Tag: Malware attack

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
News

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

Cybercriminals are using a new malware loader dubbed HijackLoader to distribute a variety of payloads, including DanaBot, SystemBC, and RedLine Stealer. According to Zscaler ThreatLabz researcher Nikolaos Pantazopoulos, "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection and execution since it uses a modular architecture, a feature that most loaders do not have." The malware, which the business first discovered in July 2023, uses a variety of sneaky tactics to avoid detection. This entails delaying code execution by up to 40 seconds at various points, monitoring processes connected to security software based on an embedded blocklist, and leveraging syscalls to avoid detection by security solutions read more New...
New Python Variant of Chaes Malware Targets Banking and Logistics Industries
News

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

An upgraded version of malware known as Chaes is attacking the banking and logistics sectors. In a recent thorough technical write-up published with The Hacker News, Morphisec noted, "It has undergone major overhauls: from being completely rewritten in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced communication protocol." Chaes, which debuted in 2020, is well-known for stealing private financial information from e-commerce users in Latin America, mainly Brazil. The threat actors behind the operation, who go by the name Lucifer, penetrated more than 800 WordPress websites read more New Python Variant of Chaes Malware Targets Banking and Logistics Industries. Stay informed with the best cybersecurity news...
New BLISTER Malware Update Fuelling Stealthy Network Infiltration
News

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

An open-source command-and-control (C2) framework called Mythic is being distributed by SocGholish infection chains using an upgraded version of a malware loader known as BLISTER. Salim Bitam and Daniel Stepanic, researchers at Elastic Security Labs, wrote about the new BLISTER upgrade in a technical study that was released late last month. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments," they claimed. The business discovered BLISTER for the first time in December 2021 while it was being used as a conduit to spread Cobalt Strike and BitRAT payloads on compromised systems. Palo Alto Networks Unit 42 first revealed the use of the virus to deploy Mythic read more New BLISTER Malware ...
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
News

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A brand-new malspam operation has been seen using DarkGate, a type of commercial malware. According to a study from Telekom Security last week, "the current spike in DarkGate malware activity is plausible given the fact that the malware developer has recently started to rent out the malware to a small number of affiliates." The most recent study expands on prior discoveries made by security researcher Igal Lytzki, who described a "high volume campaign" that makes use of hacked email threads to deceive recipients into installing malware read more DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solu...
FBI Dismantles QakBot Malware,Frees 700,000 Computers, Seizes $8.6 Million
News

FBI Dismantles QakBot Malware,Frees 700,000 Computers, Seizes $8.6 Million

The notorious Windows malware family QakBot, which is thought to have infected over 700,000 machines worldwide and enabled financial theft and ransomware, was brought down by a concerted law enforcement operation known as Operation Duck Hunt. In order to accomplish this, the U.S. Justice Department (DoJ) claimed that the virus is "being deleted from victim computers, preventing it from doing any more harm," and that it also seized more than $8.6 million in cryptocurrencies in illegal gains. In addition to providing technical support, the cybersecurity firm Zscaler, the cross-border exercise included France, Germany, Latvia, Romania, the Netherlands, the United Kingdom, and the United States read more FBI Dismantles QakBot Malware Frees 700000 Computers Seizes $8.6 Million. Stay i...
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
News

LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants

Threat actors are exploiting the LockBit 3.0 ransomware constructor improperly to produce new variations as a result of the disclosure of the tool last year. Russian antivirus firm Kaspersky claimed to have discovered a ransomware incursion that used a LockBit variant but had a noticeably different ransom demand process. Security researchers Eduardo Ovalle and Francesco Figurelli noted that the perpetrator of this crime chose to utilize a different ransom note with a title referring to a previously unidentified organization called NATIONAL HAZARD AGENCY. Unlike the LockBit group, which doesn't indicate the amount and uses its own communication and negotiation platform read more LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants. Stay informed with the b...
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
News

Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware

A significant security weakness affecting Zoho ManageEngine ServiceDesk Plus that has since been patched has been seen being used by the Lazarus Group, a threat actor with ties to North Korea, to spread a remote access trojan known as QuiteRAT. Healthcare organizations in Europe and the United States are among the targets, according to a two-part research by cybersecurity company Cisco Talos. A new threat known as CollectionRAT has also been found after a deeper look at the adversary's recycling attack infrastructure in its cyberattacks on businesses. Talos noted that the Lazarus Group's continued reliance on the same tradecraft in spite of the components' extensive historical documentation demonstrates the threat actor's confidence in their operations read more Lazarus Group Exp...
New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs
News

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

Unsophisticated cybercriminals are the target of a recent malware operation that uses fraudulent OpenBullet configuration files to deploy a remote access trojan (RAT) that can steal sensitive data. The action is intended to "exploit trusted criminal networks," according to bot mitigation provider Kasada, who also described it as an example of advanced threat actors "preying on beginner hackers." A reliable open-source pen testing tool for automating credential stuffing assaults is called OpenBullet. It can combine a password list obtained through other means with a configuration file specific to a given website to log successful attempts read more New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs. Stay informed with the best cybersecurity news and...
Iranian Hackers Sophisticated Malware Targets Windows and macOS Users
News

Iranian Hackers Sophisticated Malware Targets Windows and macOS Users

The spear-phishing attempts that infect Windows and macOS operating systems with malware have been connected to the Iranian nation-state actor known as TA453. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint claimed in a recent research. "When given the chance, TA453 transferred its malware and tried to start a NokNok infection chain with an Apple flavor. Additionally, TA453 used multiple persona impersonations in its never-ending spying mission read more Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awar...
FakeCalls Android Malware Targets Financial Firms in South Korea
News

FakeCalls Android Malware Targets Financial Firms in South Korea

A new Android voice phishing (vishing) malware tool has been discovered that targets victims in South Korea by pretending to be 20 of the country's top financial institutions. The software, dubbed "FakeCalls" by the Check Point Research (CPR) team, lures victims with false loans and asks them to confirm their credit card information so that their information can be taken. "FakeCalls malware boasts the functionality of a Swiss army knife, able not only to conduct its primary purpose but also to take private data read more Fake Calls Android Malware Targets Financial Firms in South Korea. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.