menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Cybersecurity-Insiders

1M

read

358

img
dot

Image Credit: Cybersecurity-Insiders

Chinese Threat Group conducting espionage found moonlighting with ransomware

  • Chinese state-sponsored hackers known as Emperor Dragonfly have been found engaging in ransomware attacks in addition to their espionage operations.
  • This development suggests that some state actors are now involved in financially motivated cybercrime, potentially due to personal financial incentives or disruptions in state-backed cyber operations.
  • The trend of state-sponsored hackers moonlighting as ransomware operators raises questions about attribution and the impact on global cyber warfare policies.
  • There is speculation that the shift may be driven by inconsistent government funding for cyber operations, leading hackers to seek alternative income sources.

Read Full Article

like

21 Likes

share

5 Shares

source image

Securityaffairs

1M

read

390

img
dot

Image Credit: Securityaffairs

Valve removed the game PirateFi from the Steam video game platform because contained a malware

  • Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts.
  • Affected users were warned to fully reformat their operating systems to remove the threat.
  • The game PirateFi was flagged by multiple antivirus as Trojan.Win32.Lazzzy.gen.
  • It is estimated that over 800 users may have downloaded the game.

Read Full Article

like

23 Likes

share

5 Shares

source image

Dataprivacyandsecurityinsider

1M

read

354

img
dot

Image Credit: Dataprivacyandsecurityinsider

Criminal Charges Lodged Against Alleged Phobos Ransomware Affiliates

  • The Department of Justice (DOJ) announced the arrest and extradition of Russian national Evgenii Ptitsyn for administering the Phobos ransomware variant.
  • Roman Berezhnoy and Egor Nikolaevich Glebov, two Russian nationals, were charged for operating a cybercrime group using the Phobos ransomware that victimized over 1,000 entities and received $16 million in ransom payments.
  • The arrest of these individuals is part of a coordinated international disruption of the organization, involving additional arrests and the technical disruption of the group's computer infrastructure.
  • The successful operation highlights the significance of the Federal Bureau of Investigation (FBI) in combating cybercrime and emphasizes the importance of sharing information and maintaining partnerships with international law enforcement.

Read Full Article

like

21 Likes

share

4 Shares

source image

TechCrunch

1M

read

195

img
dot

Image Credit: TechCrunch

Valve removes Steam game that contained malware

  • Valve removed a game called PirateFi from the Steam platform due to the presence of malware.
  • Affected users were advised to consider reformatting their operating system to ensure removal of any malicious software.
  • The specific type of malware was not disclosed by Valve.
  • Malware targeting gamers is attractive to hackers due to the deep access gaming apps have to users' devices.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securityaffairs

1M

read

122

img
dot

Image Credit: Securityaffairs

China-linked APTs’ tool employed in RA World Ransomware attack

  • Threat actors linked to China deployed a tool associated with China-based APT groups in the November 2024 RA World ransomware attack on an Asian software firm.
  • The attack suggests that the threat actor may be acting independently as a ransomware operator.
  • The tools used in the attack are commonly associated with China-based espionage groups, indicating a potential link to cyber espionage.
  • There is a possibility that the attacker used the ransomware attack as a diversion, but failed to hide espionage tools, and actively pursued ransom negotiations.

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

1M

read

181

img
dot

Image Credit: TechCrunch

Spyware maker caught distributing malicious Android apps for years

  • Italian spyware maker SIO has been distributing malicious Android apps, disguised as popular apps like WhatsApp, to steal private data from targets.
  • Security researchers confirmed that the spyware, called Spyrtacus, can steal messages, data, record calls, and capture audio and images.
  • SIO sells spyware to the Italian government, targeting individuals through these malicious apps posing as legitimate services.
  • The spyware campaign involved distributing phony apps related to popular cellphone providers and bypassing Google Play Store detection.
  • Google confirmed no Spyrtacus-containing apps are on Google Play since 2022 and described the spyware's use as part of a 'highly targeted campaign.'
  • SIO joins a legacy of Italian spyware companies like Hacking Team, with SIO's Spyrtacus detected in the wild since 2019.
  • SIO is linked to ASIGINT, associated with command-and-control servers managing Spyrtacus, alongside other Italian spyware makers like Cy4Gate.
  • The Spyrtacus spyware reveals traces of Neapolitan origin, hinting at developers from the Naples region behind its creation.
  • Italian spyware companies have previously left regional clues in their spyware, as seen with eSurv, another Calabrian spyware maker.
  • Unanswered questions remain about the government customer behind Spyrtacus and the targets affected by this malicious spyware.

Read Full Article

like

10 Likes

share

2 Shares

source image

Cybersecurity-Insiders

1M

read

113

img
dot

Image Credit: Cybersecurity-Insiders

Clop Ransomware lurks within the network, exploiting it for extended periods

  • Clop ransomware group follows a distinct pattern of stealing and encrypting data, demanding ransom for decryption.
  • They have now adopted a new tactic of lurking within the victim's network undetected for months.
  • After a period of inactivity, they relaunch the attack and demand ransom multiple times over an extended period.
  • Industries like manufacturing, retail, transportation, and healthcare are particularly vulnerable to these attacks.

