Malware

January 25, 2024

An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google services, including Google search, are also either restricted or heavily censored in mainland ...

January 25, 2024

The Phobos ransomware family is a notorious group of malicious software designed to encrypt files on a victim’s computer. It emerged in 2019 and has since been involved in numerous cyber attacks. This ransomware typically appends encrypted files with a unique extension and demands a ransom payment in cryptocurrency for the decryption key. FortiGuard Labs has ...

January 25, 2024

Cyber attacks by Russian government-funded groups on the resources run by the Ministry of Defense using phishing, distribution of remote code execution malware, and blocking of access to web resources have been recorded. “Last day, attacks on Ukraine’s government and commercial sectors were recorded. Also, attacks by Russia-funded hacker groups were launched on the resources of ...

January 24, 2024

A financially motivated threat actor is targeting Mexican banks and cryptocurrency trading entities with custom packaged installers delivering a modified version of AllaKore RAT – an open-source remote access tool. Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process. The AllaKore RAT payload is heavily modified ...

January 22, 2024

A month ago, Kaspersky researchers discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. The researchers recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking ...

January 18, 2024

A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing the access to earn masses of wealth, researchers have warned. Cybersecurity experts from Qianxin Xlabs dubbed the operation “Bigpanzi”, and claim there are some 170,000 daily active bots. Given that not all endpoints are active at ...

January 18, 2024

In October 2023, the 7777-Botnet was first discussed in a writeup titled, The Curious Case of the 7777-Botnet. The author, supported by other researchers, describes a ~10,000 node botnet that’s purpose is to brute-force Microsoft Azure user credentials. It employs targeted, low-volume methods that are so effective that they were only discovered due to a geolocation ...

January 16, 2024

In 2021 and 2022, Kaspersky researchers had the privilege of working on a few Pegasus malware infections on several iPhone devices. The iPhones were Initially given to them by their partners for general security checks before the researchers discovered the infections. Investigating such cases can be complicated, costly, or time consuming due to the nature of ...

January 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began working with the FBI, who determined that the ...

January 16, 2024

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs, and provided ...