Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Securityaffairs

274

Image Credit: Securityaffairs

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

The Qilin ransomware group now offers a "Call Lawyer" feature to provide legal support to affiliates and pressure victims into paying, as reported by cybersecurity firm Cybereason.
Qilin, active since at least August 2022 and gaining attention in June 2024 for attacking a UK governmental service provider, uses double extortion tactics and takes a percentage of ransom payments.
Affiliates are ordered not to target systems in CIS countries like other ransomware operations.
Qilin is positioning itself as a full-service cybercrime platform, offering advanced tools, legal support, spam services, and large data storage.
The "Call Lawyer" feature increases pressure on victims during ransom negotiations by offering legal consultations and introducing legal risks.
By introducing network spreading and a DDoS option, Qilin demonstrates sophistication and adaptability in various cyberattack scenarios.
A translation of the ransomware group's text explains how the "Call Lawyer" feature works to increase ransom amounts and apply legal pressure on companies.
Qualys also highlights the strong operational model and legal support provided by Qilin to clients for successful ransomware payouts.
The Qilin ransomware group is intensifying its activity, as shown by a heatmap reporting host compromises.
Organizations are advised to adopt proactive measures to defend against sophisticated threats like Qilin ransomware, as per Qualys' recommendations.
Qilin ransomware group's strategy includes legal support, incentives, and technology for successful ransom payouts.
Cybereason's report emphasizes Qilin's emergence as a major ransomware player, offering more than just malware and aiming to lead the next wave of ransomware-as-a-service operations.

Read Full Article

16 Likes

Bitcoinist

Image Credit: Bitcoinist

Security Alert: CoinMarketCap Identifies And Eliminates Rogue Wallet Scam

CoinMarketCap faced a security scare when a fake popup urged users to 'Verify Wallet.'
The popup asked visitors to connect wallets and approve transactions, potentially leading to theft.
CoinMarketCap swiftly removed the malicious script within three hours of detection.
Popular crypto wallets MetaMask and Phantom flagged the site as unsafe.
The scam aimed to gain control over tokens by tricking users into granting approvals.
CoinMarketCap had faced a prior security breach in October 2021, where hackers stole email addresses.
The recent incident involved injecting code into the site, highlighting evolving threats.
CoinMarketCap is investigating further and enhancing security measures.
Experts recommend skepticism towards unexpected wallet prompts and using secure hardware wallets or extensions.
Keeping software updated and exercising caution remain crucial in ensuring crypto security.

Read Full Article

1 Like

Pymnts

369

Image Credit: Pymnts

Data Breach Exposes 16 Billion Login Records for Online Services

Thirty databases containing 16 billion login records for various online services were briefly exposed.
The data is recent and may include overlapping information, with only one dataset previously reported.
Login records for social media, corporate platforms, VPNs, developer portals, and more were included with URLs, login details, and passwords.
The data breach was most likely caused by infostealers, a type of malware that steals sensitive information.
The Cybernews researchers warned that this data breach provides cybercriminals with credentials for account takeover and identity theft.
Protective measures suggested include using password generators, updating passwords frequently, enabling two-factor authentication, and monitoring accounts.
Old and recent infostealer logs included in the data make it dangerous for organizations lacking multi-factor authentication practices.
In today's digital ecosystem, businesses need a holistic approach to cybersecurity due to increasing data breaches through various entry points.
Protecting data now necessitates a collective effort among businesses, service providers, and vendors.
Reported cyber and scam-related losses reached $16.6 billion in 2024, a 33% increase from the previous year, according to the FBI's IC3.
The news was reported by Cybernews and highlighted by PYMNTS.

