menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

TechJuice

1M

read

423

img
dot

Image Credit: TechJuice

Apple and Google Remove Malicious Apps from Their Stores

  • Apple and Google removed around twenty apps from their app stores after security researchers discovered they were carrying data-stealing malware for nearly a year.
  • The malware, known as SparkCat, targeted cryptocurrency wallets by searching for recovery phrases in image galleries using optical character recognition (OCR).
  • The apps had over 242,000 downloads collectively from the Google Play Store, and researchers found the malware in an Indonesian and UAE food delivery app initially.
  • While the malicious apps have been removed from official app stores, there is a possibility that the malware may still be available on other websites and unofficial app stores.

Read Full Article

like

25 Likes

share

5 Shares

source image

Cybersecurity-Insiders

1M

read

95

img
dot

Image Credit: Cybersecurity-Insiders

Cyber Attack news headlines currently trending on Google

  • Australia faced an alarming surge in cyber attacks in 2024, with a record number of online users being targeted per second.
  • Lee Enterprises, a news publishing company, experienced a ransomware attack and is currently investigating the scope of the incident.
  • A large-scale hacking campaign infected over 2.8 million devices, disrupting online services across different countries.
  • Hewlett Packard Enterprises fell victim to a cyber attack believed to be orchestrated by a Russian hacking group, resulting in data breaches of employee information.

Read Full Article

like

5 Likes

share

1 Share

source image

TechCrunch

1M

read

118

img
dot

Image Credit: TechCrunch

Apple and Google take down malicious mobile apps from their app stores

  • Apple and Google have removed around 20 apps from their app stores after discovering they contained data-stealing malware named SparkCat.
  • The malware has been active since March 2024 and was found in a food delivery app used in the United Arab Emirates and Indonesia.
  • It was later discovered on 19 other unrelated apps, which were collectively downloaded over 242,000 times through the Google Play Store.
  • The malware harvested personal data from victims' devices, including recovery phrases for cryptocurrency wallets and personal information from screenshots.

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

1M

read

0

img
dot

Image Credit: TechCrunch

Global police operation seizes 8base ransomware gang leak site

  • A group of international law enforcement agencies have seized the dark web leak site of the 8base ransomware gang as part of a takedown operation.
  • Law enforcement agencies from Europe, Japan, the U.S., and U.K. were involved in the takedown operation.
  • 8base is a financially-motivated hacking group known for employing double-extortion tactics and targeting multiple sectors, including healthcare.
  • The U.S. government last year secured the extradition of an alleged Russian hacker connected to the prolific ransomware operation, Phobos.

Read Full Article

like

Like

share

Share

source image

Cybersecurity-Insiders

1M

read

59

img
dot

Image Credit: Cybersecurity-Insiders

Kraken Ransomware strikes Cisco servers to steal data

  • Kraken Ransomware strikes Cisco servers, stealing sensitive data
  • Hackers accessed critical data, including passwords and proprietary information
  • Stolen data includes usernames, password hashes, and employee-related information
  • Cisco confirms the breach was an older incident, but highlights ongoing cyber threats

Read Full Article

like

3 Likes

share

Share

source image

Securityintelligence

1M

read

36

img
dot

Image Credit: Securityintelligence

Reducing ransomware recovery costs in education

  • Sophos State of Ransomware in Education 2024 Found that ransomware attacks on educational institutions decreased in 2024. Ransomware affects education quality and the majority (64%) of education IT workers report that ransomware impacts education quality. Education institutions should take precautions to secure the backups, such as by using air-gapped backups as well as immutable backups that cannot be erased. Sophos found that costs for lower education institutions whose backups were compromised were five times higher than those who had a backup to revert to.
  • Students are impacted by ransomware attacks on the education sector. Lower education saw a decrease in attacks from 80% in 2023 to 63% in 2024. A recent study found that 44% devote only 10% of their IT budget to cybersecurity and the majority of schools (78%) do not employ cybersecurity specialists. Schools should continue to focus on reducing vulnerabilities.
  • The recovery costs have more than doubled for ransomware attacks in education and Sophos found the increase even higher in higher education, more than four times higher from 2023 to 2024 ($1.06 million to $4.02 million). However, the attack rates for both are still higher than the global cross-sector average of 59%.
  • Demand for ransom in education has increased. The Sophos Report found that paying the ransom has increased in both higher and lower education. Additionally, education sector ransoms tend to be higher as cyber criminals use double extortion.
  • Ways to reduce recovery costs and ransomware risk are: installation of antivirus software; education of cybersecurity practices; filtering software to reduce the chance of students or employees being victims of phishing, and MFA. Educational institutions should take extra steps to ensure that each user who logs in is who they claim to be to avoid unauthorised access.
  • The recovery of ransomware attacks is extended due to schools not containing the ransomware quickly enough. It is recommended to create an incident response plan which includes the planning, detection, recovery and post-incident actions.
  • Despite the decrease in attacks, educational organizations must pay attention to the rising recovery costs. Schools should continue to reduce their vulnerabilities and the recovery costs by proactively taking steps to reduce risks.
  • The future of ransomware attacks in education: The costs of ransomware recovery are even more impactful than other sectors. Educational organizations need to keep focusing on educating students by proactively reducing risks and recovery costs.

Read Full Article

like

2 Likes

share

Share

source image

Securityaffairs

1M

read

359

img
dot

Image Credit: Securityaffairs

XE Group shifts from credit card skimming to exploiting zero-days

  • The cybercrime group XE Group has transitioned from credit card skimming to targeted information theft.
  • XE Group has shifted its focus to exploiting zero-day vulnerabilities in supply chain attacks.
  • The group used a VeraCore zero-day to deploy reverse shells and web shells in recent attacks.
  • XE Group employs advanced tactics, including supply chain attacks and obfuscated executables disguised as PNG files.

Read Full Article

like

21 Likes

share

5 Shares

source image

Medium

1M

read

0

img
dot

Image Credit: Medium

Leveraging PowerShell for Code Execution

  • PowerShell can be used to enumerate and exploit a target in many ways, hence techniques to evade and abuse it exist
  • This article delves into a Huntress blog post and analyzes PowerShell code implementation intricacies and low-level nuances
  • Using a PowerShell v1 target environment helps script execution bypass AMSI and hastens the exploitation process
  • The above code snippets shows how to target a registry key and execute the code with Invoke-Expression
  • Code-wise, PowerShell script has benefits over C code in things like location of libraries is handled by the system
  • System.dll and UnsafeNativeMethods class are used in PowerShell script to link .NET code with unmanaged windows APIs
  • Delegate type function plays a vital role in invocation of API functions by malicious actors
  • User-mode malware typically involves allocation of memory and passing shellcode in that memory space to execute concurrently
  • Conditional logic is added to the code for avoiding newer 64-bit versions of PowerShell with AMSI incorporated
  • The article describes the understanding gained from the observation of the TTPs used by threat actors in a PowerShell script

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

13

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

  • PlayStation Network has been experiencing an outage for over 24 hours.
  • Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer.
  • Russian intelligence is recruiting Ukrainians for terror attacks using messaging apps.
  • Hospital Sisters Health System was impacted, affecting 882,782 individuals.

Read Full Article

like

Like

share

Share

source image

Dev

1M

read

45

img
dot

Image Credit: Dev

How to protect yourself against cyber threats

  • Understanding Cyber Threats: Cybersecurity threats such as malware, phishing, Man-in-the-Middle attacks, software vulnerability exploits, and social engineering attacks put personal, financial, and corporate data at risk.
  • Implementing Technical Security Measures: Adopting technical measures such as using reliable antivirus and firewall, regularly updating software and operating systems, and using a virtual private network (VPN) can reduce the risk of cyberattacks and protect sensitive data.
  • Creating Strong Passwords: Creating and managing strong passwords, using passphrases and complex combinations, and avoiding password reuse across multiple accounts can enhance online account protection. Enabling two-factor authentication (2FA) adds an extra layer of security.
  • Prevention is Key: Understanding cyber threats, implementing technical security measures, and practicing secure online habits are vital for protecting against cyber threats. Taking proactive measures is crucial to reducing the risk of falling victim to these threats.

Read Full Article

like

2 Likes

share

Share

source image

Mjtsai

1M

read

168

img
dot

Screenshot-Reading Malware

  • Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, according to Kaspersky.
  • Kaspersky discovered the code for this malware campaign, named "SparkCat," in late 2024.
  • Several App Store apps, including ComeCome, WeTink, and AnyGPT, were found to contain OCR spyware, which led to Apple pulling the apps from the App Store.
  • It is unclear whether the infection was a deliberate action by the developers or the result of a supply chain attack.

Read Full Article

like

10 Likes

share

2 Shares

source image

Macdailynews

1M

read

243

img
dot

Image Credit: Macdailynews

Apple’s App Store pulls apps with hidden screen reading malware

  • Kaspersky revealed details about the new “SparkCat” malware affecting a handful of iOS apps, leading to Apple removing the compromised apps from the App Store.
  • The malware used OCR capabilities to extract sensitive information from images and screenshots on iPhones, mainly targeting recovery phrases for crypto wallets.
  • Apple found an additional 89 apps with the same malicious code that had been previously rejected or removed from the App Store.
  • The malware primarily targeted iOS users in Europe and Asia.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechJuice

1M

read

287

img
dot

Image Credit: TechJuice

Cybercriminals Use DeepSeek & Qwen AI to Create Malware

  • Hackers are utilizing AI models such as DeepSeek and Qwen to develop complex malware.
  • These AI models offer powerful language processing capabilities, making them attractive to hackers.
  • Hackers are employing techniques like jailbreaking prompts, infostealers, bypassing banking protections, and spam distribution scripts.
  • Organizations need to implement robust security measures to counter the risks posed by AI-powered malware creation.

Read Full Article

like

17 Likes

share

4 Shares

source image

Dataprivacyandsecurityinsider

1M

read

59

img
dot

Image Credit: Dataprivacyandsecurityinsider

Nation State Backed Groups Using AI for Malicious Purposes

  • GTIG, the Google Threat Intelligence Group, published a report on the adversarial misuse of generative AI.
  • Government-backed threat actors from China, Russia, Iran, and North Korea are misusing the Gemini web application for various malicious purposes.
  • Iranian threat actors mainly used Gemini for phishing campaigns, reconnaissance, and generating content with cybersecurity themes.
  • Russian threat actors primarily focused on coding tasks, such as converting malware and adding encryption functions.

Read Full Article

like

3 Likes

share

Share

source image

TronWeekly

1M

read

356

img
dot

Image Credit: TronWeekly

Ransomware Payments Crash 35% in 2024 as Authorities Go on the Offensive

  • Ransomware payments dropped 35% in 2024 due to stronger law enforcement and victim resistance.
  • Attackers shifted tactics, with new strains emerging and faster operations.
  • Major ransomware groups like LockBit and BlackCat saw major setbacks.
  • Law enforcement disrupted major ransomware gangs, contributing to a fall in payments.

Read Full Article

like

21 Likes

share

5 Shares

Prev

10
11
12
13
14
15
16

Next

For uninterrupted reading, download the app