Malware

January 21, 2019

Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing ...

January 21, 2019

The DarkHydrus advanced persistent threat (APT) group is back and this time is not only using Windows vulnerabilities to infect victims but is also abusing Google Drive as an alternative communications channel. Last week, researchers from the 360 Threat Intelligence Center (360TIC) said the hackers have a new campaign underway which is focusing on targets in the Middle ...

January 18, 2019

Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research ...

January 17, 2019

Researchers have discovered that LoJax, the malware that formed the foundation for devastating Fancy Bear attacks in 2018, has been silently active for years. Use of this infrastructure by the Russian-linked hacking group was exposed in September 2018, just a few months after the LoJax servers were first discovered by security researchers in May. LoJax was last ...

January 16, 2019

The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say. The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document. Developed in ...

January 13, 2019

Jamal Khashoggi probably thought the messages he was sending to fellow Saudi dissident Omar Abdulaziz were hidden, cloaked in WhatsApp security. In reality they were compromised — along with the rest of Abdulaziz’s phone, which had allegedly been infected by Pegasus, a powerful piece of malware designed to spy on its users. Abdulaziz, as CNN reported last ...

January 12, 2019

Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible. Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom ...

January 11, 2019

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy ...

January 9, 2019

Remember “The Shadow Brokers” and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA ...

January 8, 2019

Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells ...