On May 13, 2024, Kaspersky consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. Since Lazarus rarely attacks individuals, this piqued Kaspersky researchers interest and they decided to take a closer look.
The researchers discovered that prior to the detection of Manuscrypt, Kaspersky technologies also detected exploitation of the Google Chrome web browser originating from the website detankzone[.]com. On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version. But that was just a disguise. Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit.
Read more…
Source: Kaspersky
Related:
- Chinese hacker group caught bypassing 2FA
December 23, 2019
Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in a ...
- Unit 42 Discovers 13 New Vulnerabilities Across Microsoft and Adobe Products
December 19, 2019
Palo Alto Networks’ Unit 42 threat researchers have been credited with discovering six new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of its December Adobe Security Bulletin APSB19-55 security updates. Additionally, seven new “important” rated vulnerabilities were addressed by the Microsoft Security Response Center (MSRC) as part of its September, October and November ...
- This ‘grab-bag’ hacking attack drops six different types of malware in one go
December 19, 2019
A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a ‘grab-bag’ of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer. Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named ‘Hornet’s Nest’. The ...
- Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
December 18, 2019
Mining, transportation, refining, distribution—the oil and gas industry has a widespread and complicated production chain that can be difficult to comprehensively defend. Risks come from all sides: extreme weather can affect transportation, politics (global and local) can impact production, and physical attacks on infrastructure can actually threaten worker safety and even impact the world’s oil ...
- Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
December 17, 2019
In late June 2018, Unit 42 revealed a previously unknown cyber espionage group we dubbed Rancor, which conducted targeted attacks in Southeast Asia throughout 2017 and 2018. In recent attacks, the group has persistently targeted at least one government organization in Cambodia from December 2018 through January 2019. While researching these attacks, we discovered an undocumented, ...
- Lazarus pivots to Linux attacks through Dacls Trojan
December 17, 2019
Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and malware outbreaks including the infamous WannaCry rampage, the $80 million Bangladeshi bank heist, and a new campaign impacting financial institutions worldwide. Recent reports ...