Malware


NEWS 
  • New CopperStealer malware steals Google, Apple, Facebook accounts

    March 18, 2021

    Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices. The threat actors ...

  • Convuster: macOS adware now in Rust

    March 18, 2021

    Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercriminals have been paying increased attention to new programming languages, seemingly in the ...

  • New ZHtrap botnet malware deploys honeypots to find more targets

    March 12, 2021

    A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. The malware, dubbed ZHtrap by the 360 Netlab security researchers who spotted it, is loosely based on Mirai’s source code, and it comes with support for x86, ARM, MIPS, and other ...

  • Good old malware for the new Apple Silicon platform

    March 12, 2021

    A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the ...

  • No Laughing Matter: Joker’s Latest Ploy

    March 12, 2021

    Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...

  • NimzaLoader malware was written in an unusual programming language to stop it from being detected

    March 11, 2021

    A prolific cyber criminal hacking operation is distributing new malware which is written in a programming language rarely used to compile malicious code. Dubbed NimzaLoader by cybersecurity researchers at Proofpoint, the malware is written in Nim – and it’s thought that those behind the malware have decided to develop it this way in the hopes that ...

  • Linux Systems Under Attack By New RedXOR Malware

    March 11, 2021

    Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group. The backdoor is called RedXOR – in part because its network data-encoding scheme is based on the XOR encryption algorithm, and in part because its samples were found on an old release of the Red Hat Enterprise Linux ...

  • TrickBot Takes Over, After Cops Kneecap Emotet

    March 11, 2021

    A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall for 2020, while the No. 1 malware, ...

  • D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

    March 5, 2021

    Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15. In ...

  • New in Ransomware: AlumniLocker, Humble Feature Different Extortion Techniques

    March 4, 2021

    Trend Micro researchers recently discovered two new ransomware variants, AlumniLocker and Humble, which exhibit different sophisticated behaviors and extortion techniques post-encryption. One of these techniques includes an unusually high ransom payment and a threat to publicize victims’ critical data. These new variants prove that ransomware’s targeted and extortion-focused era is alive and well in 2021. Technical analyses AlumniLocker ...

  • Microsoft reveals GoldMax, Sibot and GoldFinder new malware strains used by SolarWinds hackers

    March 4, 2021

    Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims’ networks as second-stage payloads. The company now tracks the “sophisticated attacker” who used the Sunburst backdoor and Teardrop malware during the SolarWinds supply-chain attack as Nobelium. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team found ...

  • New Sunshuttle Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

    March 4, 2021

    Mandiant Threat Intelligence discovered a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that we have named SUNSHUTTLE. SUNSHUTTLE is written in GO, and reads an embedded or local configuration file, communicates with a hard-coded command and control (C2) server over HTTPS, and supports commands including remotely uploading ...

  • Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks

    March 4, 2021

    Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. Last year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new malicious firmware-targeting ‘TrickBoot’ module delivered by the notorious TrickBot malware. When executed, the module will analyze a ...

  • Ursnif Trojan has targeted over 100 Italian banks

    March 3, 2021

    The Ursnif Trojan has been traced back to attacks against at least 100 banks in Italy. According to Avast, the malware’s operators have a keen interest in Italian targets and attacks against these banking institutions have led to the loss of credentials and financial data. The cybersecurity firm said on Tuesday that at least 100 banks have ...

  • Compromised Website Images Camouflage ObliqueRAT Malware

    March 2, 2021

    The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan (RAT), which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were embedded into the documents themselves. Now, if users click on the attachment, they’re redirected ...

  • Ryuk Ransomware: Now with Worming Self-Propagation

    March 2, 2021

    A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then ...

  • Emotet One Month After the Takedown

    March 2, 2021

    2021 got off to a fantastic start for the cybersecurity community with the news that the infamous botnet Emotet had been brought down in a coordinated global operation, “Operation Ladybird.” As the first security vendor to detect and profile the Trojan all the way back in 2014, we’re particularly delighted to be seeing the back of ...

  • Mobile malware evolution 2020

    March 1, 2021

    In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. All they need to do is correctly identify the application, or at least, the type of applications, that are currently in demand. Therefore, attackers constantly ...

  • Go malware is now common, having been adopted by both APTs and e-crime groups

    February 26, 2021

    The number of malware strains coded in the Go programming language has seen a sharp increase of around 2,000% over the last few years, since 2017, cybersecurity firm Intezer said in a report published this week. The company’s findings highlight and confirm a general trend in the malware ecosystem, where malware authors have slowly moved away ...

  • Lazarus targets defense industry with ThreatNeedle

    February 25, 2021

    We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look, we identified the malware ...