In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document.
However, the email client didn’t show the attachment. The body of the email contained distinctive tags with the statement eval(atob(…)), which decode and execute JavaScript code:
Read more…
Source: Positive Technologies
Related:
- Microsoft Warns on OAuth Attacks Against Cloud App Users
July 9, 2020
Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a password — using signed-in status on another, ...
- Evilnum hackers use the same malware supplier as FIN6, Cobalt
July 9, 2020
Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors. The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms. Its targets are ...
- Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption
July 9, 2020
A lesser-known ransomware strain known as Conti is using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds, security researchers from Carbon Black said in a report on Wednesday. Conti is just the latest in a long string of ransomware strains that have been spotted this year. Just like ...
- More pre-installed malware has been found in budget US smartphones
July 9, 2020
Pre-installed malware has been discovered on another budget handset connected to Assurance Wireless by Virgin Mobile. Back in January, cybersecurity researchers from Malwarebytes discovered unremovable malware bundled with the Android operating systems on the Unimax (UMX) U686CL, a low-end handset sold by Assurance Wireless as part of the Lifeline Assistance program, a 1985 US initiative which subsidizes telephone services for ...
- New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173
July 8, 2020
Researchers at Trend Micro discovered a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past few months, that include SORA, UNSTABLE, and Mukashi. The case, ...
- 15 Billion Credentials Currently Up for Grabs on Hacker Forums
July 8, 2020
Fifteen billion usernames and passwords for a range of internet services are currently for sale on underground forums – shedding light on the sheer scope of compromised credentials that are fueling account takeovers on the internet. A report released Wednesday — “From Exposure to Takeover” by the Digital Shadows Photon Research Team — found that 100,000 separate data ...