In early April, Trend Micro researchers discovered that a new threat actor group (which they call Void Arachne) was targeting Chinese-speaking users.
Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside nudifiers and deepfake pornography-generating AI software, voice-and-face-swapping AI software, zh-CN (Simplified Chinese) language packs, the simplified Chinese version of Google Chrome, and Chinese-marketed virtual private networks (VPNs), such as LetsVPN and QuickVPN.
Read more…
Source: Trend Micro
Related:
- Cobalt threat group serves up SpicyOmelette in fresh bank attacks
September 27, 2018
Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt. Banking customers hoodwinked by fraudulent schemes or ...
- VPNFilter’s Arsenal Expands With Newly Discovered Modules
September 26, 2018
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities. Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After ...
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
September 24, 2018
The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017. The incident took place on March 3, 2017, when the organization’s entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain. The ransomware encrypted files and requested payment of ...
- Adwind RAT Scurries By AV Software With New DDE Variant
September 24, 2018
A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool (RAT) – and using a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE code-injection attack on Microsoft Excel – enabling them to bypass ...
- Tesco Bank facing £30m fine from FCA over 2016 cyber attack
September 24, 2018
Tesco Bank could be fined as much as £30 million over its 2016 cyber attack that compromised the accounts of at least 40,000 of its seven million customers. The attack in November 2016 is one of the most serious ever on a UK retail bank, with money stolen from 20,000 accounts over one weekend – some customers seeing ...
- New Virobot malware works as ransomware, keylogger, and botnet
September 21, 2018
A newly discovered malware strain is a multi-tasking threat that besides working as ransomware and encrypting users’ files, it can also log and steal their keystrokes, and add infected computers to a spam-sending botnet. This new threat is named Virobot and appears to be under development, and comprised of multiple components that allow it to work ...