A brand new Linux malware has been found infecting thousands of computers around the world, stealing people’s login credentials, payment information, and browser cookies, security researchers are warning.
SentinelLabs and Beazley Security issued a joint report detailing the activities of PXA Stealer, a new Python-based infostealer for the Linux platform. It was first spotted in late 2024, and has since grown into a formidable threat, successfully evading defense tools while wreaking havoc across the globe.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 80,000 printers are exposing their IPP port online
June 23, 2020
For years, security researchers have warned that every device left exposed online without being protected by a firewall is an attack surface. Hackers can deploy exploits to forcibly take control over the device, or they can just connect to the exposed port if no authentication is required. Devices hacked this way are often enslaved in malware botnets, ...
- New WastedLocker ransomware demands payments of millions of USD
June 23, 2020
Evil Corp, one of the biggest malware operations on the internet, has slowly returned to life after several of its members were charged by the US Department of Justice in December 2019. In a report shared with ZDNet today, Fox-IT, a division within the NCC Group, has detailed the group’s latest activities following the DOJ charges. The Evil Corp group, also known ...
- Sodinokibi Ransomware Now Scans Networks For PoS Systems
June 23, 2020
Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale (PoS) software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments and credit card data. The compromise of PoS software ...
- Oh, what a boot-iful mornin’
June 23, 2020
In mid-April, Kaspersky threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. There is nothing new about cybercriminals exploiting the coronavirus topic; the ...
- Ripple20 Vulnerability Mitigation Best Practices
June 22, 2020
On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors. This set of 19 vulnerabilities in a low-level TCP/IP software library developed by Treck has been dubbed “Ripple20” by researchers from JSOF. A networking stack is a software component that provides ...
- XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
June 22, 2020
Researchers at Trend Micro have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A). Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known ...