store

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022.

Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is …

Facebook warns of a new information-stealing malware dubbed NodeStealer

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta.

NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook. The…

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector.

Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns.

The …

City of Dallas shut down IT services after ransomware attack

The City of Dallas, Texas, was hit by a ransomware attack that forced it to shut down some of its IT systems.

The IT systems at the City of Dallas, Texas, have been targeted by a ransomware attack. To prevent …

Hackers are taking advantage of the interest in generative AI to install Malware

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned.

Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. …

North Korea-linked ScarCruft APT uses large LNK files in infection chains

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022.

Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka …

New Lobshot hVNC malware spreads via Google ads

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices.

Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads.

Threat actors are …

Experts spotted a new sophisticated malware toolkit called Decoy Dog

Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks.

While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks.

Threat actors behind …

Iranian govt uses BouldSpy Android malware for internal surveillance operations

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers.

Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of …

Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures.

Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government …

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides.

Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. …

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

ViperSoftX

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection.

Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique.

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month.

Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). …

Google obtained a temporary court order against CryptBot distributors

Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer.

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information …

Researchers found the first Linux variant of the RTM locker

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems.

The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, …

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware.

Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950). The group is known to …
文 » A