Tag: malware attacks

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
News

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

A known security vulnerability in Microsoft Exchange Server is being used by an unidentified threat actor to launch keylogger malware attacks against organizations in the Middle East and Africa. Positive Technologies, a Russian cybersecurity company, reported that it has identified more than 30 victims, including banks, government organizations, IT firms, and educational institutions. The year 2021 was the first compromise in history. The business stated in a report released last week that "this keylogger was collecting account credentials into a file accessible via a special path from the internet." Russia, the United Arab Emirates, Kuwait, Oman, Niger, Nigeria, Ethiopia, Mauritius, Jordan, and Lebanon are among the nations that the intrusion set targets read more MS Exchange Se...
Finland warns of Android malware attacks breaching bank accounts
News

Finland warns of Android malware attacks breaching bank accounts

A campaign of Android malware is currently underway that aims to compromise online bank accounts, according to a warning from Finland's Transport and Communications Agency (Traficom). The organization has brought to light several instances of SMS messages that ask users to phone a number and are written in Finnish. The caller, who is a scammer, tells the victims to download the McAfee software to safeguard themselves. The communications appear to be from a local network or domestic telecom operator using spoofing technology, and they are purportedly delivered from banks or payment service providers like MobilePay. But the McAfee program contains malware that lets criminals access victims' bank accounts. The alert says that targets are urged to download a McAfee application bas...
New Latrodectus malware attacks use Microsoft, Cloudflare themes
News

New Latrodectus malware attacks use Microsoft, Cloudflare themes

The Latrodectus malware is currently being disseminated through phishing efforts that use Cloudflare and Microsoft Azure lures to look authentic, making it more difficult for email security companies to identify the emails as malicious. Latrodectus (also known as Unidentified 111 and IceNova) is a Windows malware downloader that is becoming more and more widespread. It was initially found by Walmart's security team and was subsequently examined by ProofPoint and Team Cymru. It functions as a backdoor, obtaining additional EXE and DLL payloads or carrying out commands. Researchers have connected the virus to the creators of the extensively used IcedID modular malware loader based on the malware's dissemination and infrastructure. Although it's unclear currently if they want to rep...
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
News

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor identified as TA558 has been seen to distribute a variety of malware, including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others, by using steganography as an obfuscation tactic. According to a study released on Monday by the Russian cybersecurity company Positive Technologies, "the group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside images and text files." Because of its dependence on steganography and the use of file names like greatloverstory.vbs and easytolove.vbs, the campaign has been dubbed SteganoAmor. While businesses in Russia, Romania, and Turkey have also been singled out, the bulk of the attacks have targeted Latin American ...
Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
News

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

The production of extremely sophisticated banking trojans, such as the previously unreported iOS virus GoldPickaxe, which can gather identity papers, facial recognition data, and SMS interceptions, has been traced to a threat actor speaking Chinese, codenamed GoldFactory. The GoldPickaxe family is accessible on both iOS and Android platforms, according to a comprehensive report given with The Hacker News by Group-IB, a Singapore-based company. "GoldFactory is believed to be a well-organized Chinese-speaking cybercrime group with close connections to Gigabud." GoldFactory has been active since at least mid-2023. It is also the source of GoldDigger, an upgraded version of banking malware for Android, GoldDiggerPlus, and GoldKefu, an embedded trojan within GoldDiggerPlus read more Chin...
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
News

Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months

Over 100 domains and hundreds of distinct loader samples have been used in a campaign that has been distributing the AsyncRAT malware to specific targets for at least the last 11 months. Since its release in 2019, AsyncRAT has been a publicly accessible open-source remote access tool (RAT) for Windows that offers features like data exfiltration, keylogging, remote command execution, and the ability to drop extra payloads. Over the years, fraudsters have made extensive use of the tool—either in its original or altered form—to get access to targets, steal files and data, and install other malware. Igal Lytzki, a security researcher at Microsoft, observed the attacks last summer via compromised email threads read more Stealthy AsyncRAT malware attacks targets US infrastructure for 1...
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
News

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

A fresh round of watering hole assaults that are intended to launch a malware known as IMAPLoader has been linked to the Iranian threat actor Tortoiseshell. In a report published on Wednesday, PwC Threat Intelligence stated that "IMAPLoader is a.NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads." It is conducted through new service deployments and can carry out payloads taken from email attachments. It employs email as a [command-and-control] channel. Operating since at least 2018, Tortoiseshell has a track record of distributing malware through deceitful website breaches read more Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks. Stay informed with the best cybers...
New HiatusRAT malware attacks target US Defense Department
News

New HiatusRAT malware attacks target US Defense Department

Threat actors have targeted a server owned by the US Department of Defense in a recent HiatusRAT malware campaign in what researchers are describing as a reconnaissance attack. The assaults were previously targeted at enterprises in Europe and Latin America, and they were used to hack business-class DrayTek Vigor VPN routers used by medium-sized businesses to connect remotely to corporate networks. This represents a significant shift in strategy. However, between mid-June and August, the campaign's reconnaissance operations took an unexpected turn, as Lumen's Black Lotus Labs noted. Additionally, a U.S. military procurement system was targeted, with firms situated in Taiwan also being singled out read more New HiatusRAT malware attacks target US Defense Department. Stay informed ...
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
News

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Cybersecurity organizations have issued warnings over the advent of new TrueBot malware variants. These variations especially target businesses in the US and Canada with the intention of stealing confidential information from vulnerable networks. These clever attacks take advantage of the widely used Netwrix Auditor server and its related agents' major vulnerability (CVE-2022-31199). By enabling unauthorized attackers to run malicious code with the SYSTEM user's privileges, this vulnerability gives them uncontrolled access to systems that have been hacked read more Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the...
Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks
News

Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks

For the first time since December 2022, the Remcos Trojan is back on Check Point Software's top ten list of the most desired malware (in position 8). The most recent report, which the business released earlier today, claims that threat actors utilized Remcos extensively in February to conduct phishing operations against Ukrainian government agencies. The research report makes clear that, generally, there were 44% fewer weekly attacks on Ukraine between October 2022 and February 2023 read more Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.