Malware

August 9, 2023

On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...

August 9, 2023

FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx. FortiGuard Labs analysis also revealed a significant increase in injector ...

August 7, 2023

Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there have been multiple leaks of ransomware source code and builders ...

August 3, 2023

The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, Kaspersky researchers rely both on samples that they detect and their monitoring efforts, which cover botnets and underground forums. While doing so, the researchers found ...

August 2, 2023

Since November of 2021, US-based companies have been barred from doing business with the NSO Group, an Israeli research firm behind some of the most advanced hacking tools the tech world has ever seen. Come to find out, a New York Times investigation from this past April revealed that a US government agency was actively using ...

July 31, 2023

Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...

July 29, 2023

US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday. The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. Read more… Source: CNN News  

July 28, 2023

CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited ...

July 27, 2023

During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the apps are signed using the same – possibly stolen – certificate, and share various classes and strings. The apps target the following banks: Bank Mellat Bank Saderat Resalat ...

July 25, 2023

In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting businesses across different countries. With a primary focus on stealing financial data and login credentials from ...