A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Examining the Black Basta Ransomware’s Infection Routine
May 9, 2022
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black Basta posted on underground forums known as XSS.IS and EXPLOIT.IN to advertise that it intends to buy and monetize corporate network ...
- Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
May 9, 2022
The security landscape has become increasingly challenging and complex for our customers. Threats have grown at an alarming rate over the last year, and cybercrime is now expected to cost the world USD10.5 trillion annually by 2025, up from USD3 trillion a decade ago and USD6 trillion in 2021.1 As attacks increase in scale, so must ...
- Ukraine warns of “chemical attack” phishing pushing stealer malware
May 9, 2022
Ukraine’s Computer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments. As the war between Russia and Ukraine continues, the threat of escalation in using more lethal weapons remains a concern. Ukrainians live under this constant fear, ...
- It costs just $7 to rent DCRat to backdoor your network
May 9, 2022
A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, ...
- Exploits created for critical F5 BIG-IP flaw – install patch immediately
May 8, 2022
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote ...
- NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
May 5, 2022
Trend Micro researchers recently encountered a fairly sophisticated malware framework that they named NetDooka after the names of some of its components. The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network ...