Read Full Article

22 Likes

Bitcoinist

116

Image Credit: Bitcoinist

Crypto Jobs in Danger: North Korean Hackers Strike Again With New Malware

A North Korean-aligned group has targeted crypto job hunters in India with a new Python-based remote access trojan, according to Cisco Talos.
Fake job sites and staged interviews are used to deceive candidates into running malicious code, leading to the compromise of wallet keys and password managers.
The campaign attracts job seekers with postings that imitate major platforms like Coinbase, Robinhood, and Uniswap, using LinkedIn or email communication.
Candidates are directed to a 'skill-testing' site where system details and browser info are collected in the background.
During a live video interview, candidates are prompted to update camera drivers, facilitating the installation of the PylangGhost trojan.
PylangGhost, a variation of the GolangGhost tool, targets browser extensions to steal cookies and passwords, establishing remote control access.
North Korean hackers have a history of similar attacks, including a fake recruitment test before the $1.4 billion Bybit heist.
Security measures advised include verifying URLs for mistakes, scrutinizing job offers via trusted channels, and employing endpoint detection tools.
State-linked actors are employing social engineering tactics and custom malware to steal crypto assets, highlighting the need for caution during job searches in the blockchain sector.
Experts recommend keeping hardware wallets offline, using separate profiles for job hunting, and maintaining vigilant hiring processes and technical controls.
The mix of social engineering and advanced malware poses a significant risk to individuals in the crypto job market.
Vigilance and stringent security practices are crucial defenses against evolving threats targeting crypto workers.

Read Full Article

7 Likes

Discover more

Digit

104

Image Credit: Digit

How to find out if your passwords were compromised in the global data breach

Researchers have confirmed a massive data breach with up to 16 billion login credentials compromised, potentially by malware.
The leaked credentials cover various online services like social media, VPN services, and government portals.
Tech giants like Google, Microsoft, and Meta are pushing users to switch to passkeys due to the breach.
16 billion leaked credentials increase the risks of identity theft, account hacking, and financial fraud.
Users can check if their data was leaked using tools like Have I Been Pwned, Google Password Checkup, F-Secure Identity Theft Checker, Mozilla Monitor, and Microsoft Edge Password Monitor.
If an account is affected, users should change passwords immediately, log out of all devices, use unique strong passwords, and enable two-factor authentication.
Saving login credentials in a password manager can help manage multiple passwords securely.
Checking for compromised passwords and monitoring potential breaches are essential to protect online accounts.

Read Full Article

6 Likes

Securityaffairs

100

Image Credit: Securityaffairs

A ransomware attack pushed the German napkin firm Fasana into insolvency

A ransomware attack has pushed the German napkin firm Fasana into insolvency, exacerbating its financial troubles.
The cyberattack occurred on May 19, shutting down Fasana's systems and causing a halt in orders worth over €250K the next day.
Fasana, located in Stotzheim, Germany, with 240 employees, had to cease production and postpone May salaries.
The company estimates a €2 million loss within two weeks of the cyberattack and is now seeking a new buyer after being acquired in March.
The attack rendered Fasana incapable of printing delivery notes, leading to a complete paralysis of business operations.
The insolvency administrator Maike Krebber highlighted the severe consequences of the cyberattack on Fasana and its employees.
The ransomware attack by an unidentified group encrypted files and locked Fasana's systems, but no gang has claimed responsibility.
Although the hackers sought financial gain, the exact method of their entry remains unclear.
Operations have resumed, and deliveries and invoicing restarted the prior week.
Reportedly, a known police-monitored group was involved in sending ransomware to Fasana's systems.
The malware circulated rapidly, locking data until a ransom was paid, with printers displaying extortion messages during the attack.
No ransomware group has officially admitted to the cyberattack as of now.
Fasana is under pressure to find a buyer within eight weeks as it looks to recover from the insolvency caused by the ransomware attack.

