Malware

October 11, 2019

The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion ...

October 11, 2019

Security researchers have discovered a new piece of Mac malware; however, some of its purpose and full features will remain a mystery for a little longer. Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns. These malicious ads ran rogue code inside a Mac user’s browser to redirect the ...

October 10, 2019

Security researchers have discovered an advanced malware strain that’s been deployed to spy on diplomats and Russian-speaking users in Eastern Europe. The malware, named Attor, has been used in attacks since 2013 but was only discovered last year, according to an ESET report published today. ESET said the malware bears the signs of a targeted espionage campaign ...

October 10, 2019

During our continued analysis of the xHunt campaign, we observed several domains with ties to the pasta58com, being used as the C2 server for a new PowerShell based backdoor that we’ve named CASHY200. This PowerShell backdoor ...

October 3, 2019

Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server. Once infected, Reductor is used to spy on a victim’s browser activity, said the Global Research and Analysis Team (GReAT) ...

October 3, 2019

After a spate of ransomware attacks on government organizations, the FBI has come up with a new stance on paying up ransomware demands. The latest groups to be targeted by high-value ransomware attacks are hospital organizations in Alabama, USA, and Victoria, Australia. Both resulted in hospitals turning away non-critical patients as employees worked to restore IT systems. The attacks on ...

October 2, 2019

Mobile dropper Trojans are one of today’s most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers’ main task is to deliver payload while sidestepping the ...

October 2, 2019

Dutch police have taken down this week a bulletproof hosting provider that has sheltered tens of IoT botnets that have been responsible for hundreds of thousands of DDoS attacks around the world, ZDNet has learned. Servers were seized, and two men were arrested yesterday at the offices of KV Solutions BV (KV hereinafter), a so-called bulletproof hosting provider, ...

October 1, 2019

Trend Micro found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign ...

September 30, 2019

A medium severity bug reported on Saturday impacts Ghidra, a free, open-source software reverse-engineering tool released by the National Security Agency earlier this year. The vulnerability allows a remote attacker to compromise exposed systems, according to a NIST National Vulnerability Database description. No fix is currently available. Despite the warning, researchers are downplaying the impact of the bug. ...