This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring. Infection Cycle
The malware is a UPX-packed executable that has been manually tampered with and will not unpack using the standard UPX unpacker.
Read more…
Source: Sonicwall
Related:
- UK: Prison layouts reportedly leaked on dark web
November 23, 2024
The Ministry of Justice has said it is aware of a data breach affecting prisons in England and Wales. Confidential prison layouts had been leaked onto the dark web in the past two weeks, according to The Times. A former prison governor told the paper organised crime groups could potentially use the information to smuggle drugs ...
- 9 months after the largest healthcare breach in history, UnitedHealth subsidiary back online
November 22, 2024
Change Healthcare—a subsidiary of the global health company UnitedHealth Group — has restored its medical billing services nine months after suffering an unprecedented ransomware attack that left providers with serious cashflow problems, threatened access to care, and leaked sensitive information onto the dark web. Change Healthcare, one of the largest health payment processing companies in the ...
- Fake Google Chrome Website Tricks Users into Installing Malware
November 22, 2024
Google Chrome is the most widely used web browser in the world, and this dominance makes it a great vector for cybercriminals to use to spread malware to unsuspecting users. The SonicWall Capture Labs threat research team recently found what appears to be a legitimate website where a user can download and install Google Chrome. But ...
- Ford denies it was hit by data breach, says customer data is safe
November 22, 2024
Ford has denied suffering a data breach frecently, saying the information circulating around the web belongs to a third party and is, for the most part, publicly available. A known leaker with the alias EnergyWeaponUser recently posted a new thread on BreachForums, claiming to be sharing Ford’s data for free. “Today, I have uploaded the Ford ...
- Andrew Tate ‘online university’ suffers breach: 800,000 users’ data exposed
November 22, 2024
Far-right influencer and self-described misogynist Andrew Tate has become the target of an anonymous hacktivist group. Sensitive data from hundreds of thousands of subscribers to Tate’s “online university” was stolen. On Thursday, hackers announced their breach of Tate’s “The Real World” website by flooding the private members’ chatroom with pro-feminist emojis and transgender pride flags, as ...
- Update now – Apple confirms vulnerabilities are already being exploited
November 20, 2024
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make sure you update as soon as you can. To check if you’re using ...