Read Full Article

6 Likes

Securityaffairs

Image Credit: Securityaffairs

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers.
Java-based malware distributed through fake cheat tools on GitHub is targeting Minecraft users via the Stargazers Ghost Network.
The malware, disguised as cheat tools like Oringo and Taunahi, uses a multi-stage infection chain with Java/.NET stealers to extract sensitive data.
Check Point researchers detected this campaign aimed at Minecraft's vast modding community of over a million active users.
The malware, identified since March 2025, poses as Java mods on GitHub, exploiting Minecraft players' trust.
The attack involves a Java-based loader checking for virtual machines and analysis tools, followed by a second-stage Java stealer extracting game and Discord data.
A third-stage .NET stealer collects browser credentials, crypto wallets, VPN data, and more, sending it to a Discord webhook.
The Russian-speaking threat actors behind this campaign carefully evade sandbox analysis by camouflaging the malware as Forge plugins.
The report advises caution when downloading third-party content related to Minecraft to avoid falling victim to such malicious activities.
The Stargazers Ghost Network actively distributes this malware, exploiting the Minecraft player community to deploy stealers that compromise user data.
The malware campaign underscores the growing trend of using gaming communities as targets for malware distribution, emphasizing the need for vigilance and cybersecurity awareness.
Indicators of Compromise provided in the report can help identify potential malicious activities targeting Minecraft users.
The threat actor involved in this campaign is suspected to be of Russian origin, highlighting the global reach of cyber threats in popular online platforms.
The disguised malware poses a significant risk to Minecraft players seeking mods, showcasing the importance of verifying sources before downloading any third-party content for the game.
The campaign's use of Java-based loaders and .NET stealers demonstrates the sophistication of cyber attacks targeting the gaming community.
Vigilance and caution are paramount in the gaming community to prevent falling victim to malicious activities like the Stargazers DaaS campaign targeting Minecraft gamers.
The Stargazers DaaS malware distribution campaign targeting Minecraft users serves as a reminder of the persistent threats faced by online gaming communities in the cybersecurity landscape.

Read Full Article

5 Likes

TechJuice

317

Image Credit: TechJuice

Minecraft Mods Infected with Stealer Malware via Stargazers Network

Security researchers have discovered a campaign distributing Minecraft mod malware via GitHub repositories, posing a threat to gamers and cybersecurity experts.
The campaign, named Stargazers Ghost Network, disguises malware as popular Minecraft modding tools such as Oringo and Taunahi to target unsuspecting players.
Manual installation of .jar mod files from GitHub initiates the infection, leading to credential-stealing malware deployment on the victim’s system.
The malware employs multi-stage processes involving Java-based and .NET-based information stealers, targeting sensitive data like Minecraft session tokens and browser passwords.
The malware aims to evade detection by scanning systems that do not support the Minecraft Forge runtime environment and uses social proof from star repositories on GitHub.
Evidence points to the threat actor behind the campaign having connections to Russia, indicated by code comments, commit timestamps, and Pastebin usernames.
The malicious campaign has substantial reach, with over 1,500 hits on pastes, indicating a widespread potential for infection.
Tips for Minecraft players to stay safe include downloading mods from trusted sources, exercising caution when running .jar files, using Java threat-detecting antivirus software, and monitoring mod behavior post-installation.

Read Full Article

19 Likes

Securityaffairs

20h

Image Credit: Securityaffairs

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

The Cyber Monitoring Centre (CMC) has categorized cyberattacks on Marks & Spencer and Co-op as a Category 2 event, with estimated financial losses between £270M and £440M.
Hackers named DragonForce claimed responsibility for the Co-op attack, accessing data of current and past members.
Co-op initially denied customer data compromise but later confirmed data breach.
DragonForce also targeted M&S and confessed to trying to hack Harrods, accessing staff and customer data.
The attack exposed personal details of Co-op members but did not include sensitive information like passwords or financial data.
DragonForce is known for ransomware attacks, data theft, and running a cybercrime affiliate service.
The CMC linked M&S and Co-op attacks due to shared timing and threat actor, estimating total financial impact at £270M–£440M.
The attacks caused major business disruption and financial consequences for M&S and Co-op.
Estimated costs include legal fees, business interruption, incident response, and IT restoration for both companies.
M&S anticipates a £300M impact, with significant declines in online sales and consumer spending.
The incidents emphasized the vulnerability of retail supply chains and the importance of crisis preparedness and cyber resilience.
CMC stresses the need for stress-testing crisis plans, financial resilience, enhanced cyber hygiene, and access control improvement.
Clear crisis communication and robust recovery capabilities are essential during cyber incidents.
CMC aims to enhance cyber readiness through collaboration and transparency.
The financial impact of the M&S and Co-op cyberattacks highlights the widespread repercussions of cyber incidents in the retail sector.