Read Full Article

like

6 Likes

share

1 Share

source image

Bitcoinist

1M

read

227

img
dot

Image Credit: Bitcoinist

Bulletproof No More? Russian Zservers Sanctioned For Alleged LockBit Crypto Crimes

  • The Russia-based bulletproof hosting service provider Zservers has been sanctioned for its alleged link to the LockBit cryptocurrency ransomware group.
  • Authorities from Australia, the US, and the UK have frozen assets and implemented travel bans on individuals associated with Zservers and its affiliate company, XHOST Internet Solutions LP.
  • Over 200 crypto accounts allegedly owned by the group have been frozen, cutting off their source of funding and profits.
  • LockBit is a Russian group known for its dangerous ransomware attacks, and Zservers has been accused of enabling criminal activity through its bulletproof hosting services.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securityaffairs

1M

read

418

img
dot

Image Credit: Securityaffairs

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

  • The Sarcoma ransomware group claims to have breached the Taiwanese PCB manufacturer Unimicron and threatens to release the stolen data if no ransom is paid.
  • Unimicron Technology Corporation is a key supplier in the semiconductor and electronics industries, providing critical components for products such as smartphones and computers.
  • The company confirmed a ransomware attack on its subsidiary in January 2025 and is currently investigating the breach.
  • Sarcoma ransomware group has claimed to have stolen 377 GB of SQL files and documents from Unimicron.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

1M

read

154

img
dot

Image Credit: Securityaffairs

North Korea-linked APT Emerald Sleet is using a new tactic

  • North Korea-linked APT Emerald Sleet is using a new tactic.
  • Emerald Sleet is tricking targets into running PowerShell and executing code provided by the attacker.
  • The APT group, also known as Kimsuky, primarily targets think tanks and organizations in South Korea.
  • Microsoft Threat Intelligence has observed this shift in tactics, indicating a new approach to compromising traditional espionage targets.

Read Full Article

like

9 Likes

share

2 Shares

source image

Pymnts

1M

read

131

img
dot

Image Credit: Pymnts

DeepSeek Security Testers Uncover ‘Pandora’s Box’ of Cyberthreats

  • Cybersecurity company, AppSOC, has released findings from tests conducted on the DeepSeek AI model, revealing a series of failures.
  • The tests showed that DeepSeek had a high failure rate in generating viruses and malware, as well as generating responses with toxic language and producing hallucinations.
  • AppSOC recommends blocking the usage of DeepSeek for any business-related AI use due to its poor performance.
  • DeepSeek's low-cost and open-source model has faced criticism, with officials calling for a ban and doubts raised about the accuracy of its cost claims.

Read Full Article

like

7 Likes

share

1 Share

source image

Cybersecurity-Insiders

1M

read

259

img
dot

Image Credit: Cybersecurity-Insiders

Phobos and 8Base Ransomware criminals arrest by FBI

  • The FBI, in collaboration with international law enforcement agencies, has announced the arrest of four European nationals linked to ransomware operations.
  • The cybercriminals are believed to have orchestrated attacks resulting in approximately $16 million in global financial losses.
  • The arrests were made in a major joint operation codenamed 'Operation PHOBOS AETOR', resulting in the seizure of digital devices and cryptocurrency wallets.
  • While the arrests are significant, ransomware groups continuously evolve, posing an ongoing cybersecurity threat.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

1M

read

432

img
dot

Image Credit: Securityaffairs

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

  • Threat actors are using Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores.
  • GTM is a free tool that simplifies analytics and ad tracking for website owners.
  • The e-skimmer malware is hidden in a website's database and disguised as GTM and Google Analytics scripts to evade detection.
  • The malware collects credit card data filled in during the checkout process and sends it to attackers' control server.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

423

img
dot

Image Credit: Securityaffairs

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

  • Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites.
  • The police arrested four European citizens in Phuket, Thailand, who are suspected to have stolen over $16 million through ransomware attacks affecting over 1,000 victims worldwide.
  • The gang compromised at least 17 Swiss companies using the Phobos ransomware between April 2023 and October 2024.
  • The 8Base ransomware group has been active since March 2022, targeting small and medium-size businesses in various industries.

Read Full Article

like

25 Likes

share

5 Shares

source image

Cybersafe

1M

read

291

img
dot

Image Credit: Cybersafe

Phobos Ransomware Bust: 4 Arrested, 8Base Sites Seized

  • Four suspected members of the Phobos ransomware gang were arrested in Phuket, Thailand.
  • Eight of 8Base's dark web sites were seized as part of the operation.
  • The gang is accused of extorting approximately $16 million in Bitcoin.
  • Authorities from multiple countries were involved in the operation.

Read Full Article

like

17 Likes

share

4 Shares

Prev

10
11
12
13
14
15
16

Next

For uninterrupted reading, download the app