- Ukraine supporters in Germany targeted with PowerShell RAT malware
May 16, 2022
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. The malware campaign uses a decoy site to lure users into fake news bulletins that supposedly contain unreleased information about the situation in Ukraine. These sites offer malicious documents that ...
- Team of experts help Rutube to recover from the May 9 cyberattack
May 11, 2022
Rutube involved several expert teams, including a team of specialists from Positive Technologies security center, to deal with the aftermath of the May 9 cyberattack, the website said in its Telegram channel. “In order to investigate the attack and deal with its aftermath, several expert teams were involved, including a team of specialists from the Positive ...
- Examining the Black Basta Ransomware’s Infection Routine
May 9, 2022
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black Basta posted on underground forums known as XSS.IS and EXPLOIT.IN to advertise that it intends to buy and monetize corporate network ...
- It costs just $7 to rent DCRat to backdoor your network
May 9, 2022
A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, ...
- A new secret stash for “fileless” malware
May 4, 2022
In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign isn’t limited to ...
- AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
May 2, 2022
trend Micro researchers found samples of AvosLocker ransomware that makes use of a legitimate driver file to disable anti-virus solutions and detection evasion. While previous AvosLocker infections employ similar routines, this is the first sample they observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file ...
- Data-wiper malware strains surge as Ukraine battles ongoing invasion
April 29, 2022
Security researchers have detailed six significant strains of data-wiping malware that have emerged in just the first quarter of 2022, a huge surge over previous years. This increase coincides with the invasion of Ukraine, and all of these wipers have been used against that state’s infrastructure and organizations. One of the wipers also took wind turbines ...
- CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
April 28, 2022
CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware. CISA and the FBI encourage organizations to ...
- Emotet modules and recent attacks
April 13, 2022
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of different countries’ authorities. It took the threat actors ...
- CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
April 11, 2022
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. Researchers began seeing malicious activities at the start ...
- Denonia malware targets AWS Lambda environments
April 6, 2022
A new malware variant that targets AWS Lambda has been discovered. On Wednesday, researchers from Cado Security published their findings on Denonia, malware currently being used in targeted attacks against Lambda. Lambda is a scalable compute service offered by Amazon Web Services (AWS) for running code, server and OS maintenance, capacity provisioning, logging, and operating numerous backend ...
- Borat RAT: Multiple threat of ransomware, DDoS and spyware
April 4, 2022
A new remote access trojan (RAT) dubbed “Borat” doesn’t come with many laughs but offers bad actors a menu of cyberthreats to choose from. RATs are typically used by cybercriminals to get full control of a victim’s system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this ...
- Modem-wiping malware caused Viasat satellite broadband outage in Europe
April 1, 2022
Tens of thousands of Viasat satellite broadband modems that were disabled in a cyber-attack some weeks ago were wiped by malware with possible links to Russia’s destructive VPNFilter, according to SentinelOne. On February 24, as Russian troops invaded Ukraine, Viasat terminals in Europe and Ukraine were suddenly and unexpectedly knocked offline and rendered inoperable. This caused, ...
- Lazarus Trojanized DeFi app for delivering malware
March 31, 2022
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving. We recently discovered a ...
- Meet BlackGuard: a new infostealer peddled on Russian hacker forums
March 31, 2022
Researchers have uncovered a new infostealer malware being peddled in Russian underground forums. Dubbed BlackGuard, zScaler says that the new malware strain is “sophisticated” and has been made available to criminal buyers for a monthly price of $200. Infostealers are forms of malware designed to harvest valuable data, potentially including operating system information, contact lists, screenshots, network ...
- IcedID malware, in the hijacked email thread, with the insecure Exchange servers
March 29, 2022
Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people’s PCs with IcedID. IcedID is bad news because if you’re tricked into running it, it opens a backdoor allowing further malware, such as ransomware, to be injected into your system. Marks typically receive an encrypted .zip as an attachment, with the ...
- China APT group using Russia invasion, COVID-19 in phishing attacks
March 28, 2022
A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to ...
- TRITON Malware Remains Threat to Global Critical Infrastructure Industrial Control Systems (ICS)
March 24, 2022
The FBI is warning that the group responsible for the deployment of TRITON malware against a Middle East–based petrochemical plant’s safety instrumented system in 2017, the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), continues to conduct activity targeting the global energy sector. This warning follows the 24 March 2022 unsealing of a ...
- Lockbit wins ransomware speed test, encrypts 25,000 files per minute
March 23, 2022
Ransomware moves more quickly than most organizations can respond. Though knowing they have a specific limited window should help inform where to put their defenses, according to security data shop Splunk. The vendor’s research team Surge today published research on how long it takes 10 of the big ransomware families including Lockbit, Conti, and REvil to ...
- Android app with 100,000 downloads contained password-stealing malware, say security researchers
March 22, 2022
Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users. Researchers at French mobile security firm Pradeo said the app embeds Android trojan malware known as “Facestealer” because it dupes victims into typing in their Facebook ...