Cybercrime

May 21, 2020

Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two malware files that pose as Zoom installers but when decoded, contains the malware code. These malicious fake ...

May 21, 2020

A descendant of the infamous Zeus banking trojan, dubbed Silent Night by the malware’s author, has emerged on the scene, with a host of functionalities available in a spendy malware-as-a-service (MaaS) model. Custom builds can run as much as $4,000 per month to use, which researchers say is now placing the code out of the range ...

May 20, 2020

The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally, “technically advanced” and RaaS don’t tend to go together – after all, one of the benefits of ...

May 19, 2020

A team of academics from Israel has disclosed today details about NXNSAttack, a vulnerability in DNS servers that can be abused to launch DDoS attacks of massive proportions. According to the research team, NXNSAttack impacts recursive DNS servers and the process of DNS delegation. Recursive DNS servers are DNS systems that pass DNS queries upstream in order to ...

May 19, 2020

The Ukrainian Secret Service (SSU) announced today the arrest of a hacker known as Sanix, responsible for selling billions of hacked credentials on hacking forums and Telegram channels. The SSU says it arrested Sanix in Ivano-Frankivsk, a city in western Ukraine. Authorities did not release the hacker’s name. Sanix has a long history on underground hacking forums, ...

May 18, 2020

Unit 42 researchers uncovered a new botnet campaign using Perl Shellbot, intended to mine Bitcoin, while avoiding detection using a specially crafted rootkit. The bot is propagated by sending a malicious shell script to a compromised device that then downloads other scripts. After the victim device executes the downloaded scripts, it starts waiting for commands from its ...

May 17, 2020

Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...

May 14, 2020

As part of Unit 42’s efforts to proactively monitor threats circulating in the wild, I recently came across new Hoaxcalls and Mirai botnet campaigns targeting a post-authentication Remote Code Execution vulnerability in Symantec Secure Web Gateway 5.0.2.8, which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019. There is no ...

May 14, 2020

We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan ...

May 14, 2020

The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year — the same months in which COVID-19 began to spread ...