In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware.
In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. Kaspersky researchers quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome, which was then reported to the Google security team.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
April 9, 2021
More than a year after Operation DRBControl, a campaign by a cyberespionage group that targets gambling and betting companies in Southeast Asia, we found evidence that the Iron Tiger threat actor is still interested in the gambling industry. This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant ...
- Emotet Command and Control Case Study
April 9, 2021
On March 8, 2021, Unit 42 published “Attack Chain Overview: Emotet in December 2020 and January 2021.” Based on that analysis, the updated version of Emotet talks to different command and control (C2) servers for data exfiltration or to implement further attacks. We observed attackers taking advantage of a sophisticated evasion technique and encryption algorithm ...
- Vyveva: Lazarus hacking group’s latest weapon strikes South African freight
April 8, 2021
Researchers have discovered a new backdoor employed by the Lazarus hacking group in targeted attacks against the freight industry. On Thursday, ESET said the new backdoor malware, dubbed Vyveva, was traced in an attack against a South African freight and logistics firm. While the initial attack vector for deploying the malware is not yet known, examining machines ...
- Google Chrome blocks port 10080 to stop NAT Slipstreaming attacks
April 8, 2021
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors’ NAT firewall and gain access to ...
- New wormable Android malware poses as Netflix to hijack WhatsApp sessions
April 7, 2021
A new variant of Android malware has been discovered in an app on Google Play that entices users by promising free Netflix subscriptions. On Wednesday, Check Point Research (CPR) said the “wormable” mobile malware was discovered in the Google Play Store, the official repository for Android apps. The malicious software, dubbed “FlixOnline,” disguises itself as a ...
- New Cring ransomware hits unpatched Fortinet VPN devices
April 7, 2021
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks. Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was discovered by Amigo_A in January and spotted by the CSIRT team of Swiss telecommunications provider Swisscom. The Cring operators drop customized Mimikatz ...