Read Full Article

1 Like

Siliconangle

291

Image Credit: Siliconangle

Security researchers find 16B stolen credentials from malware in open cloud storage

Security researchers at Cybernews have discovered 16 billion stolen login credentials from about 30 different datasets, mainly comprised of data harvested by infostealer malware.
The credentials were found exposed in unsecured cloud storage instances and Elasticsearch repositories, not stemming from a single major data breach.
The data likely includes duplicate entries and reused passwords, impacting a substantial but smaller number of unique individuals.
The freshness of the harvested credentials poses a significant threat, as they are likely still valid for cyberattacks like credential stuffing and phishing.
These credentials were obtained from compromised devices infected with malware via phishing emails, malicious downloads, or cracked software.
Unlike traditional breaches, these credentials did not come from direct compromises of major platforms but from infected users whose data was exposed in insecure storage.
Although the 16 billion records are worrying, they are different from the largest known breach 'Mother of All Breaches' disclosed in early 2024, which contained over 26 billion records in one dataset.
While the new credentials are of smaller absolute numbers and not in one dataset, their recency and organization make them particularly dangerous for cyberattacks.
The well-organized and tailored data structure enables immediate use in cybercriminal activities, raising concerns for widespread account takeovers.
The exposed databases were removed after Cybernews reported them, but the data might have been downloaded and redistributed by others during the exposure period.
The discovery highlights the potential for attackers to exploit cloud services and SaaS platforms, bypassing traditional security measures with ease.

Read Full Article

17 Likes

Securityaffairs

327

Image Credit: Securityaffairs

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

Researchers discovered the largest data breach ever, exposing 16 billion login credentials likely due to multiple infostealers.
The discovery of the data breach, consisting of 30 massive leaked datasets totaling 16 billion exposed login records, was announced by Cybernews researchers.
Most of the leaked datasets were newly discovered, with infostealer malware being widespread as alarming new leaks continue to surface.
The exposed data was briefly accessible, mainly on unsecured Elasticsearch or storage instances, making it a blueprint for mass exploitation.
The leaked data includes 16 million to 3.5 billion records targeting services like Apple, Google, Facebook, Telegram, GitHub, and government portals.
The data likely gathered by infostealers includes tokens, cookies, and sensitive metadata, posing significant risks for phishing, ransomware, and account takeovers.
In 2024, CyberNews also uncovered the largest password compilation called RockYou2024 containing almost 10 billion unique plaintext passwords.
RockYou2024 is an expansion of the RockYou2021 collection discovered in 2021, hinting at a massive collection of passwords from old and new data breaches.

Read Full Article

19 Likes

Siliconangle

183

Image Credit: Siliconangle

UBS confirms employee data leak after ransomware attack on supplier

UBS Group AG confirms employee data stolen and published online after ransomware attack on third-party supplier, Chain IQ Group AG.
About 130,000 UBS employees' data was exposed, including names, email addresses, phone numbers, positions, languages spoken, and office locations.
No client data was affected, and UBS swiftly took action to mitigate operational impact.
World Leaks, formerly known as Hunters International, is believed to be behind the attack, employing a data theft and threat approach instead of encryption-based ransomware tactics.
Chain IQ Group AG, the affected supplier, serves numerous clients, including Swiss Life, AXA, FedEx, IBM, Swisscom, KPMG, and Pictet Group, with Pictet confirmed as affected.
Implications of the breach extend to potential scams, fraud, and phishing attacks targeting bank employees, clients, and the Swiss banking industry as a whole.
The use of generative AI tools for impersonation amplifies risks, including potential blackmail and money laundering via social engineering.
Third-party exposure risks in interconnected enterprise ecosystems are highlighted by the Chain IQ breach, emphasizing the attractiveness of suppliers as targets for threat actors seeking leverage.

