Malware


NEWS 
  • Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes

    November 19, 2020

    So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim. You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted. Too dull? You could lock infected PCs and display a ghoulish skull on a bright ...

  • More than 200 systems infected by new Chinese APT ‘FunnyDream’

    November 17, 2020

    A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...

  • Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

    November 16, 2020

    A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. Jupyter infostealer has been detailed by cybersecurity company Morphisec who discovered it on the network of an unnamed higher ...

  • New TroubleGrabber Discord malware steals passwords, system info

    November 13, 2020

    TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. Several threat actors use the new info stealer to target gamers on Discord servers and to steal their passwords and other sensitive information. Its capabilities are similar to another malware strain dubbed ...

  • New ModPipe malware targets hospitality, hotel point of sale systems

    November 12, 2020

    A new Point-of-Sale (PoS) malware is targeting devices used by “hundreds of thousands” of organizations in the hospitality sector, researchers have warned. Dubbed ModPipe, the malware is a backdoor able to harvest sensitive information in PoS devices running Oracle Micros Restaurant Enterprise Series (RES) 3700, management software that is particularly popular in the United States. RES 3700 ...

  • Ghimob: a Tétrade threat actor moves to infect mobile devices

    November 9, 2020

    Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in ...

  • An Old Joker’s New Tricks: Using Github To Hide Its Payload

    November 9, 2020

    The Joker malware has consistently plagued mobile users since its discovery in 2017. In January 2020, Google removed 1700 infected applications from the Play Store — a list that grew over three years. More recently, in September, security company Zscaler found 17 samples that were uploaded to the Google Play Store. Joker has been responsible ...

  • xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunnelling for C2

    November 9, 2020

    The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait. We do not have visibility into how the actors gained access to ...

  • Gitpaste-12 malware wants to add your Linux servers and IoT devices to its botnet

    November 9, 2020

    A new form of malware is targeting Linux servers and Internet of Things (IoT) devices and adding them to a botnet in what appears to be the first stage of a hacking campaign targeting cloud computing infrastructure – although the purpose of the attacks remains unclear. Uncovered by cybersecurity researchers at Juniper Threat Labs, the malicious ...

  • RansomEXX Trojan attacks Linux systems

    November 6, 2020

    Kaspersky researchers have recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion, which suggested that we had ...

  • Operation North Star: Behind The Scenes

    November 5, 2020

    It is rare to be provided an inside view on how major cyber espionage campaigns are conducted within the digital realm. The only transparency afforded is a limited view of victims, a malware sample, and perhaps the IP addresses of historical command and control (C2) infrastructure. The Operation North Star campaign we detailed earlier this year ...

  • QBot phishing lures victims using US election interference emails

    November 4, 2020

    The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...

  • Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

    October 30, 2020

    The Wroba mobile banking trojan has made a major pivot, targeting people in the U.S. for the first time. According to researchers at Kaspersky, a wave of attacks are taking aim at U.S. Android and iPhone users in an effort that started on Thursday. The campaign uses text messages to spread, using fake notifications for “package ...

  • CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

    October 29, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and ...

  • Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector

    October 29, 2020

    On Oct. 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint cybersecurity alert regarding an increased and imminent cybersecurity threat to the U.S. healthcare system. Threat operators have displayed a heightened interest in targeting the healthcare and the public ...

  • Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee

    October 29, 2020

    Domain parking services offer a simple solution for domain owners to monetize their sites’ traffic through third-party advertisements. While domain parking might appear harmless at first glance, parked domains pose significant threats, as they can redirect visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time. We have been detecting ...

  • Emotet malware now wants you to upgrade Microsoft Word

    October 24, 2020

    Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature. Emotet is a malware infection that spreads through emails containing Word documents with malicious macros. When opening these documents, their contents will try to trick the user ...

  • New Abaddon RAT malware gets commands via Discord, has ransomware feature

    October 23, 2020

    The new ‘Abaddon’ remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware. Threat actors abusing Discord for malicious activity is nothing new. In the past, ...

  • US Treasury sanctions Russian research institute behind Triton malware

    October 23, 2020

    The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment. Sanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM). A FireEye report ...

  • Wireshark Tutorial: Examining Dridex Infection Traffic

    October 23, 2020

    This tutorial is designed for security professionals who investigate suspicious network activity and review network packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Dridex is the name for a family of information-stealing malware that has also been described as a banking Trojan. This malware first appeared ...