Tag: Malware

Fake Cisco Webex Google Ads abuse tracking templates to push malware
News

Fake Cisco Webex Google Ads abuse tracking templates to push malware

Threat actors can construct convincing Webex software search ads that link users to websites that have the BatLoader malware by exploiting a flaw in Google Ads tracking templates. Worldwide enterprises and businesses utilize the video conferencing and contact center software package Webex, which is a component of Cisco's collaboration product line. According to Malwarebytes, the threat actors in the malvertising operation appear to be from Mexico, and it has been active in Google Search for a week. According to Malwarebytes, the top Google Search result for the phrase "webex" displays a malicious Google ad that pretends to be the genuine Webex download portal read more Fake Cisco Webex Google Ads abuse tracking templates to push malware. Stay informed with the best cybersecurity ...
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
News

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A brand-new malspam operation has been seen using DarkGate, a type of commercial malware. According to a study from Telekom Security last week, "the current spike in DarkGate malware activity is plausible given the fact that the malware developer has recently started to rent out the malware to a small number of affiliates." The most recent study expands on prior discoveries made by security researcher Igal Lytzki, who described a "high volume campaign" that makes use of hacked email threads to deceive recipients into installing malware read more DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solu...
Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware
News

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

ShadowPad, a replacement for the PlugX backdoor that is frequently linked to Chinese hacker groups, was delivered through the penetration of an application used by numerous companies in Pakistan by an undisclosed threat actor. According to Trend Micro, the targets included the Pakistani government, a public sector bank, and a telecommunications company. Between the middle of February 2022 and September 2022, the infections occurred. The cybersecurity firm speculated that the event might have been caused by a supply-chain assault, in which a legal piece of software used by potential targets is trojanized to spread malware that can capture private data from infected systems read more Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware. Stay informed with...
Iranian Hackers Sophisticated Malware Targets Windows and macOS Users
News

Iranian Hackers Sophisticated Malware Targets Windows and macOS Users

The spear-phishing attempts that infect Windows and macOS operating systems with malware have been connected to the Iranian nation-state actor known as TA453. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint claimed in a recent research. "When given the chance, TA453 transferred its malware and tried to start a NokNok infection chain with an Apple flavor. Additionally, TA453 used multiple persona impersonations in its never-ending spying mission read more Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awar...
Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
News

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC). The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won't extend to the E.U. "at this point." Threads is Meta's answer to Twitter that's set for launch on July 6, 2023. It's billed as a "text-based conversation app" that allows Instagram users to discuss everything from the topics you care about today to what'll be trending tomorrow read more Manifest Confusion Attack Opens Door to Malware. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive cove...
Mexico Based Hacker Targets Global Banks with Android Malware
News

Mexico Based Hacker Targets Global Banks with Android Malware

An Android mobile malware campaign targeting financial institutions worldwide, with a concentration on Spanish and Chilean banks, has been traced to an e-crime actor of Mexican descent between June 2021 and April 2023. Security analyst Pol Thill believes the Neo_Net actor is responsible for the activities. Following a malware research challenge in conjunction with vx-underground, SentinelOne disclosed the results. By tailoring their infrastructure to specific targets, Neo_Net has achieved a high success rate despite using relatively simple tools. This has led to the theft of over 350,000 EUR from victims' bank accounts and the compromise of thousands of victims' Personally Identifiable Information read more Mexico Based Hacker Targets Global Banks with Android Malware. Stay one s...
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions
News

New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions

Over 70 web browser extensions and 40 different web browsers have been revealed to be targets of the new data-stealing malware known as Mystic Stealer. The malware, which targets cryptocurrency wallets, Steam, and Telegram, was first marketed on April 25, 2023, for $150 per month. It also uses a variety of sophisticated defence mechanisms to evade detection. InQuest and Zscaler researchers said in an examination released last week that "the code is heavily obfuscated using polymorphic string obfuscation, hash-based import resolution, and runtime calculation of constants." Mystic Stealer is a crimeware program that, like many others for sale, focuses on data theft and is written in the C programming language read more New Mystic Stealer Malware Targets 40 Web Browsers and 70 Brows...
Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable
News

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

Since September 2022, a totally undetectable (FUD) malware obfuscation engine by the name of BatCloak has been utilized to spread a variety of malware strains while constantly avoiding antivirus detection. The samples give "threat actors the ability to load numerous malware families and exploit with ease through highly obfuscated batch files," according to researchers from Trend Micro. The cybersecurity company noted that 79.6% of the total 784 artefacts discovered had not been detected by any security solutions, indicating BatCloak's capacity to go past conventional detection methods read more Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber...
New Decoy Dog Malware Toolkit Uncovered Targeting Enterprise Networks
News

New Decoy Dog Malware Toolkit Uncovered Targeting Enterprise Networks

An analysis of over 70 billion DNS records has led to the discovery of a new sophisticated malware toolkit dubbed Decoy Dog targeting enterprise networks. Decoy Dog, as the name implies, is evasive and employs techniques like strategic domain aging and DNS query dribbling, wherein a series of queries are transmitted to the command-and-control (C2) domains so as to not arouse any suspicion. "Decoy Dog is a cohesive toolkit with a number of highly unusual characteristics that make it uniquely identifiable, particularly when examining its domains on a DNS level," Infoblox said in an advisory published late last month New Decoy Dog Malware Toolkit Uncovered Targeting Enterprise Networks. With ReconBee.com Stay ahead of the latest threats with in-depth coverage of cyber attacks and cy...
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
News

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

According to recent research from Kaspersky, a new QBot malware campaign is using hacked business correspondence to lure unknowing victims into installing the virus. Since it started on April 4, 2023, the most recent activity has predominantly targeted consumers in Germany, Argentina, Italy, Algeria, Spain, the United States, Russia, France, the United Kingdom, and Morocco. A banking trojan known as QBot, sometimes known as Qakbot or Pinkslipbot, has been active at least since 2007. In addition to capturing passwords and cookies from web browsers, it also functions as a backdoor to introduce ransomware or other next-stage payloads like Cobalt Strike read more New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware. With ReconBee.com Stay ahead of the latest thr...