Read Full Article

11 Likes

Qualys

Image Credit: Qualys

Lessons from Qilin: What the Industry’s Most Efficient Ransomware Teaches Us

Qilin ransomware has become one of the most active and impactful operations worldwide, gaining popularity for targeted attacks and robust encryption tactics.
Qilin amassed over $50 million in ransom payments in 2024 and is now recognized as the top ransomware threat globally.
Qilin is associated with threat actor groups like Scattered Spiders and has expanded its use to various countries and industries, particularly targeting manufacturing, legal, and financial services.
It strategically targets critical infrastructure and larger organizations with high payouts and utilizes advanced encryption techniques to make decryption almost impossible.
Qilin also engages in double extortion, rapid encryption, data exfiltration, and addresses weaknesses in Windows system backups to force payouts.
Recent Qilin variants include enhancements like Chrome Extension Stealer, security evasion tactics, and backup corruption to hinder recovery efforts.
Proactive defense measures against Qilin include user awareness, incident response readiness, patch management, antivirus software, endpoint threat detection, network alerting, and immutable backups.
Organizations are advised to implement strategies such as Zero Trust Architecture, threat mapping to defensive solutions, and a well-tested incident response plan to combat evolving ransomware threats.
Qilin serves as a significant wake-up call for organizations to prioritize resilience and preparedness against sophisticated ransomware attacks like Qilin that can have devastating financial and operational impacts.
Its methodical targeting, advanced encryption, and evasion techniques highlight the necessity for organizations to reevaluate their defense mechanisms and readiness in the face of rising ransomware threats.
The article provides detailed insights into Qilin's history, operational model, encryption methods, and recommendations for strengthening defense strategies against ransomware attacks.

Read Full Article

4 Likes

Securityaffairs

287

Image Credit: Securityaffairs

News Flodrix botnet targets vulnerable Langflow servers

Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet via downloader scripts in Langflow servers.
Langflow, a tool for agentic AI workflows, is affected by the code injection vulnerability CVE-2025-3248 in the /api/v1/validate/code endpoint.
The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on vulnerable Langflow servers.
Threat actors are utilizing open-source code proof of concept (PoC) to target and compromise unpatched Langflow servers.
The exploit involves downloading and executing Flodrix botnet malware, which enables DDoS attacks and remote code execution.
The Flodrix botnet establishes communication channels with its C&C server over TCP and the Tor network, providing multiple attack vectors.
The malware deletes itself when run with invalid parameters, potentially to evade detection and test target compatibility.
Flodrix botnet sample exhibits stealth capabilities like self-deletion, artifact removal, and string obfuscation to avoid detection.
The malware enumerates running processes and terminates suspicious ones, sending detailed reports to its C&C server for further actions.
Flodrix botnet campaigns are actively developing, with new encrypted DDoS attack types and enhanced avoidance of forensic traces.

Read Full Article

17 Likes

Securityaffairs

Image Credit: Securityaffairs

Attackers target Zyxel RCE vulnerability CVE-2023-28771

Attackers are actively targeting the Zyxel RCE vulnerability CVE-2023-28771, according to GreyNoise researchers.
On June 16, a surge in exploit attempts against the Zyxel IKE decoders vulnerability was observed, with 244 unique IPs involved.
The main targets of the attack were the U.S., U.K., Spain, Germany, and India.
All 244 IP addresses related to the exploitation attempts were traced back to Verizon Business in the U.S., but the use of UDP means the IPs could be spoofed.
The exploit attempts were linked to Mirai botnet variants, as confirmed by VirusTotal.
GreyNoise recommends blocking the identified malicious IPs, verifying device patches, monitoring for post-exploitation activities, and limiting exposure on IKE/UDP port 500.
In April 2023, Zyxel addressed the CVE-2023-28771 vulnerability in its firewall devices and urged customers to install patches to mitigate the risk.
The U.S. CISA added the vulnerability to its Known Exploited Vulnerability to Catalog after observing active exploitation.

Read Full Article

5 Likes

For uninterrupted reading, download the app