Malware

NEWS 
  • 5 linked to cyber espionage ring arrested in Türkiye

    January 27, 2025

    Authorities arrested five people on cyber espionage charges through a software system uncovered thanks to information from the National Intelligence Organization (MIT), Turkish media reported Monday. An investigation led by the Chief Public Prosecutor’s Office in the capital, Ankara, discovered that a software program known as “Avatar” or “Adalet” (Turkish for “justice”), exclusively designed for attorneys, ...

  • Dangerous new botnet targets webcams, routers across the world

    January 22, 2025

    Cybersecurity researchers from the Qualys Threat Research Unit have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to build out a botnet. In a technical analysis, Qualys said the attackers were mostly exploiting CVE-2017-17215 and CVE-2024-7029, seeking to compromise AVTECH IP cameras, and Huawei HG532 routers. The botnet is essentially Mirai, although ...

  • PlugX malware deleted from thousands of systems by FBI

    January 16, 2025

    The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...

  • Deep Dive Into a Linux Rootkit Malware

    January 13, 2025

    This is a follow-up analysis to a previous blog about a zero day exploit where the FortiGuard Incident Response (FGIR) team examined how remote attackers exploited multiple vulnerabilities in an appliance to gain control of a customer’s system. At the end of that blog, Fortinet researchers revealed that the remote attacker had deployed a rootkit (a ...

  • Meet FunkSec: A New, Surprising Ransomware Group, Powered by AI

    January 10, 2025

    The FunkSec ransomware group emerged in late 2024 and published over 85 victims in December, surpassing every other ransomware group that month. FunkSec operators appear to use AI-assisted malware development, which can enable even inexperienced actors to quickly produce and refine advanced tools. The group’s activities straddle the line between hacktivism and cybercrime, complicating efforts to ...

  • Cracking the Code: How Banshee Stealer Targets macOS Users

    January 9, 2025

    Since September, Check Point Research (CPR) has been monitoring a new version of the Banshee macOS Stealer, a malware that steals browser credentials, cryptocurrency wallets, and other sensitive data. Undetected for over two months, Banshee’s latest version introduced string encryption taken from Apple’s XProtect, likely causing antivirus detection systems to overlook the malware. Threat actors distributed ...

  • Google Chrome AI extensions deliver info-stealing malware in broad attack

    January 9, 2025

    Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates. Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the ...

  • Enhancing Botnet Detection with AI using LLMs and Similarity Search

    January 8, 2025

    As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques. In first-of-its-kind research, ...

  • EAGERBEE, with updated and novel components, targets the Middle East

    January 6, 2025

    In recent investigation into the EAGERBEE backdoor, kaspersky researchers found that it was being deployed at ISPs and governmental entities in the Middle East. The researchers analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, Kaspersky team discovered previously undocumented components (plugins) ...

  • Analyzing Malicious Intent in Python Code – A Case Study

    December 23, 2024

    Fortinet’s AI-driven OSS malware detection system recently identified two malicious packages: Zebo-0.1.0 on November 16, 2024, and Cometlogger-0.1 on November 24, 2024. Malicious software often masquerades as legitimate code, hiding its harmful features behind complex logic and obfuscation. In this analysis, Fortinet researchers examine the Python scripts behind these two packages, outline their malicious behaviors, and provide ...