In early April, Trend Micro researchers discovered that a new threat actor group (which they call Void Arachne) was targeting Chinese-speaking users.
Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside nudifiers and deepfake pornography-generating AI software, voice-and-face-swapping AI software, zh-CN (Simplified Chinese) language packs, the simplified Chinese version of Google Chrome, and Chinese-marketed virtual private networks (VPNs), such as LetsVPN and QuickVPN.
Read more…
Source: Trend Micro
Related:
- An Old Joker’s New Tricks: Using Github To Hide Its Payload
November 9, 2020
The Joker malware has consistently plagued mobile users since its discovery in 2017. In January 2020, Google removed 1700 infected applications from the Play Store — a list that grew over three years. More recently, in September, security company Zscaler found 17 samples that were uploaded to the Google Play Store. Joker has been responsible ...
- Compal, the second-largest laptop manufacturer in the world, hit by ransomware
November 9, 2020
Compal, a Taiwanese electronics company that builds laptops for some of the world’s largest computer brands such as Apple, Acer, Lenovo, Dell, Toshiba, HP, and Fujitsu, suffered a ransomware attack over the weekend. Responsible for the breach is believed to be the DoppelPaymer ransomware gang, according to a screenshot of the ransom note shared by Compal ...
- xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunnelling for C2
November 9, 2020
The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait. We do not have visibility into how the actors gained access to ...
- Ransomware hits e-commerce platform X-Cart
November 9, 2020
E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company’s hosting platform. The incident is believed to have taken place after attackers exploited a vulnerability in a third-party software to gain access to X-Cart’s store hosting systems. “We have identified what we believed to have ...
- Gitpaste-12 malware wants to add your Linux servers and IoT devices to its botnet
November 9, 2020
A new form of malware is targeting Linux servers and Internet of Things (IoT) devices and adding them to a botnet in what appears to be the first stage of a hacking campaign targeting cloud computing infrastructure – although the purpose of the attacks remains unclear. Uncovered by cybersecurity researchers at Juniper Threat Labs, the malicious ...
- When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777
November 6, 2020
As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...