Tag: Malware attack

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
News

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

A fresh attack campaign known as CLOUD#REVERSER has been seen staging malware payloads using reputable cloud storage services like Dropbox and Google Drive. Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov stated in a report shared with The Hacker News that the VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involve command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads. Because the scripts are made to retrieve files that fit particular patterns, it is possible that they are awaiting instructions or scripts that have been stored in Dropbox or Google Drive. A phishing email containing a ZIP archive file, which contains an executable that poses as a Microsoft Excel file, is the ...
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
News

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

Since 2009, a malware botnet known as Ebury is thought to have infected 400,000 Linux systems; as of late 2023, over 100,000 of those machines remained affected. The Slovak cybersecurity company ESET released the findings, calling it one of the most sophisticated server-side malware campaigns for financial benefit. According to a thorough investigation by security researcher Marc-Etienne M. Léveillé, "Ebury actors have been pursuing monetization activities […], including the spread of spam, web traffic redirections, and credential theft." In addition, the operators engage in bitcoin thefts through the use of AitM and credit card theft by network traffic eavesdropping, also referred to as server-side web skimming. Ebury was first discovered more than ten years ago as a componen...
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version
News

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

A more recent iteration of the malware loader known as Hijack Loader has been seen to use a revised set of anti-analysis strategies to evade detection. In a technical study, Zscaler ThreatLabz researcher Muhammad Irfan V A stated that the goal of these improvements is to make the virus more stealthy so that it can evade detection for longer periods of time. The most recent versions of Hijack Loader come with modules that allow users to disable User Account Control (UAC), create an exclusion for Windows Defender Antivirus, avoid inline API hooking—which security software frequently uses to detect malicious activity—and leverage process hollowing. In September 2023, the cybersecurity group published its first report on Hijack Loader, also known as IDAT Loader, a malware loader read...
Bogus npm Packages Used to Trick Software Developers into Installing Malware
News

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Software developers are the subject of a persistent social engineering campaign that poses as a job interview and uses fake npm packages to lure people into downloading a Python backdoor. Under the handle DEV#POPPER, cybersecurity company Securonix is monitoring the activity and connecting it to North Korean threat actors. According to security experts Den Iuzvyk, Tim Peck, and Oleg Kolesnikov, during these fake interviews, engineers are frequently required to carry out activities that entail downloading and running software from sources that seem trustworthy, like GitHub. Once the malicious Node JS payload in the app was executed, the developer's system was compromised read more Bogus npm Packages Used to Trick Software Developers into Installing Malware. Get up to date on the l...
CoralRaider attacks use CDN cache to push info-stealer malware
News

CoralRaider attacks use CDN cache to push info-stealer malware

In an ongoing effort that targets systems in the United States, the United Kingdom, Germany, and Japan, a threat actor has been storing information-stealing malware in a content delivery network cache. Researchers think CoralRaider, a financially motivated threat actor that targets social media accounts, financial information, and credentials, is responsible for the attack. The hackers supply info stealers LummaC2, Rhadamanthys, and Cryptbot, which are sold on dark web forums by malware-as-a-service providers in exchange for a membership charge. Cisco Talos determines that the campaign is a CoralRaider operation with a moderate degree of confidence based on common tactics, methods, and procedures (TTPs) with other assaults that the threat actor has been linked to. The first at...
Malware dev lures child exploiters into honeytrap to extort them
Business

Malware dev lures child exploiters into honeytrap to extort them

Although you don't usually sympathize with cybercriminals, you don't feel sorry for the victims of a recent virus campaign that targets juvenile exploiters. Threat actors have been producing ransomware and malware since 2012, masquerading as government institutions and alerting affected Windows users to the possibility of accessing CSAM. The software incites victims to pay a "penalty" in order to stop law enforcement from seeing their personal information. In addition to using this extortion method, one of the earliest "modern" ransomware operations was named Anti-Child Porn Spam Protection, or ACCDFISA. Later versions of the program also encrypted data and locked Windows desktops. Other malware families, such the Reveton trojans, Urausy, and Harasom, soon followed, posing as law...
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
News

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

A malware known as OfflRouter has persisted in infecting certain government networks in Ukraine since 2015. Based on an examination of more than 100 private documents infected with the VBA macro virus and published to the VirusTotal malware scanning portal since 2018, Cisco Talos revealed its conclusions. Since 2022, almost 20 of these documents have been uploaded. VBA code to drop and launch an executable called "ctrlpanel.exe" was found in the papers, according to security researcher Vanja Svajcer. The virus is still causing potentially sensitive papers to be uploaded to document repositories that are open to the public in Ukraine. One remarkable feature of OfflRouter is that it cannot be distributed over email; instead, it must be distributed through other channels, like docum...
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
News

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Two distinct stealer malware programs, Atomic Stealer among them, are being delivered to Apple macOS users through fraudulent advertisements and fake websites. According to a research released on Friday by Jamf Threat Labs, while the continuous infostealer assaults that target macOS users may have taken varied approaches to infiltrate their targets' Macs, their ultimate objective is still the theft of confidential information. One such attack chain uses false advertisements to trick people into visiting websites that seem similar to Arc Browser ("airci[.]net") and download malware. It's interesting to note that trying to browse the malicious website directly results in an error, according to security researchers Ferdous Saljooki, Maggie Zirnhelt, and Jaron Bradley. It is only acc...
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries
News

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

Recent research from Kaspersky shows that a Linux variant of the multi-platform backdoor DinodasRAT, which targets China, Taiwan, Turkey, and Uzbekistan, has been found in the wild. DinodasRAT, a malware that is built on C++ and goes by the name XDealer, is capable of collecting a variety of private information from infiltrated systems. Operation Jacana, a cyberespionage campaign aimed at deploying the Windows version of the implant, targeted a government agency in Guyana, according to information released by the Slovak cybersecurity company ESET in October 2023. Subsequently, Trend Micro described this week a threat activity cluster that it monitors as Earth Krahang, which has switched to employing DinodasRAT read more Linux Version of DinodasRAT Spotted in Cyber Attacks Across ...
New BunnyLoader Malware Variant Surfaces with Modular Attack Features
News

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Researchers studying cybersecurity have found an upgraded version of BunnyLoader, a malware loader and stealer that can avoid detection by modularizing its different functionalities. Palo Alto Networks Unit 42 reported last week that BunnyLoader is creating malware on the fly that can steal credentials, data, and bitcoin in addition to infecting users with more malware. On February 11, 2024, Player (or Player_Bunny), the program's developer, revealed the updated version, BunnyLoader 3.0, which included revised modules for data theft, a smaller payload, and improved keylogging capabilities. Zscaler ThreatLabz initially reported on BunnyLoader in September 2023, characterizing it as malware-as-a-service (MaaS) intended to obtain passwords and enable cryptocurrency theft read more N...