Malware


NEWS 
  • Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

    September 5, 2024

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm ...

  • Mallox ransomware: in-depth analysis and evolution

    September 4, 2024

    Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released ...

  • Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

    August 30, 2024

    Trend Micro observed a new attack vector of weaponization for the vulnerability CVE-2023-22527 using the Godzilla backdoor. Following initial exploitation, a loader was loaded into the Atlassian victim server which loads a Godzilla webshell. On January 16, 2024, Atlassian released a security advisory for CVE-2023-22527, a vulnerability that affects Confluence Data Center and Confluence Server products. In ...

  • Deep Analysis of Snake Keylogger’s New Variant

    August 28, 2024

    Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...

  • HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

    August 27, 2024

    In June 2024, Kaspersky discovered a macOS version of the HZ Rat backdoor targeting users of the enterprise messenger DingTalk and the social network and messaging platform WeChat. The samples Kaspersky found almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form ...

  • Security gaps leave local governments vulnerable to a variety of cyber threats

    August 21, 2024

    Cities and counties are beefing up their IT security, and that makes sense, says Augustine Boateng, interim chief information officer (CIO) in Memphis, Tenn. “It’s important to note that local governments have developed a reputation over the years for having lackluster cybersecurity; and not without good reason. As a result, we’re seeing more and more cyberattacks ...

  • Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum

    August 20, 2024

    The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to ...

  • Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

    August 16, 2024

    In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) ...

  • A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

    August 15, 2024

    FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises. ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage. Another noteworthy characteristic of this malware is its heavy usage ...

  • Tusk: unraveling a complex infostealer campaign

    August 15, 2024

    Kaspersky Global Emergency Response Team (GERT) has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media accounts to increase their credibility. In their analysis GERT researchers observed that all the active sub-campaigns host the initial downloader on Dropbox. ...