CoreWarrior Spreader Malware Surge


This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle

The malware is a UPX-packed executable that has been manually tampered with and will not unpack using the standard UPX unpacker.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Shin Bet finds 200 Iranian cyberattacks on Israeli personalities

    December 2, 2024

    In recent months, the Shin Bet (Israel Security Agency) has uncovered some 200 efforts made by Iranian hackers to target Israeli civilians, the Shin Bet stated on Monday. The hacking was conducted via phishing attempts against various individuals, including Israeli politicians, academics, and media personalities, the security agency added. The hackers reportedly looked to gain access ...

  • No company too small for Phobos ransomware gang, indictment reveals

    December 2, 2024

    The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, ...

  • RansomHub claims to net data hat-trick against Bologna FC

    November 30, 2024

    Italian professional football club Bologna FC is allegedly a recent victim of the RansomHub cybercrime gang, according to the group’s dark web postings. The ransomware crims responsible for attacks on organizations including Planned Parenthood and Christie’s – the same crew thought to have picked up LockBit’s top talent post-disruption – posted an extensive collection of data ...

  • Some London commuters may never be refunded after TfL cyber attack

    November 30, 2024

    Sadiq Khan has admitted victims of a Transport for London (TfL) cyber attack may never get their money back. Tens of thousands of Londoners are feared to have been left out of pocket after hackers gained access to the travel authority’s systems in September. The aftermath of the hack meant over-60s, children and students were unable to ...

  • Pakistan: Severe Cyber Attack at Dewan Farooque Motors Corrupts Data and Crashes Servers

    November 30, 2024

    A  cyber-attack crippled Dewan Farooque Motors Limited (DFML), corrupting key corporate data and crashing servers. The Pakistan Stock Exchange (PSX) received notice of the incident on Friday. DFML told stakeholders that restoring its information systems and financial data, including information from the first quarter ending September 30, 2024, will be a lengthy process. Read more… Source: ProPakistan News Sign ...

  • Another background check company suffered data breach with over 600,000 people details exposed

    November 29, 2024

    Another background check company suffered a data breach; this time, more than 600,000 people were affected. It’s a minor breach compared with the 2.9 billion people hit by the National Public Data hack, but it’s still scary. The company in question, SL Data Services, was discovered online. It was publicly exposed and not password-protected or encrypted. ...