Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Hackers eye Chinese LLMs to develop malware and other frauds

Chinese hackers are leveraging advanced tools like large language models (LLMs) to develop sophisticated malware and conduct phishing attacks.
There is currently no specific law to prevent the unauthorized use of LLMs, leading to a significant gap in preventing their misuse.
Developers and businesses should take responsibility for curbing the potential abuse of LLMs by restricting access and implementing monitoring mechanisms.
The Chinese government and the international community should regulate the use of AI platforms effectively to prevent cybercrime and global security breaches.

Read Full Article

1 Like

Arstechnica

146

Image Credit: Arstechnica

Ransomware payments declined in 2024 despite massive well-known hacks

Ransomware payments declined in 2024 despite massive well-known hacks.
Ransomware payments fell overall in 2024, dropping more precipitously than ever before in the second half of the year.
According to Chainalysis, ransomware victims' extortion payments totaled $814 million in 2024, a 35% drop from the previous year's record of $1.25 billion.
Hackers collected just $321 million from July through December, the biggest decline in payments between two six-month periods observed by Chainalysis.

Read Full Article

8 Likes

BGR

251

Image Credit: BGR

Crypto-stealing malware found in Apple’s App Store – should you be worried?

Malware infected with a malicious software development kit (SDK) used to steal crypto wallets was discovered on Apple's App Store.
The malware campaign, named SparkCat, utilizes OCR models to extract private information and send it to a command and control server.
The infected apps have been downloaded over 242,000 times on Google Play and are still available.
This is the first known case of an app infected with OCR spyware being found in Apple's official app marketplace.

Read Full Article

15 Likes

TechJuice

397

Image Credit: TechJuice

SparkCat Malware Poses Security Threat to Play Store and App Store Users

Numerous apps on the Google Play Store and Apple App Store have been found to contain a malicious SDK known as SparkCat, posing a serious security threat.
The SparkCat SDK steals cryptocurrency wallet recovery phrases using OCR technology, potentially leading to financial losses for crypto users.
Over 242,000 downloads of the malicious apps have been registered on the Google Play Store.
Android and iOS apps have been affected by the SparkCat malware, with 18 confirmed cases on Android and 10 on iOS.

Read Full Article

23 Likes

Discover more

Gizchina

329

Image Credit: Gizchina

Chinese Hackers Hijack Linux Network Devices via SSH

Chinese hackers, known as Evasive Panda, have found a way to attack Linux-based network devices using SSH daemon.
They use a tool called 'ELF/Sshdinitor.A!tr' to inject malware into systems, allowing them to run hidden tasks and steal data.
The attackers gain extensive control over the infected device, enabling them to execute various commands and use the compromised devices for further attacks.
To mitigate the risk of similar attacks, organizations are advised to regularly update and patch network devices, implement strong authentication mechanisms, monitor SSH logs, and use intrusion detection systems.

Read Full Article

19 Likes

Securityaffairs

164

Image Credit: Securityaffairs

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

The North Korea-linked APT group Lazarus is using a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign.
Scammers are using fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver the JavaScript stealer.
The attackers request personal data and share a fake project repository containing hidden malicious code.
The final payload is a cross-platform stealer that targets popular cryptocurrency wallets and steals browser data and login credentials.

Read Full Article

9 Likes

Macrumors

452

Image Credit: Macrumors

'Stealers' Are an Increasingly Common Mac Malware

MacOS stealers are becoming an increasingly common type of malware on the Mac, according to a report.
These stealers are designed to locate valuable data like credit card details, passwords, and cryptocurrency.
Poseidon, a popular information stealer, is being used to steal cryptocurrency and passwords from Mac users.
To avoid these attacks, it is important to download software from legitimate sources and not imitation websites.

Read Full Article

27 Likes

Macrumors

379

Image Credit: Macrumors

Malware With Screen Reading Code Found in iOS Apps for the First Time

Malware that includes code for reading the contents of screenshots has been found in suspicious App Store apps for the first time.
The malware, known as SparkCat, utilizes OCR capabilities to extract sensitive information captured in screenshots, particularly targeting recovery phrases for cryptocurrency wallets.
The infected apps in the App Store use an OCR plug-in to recognize text within images, which is then sent to a server for the attacker to access.
Kaspersky recommends users to avoid storing screenshots with sensitive information in their Photo Library to protect against this malware.

Read Full Article

22 Likes

BGR

407

Image Credit: BGR

North Korean hackers created new macOS malware disguised as popular app installers

North Korean hackers are using fake job offers hidden in updates to popular apps like Zoom and Google Chrome to invade macOS.
The malware, known as the macOS Ferret family, can still bypass Apple's security measures.
To protect against this malware threat, users should only download official apps from trusted sources and ensure they have the latest macOS update.
Constant vigilance and caution are recommended to avoid falling victim to this ongoing and active campaign.

Read Full Article

24 Likes

TechCrunch

Image Credit: TechCrunch

Ransomware payments dropped in 2024 as victims refused to pay hackers

Ransomware payments fell by more than one-third in 2024 as victims refused to negotiate with hackers.
Crypto forensics firm Chainalysis reported a 35% drop in ransom payments, with hackers receiving $814 million compared to 2023's $1.25 billion.
During the second half of 2024, the sums demanded by cyber gangs were 53% higher than the actual payouts, indicating victims' refusal to meet attackers' demands.
The decline in ransom payments can be attributed to an increase in law enforcement action, disruption of the LockBit ransomware gang, and improved international collaboration.

Read Full Article

2 Likes

Cybersecurity-Insiders

150

Image Credit: Cybersecurity-Insiders

Good news as ransomware pay fell by 35 percent in 2024

Ransomware payments decreased by 35% in 2024 as victims chose not to pay for data decryption.
Only 60% to 70% of ransomware victims opted to pay, while the rest recovered data from backups or sought help from law enforcement for free decryption keys.
Uncertainty around receiving stolen data or deletion by hackers has led to reluctance in paying ransoms.
Law enforcement agencies advising against paying ransoms and the struggles of ransomware operators to liquidate cryptocurrencies contribute to the decrease in ransom payments.

Read Full Article

9 Likes

Guardian

407

Image Credit: Guardian

Global ransomware payments plunge by a third amid crackdown

Ransomware payments fell by over a third to $813m in 2024 as victims refused to pay and law enforcement took action.
The decline in ransomware payments was attributed to improved international collaboration, law enforcement actions, and a growing refusal by victims to meet attackers' demands.
Despite the decrease in payments, ransomware attacks remain prolific and the downward trend is considered fragile.
The market has seen the impact of coordinated international operations targeting ransomware gangs, leading to a shift in the ransomware ecosystem and the emergence of newcomers focusing on smaller targets.

Read Full Article

24 Likes

Securityaffairs

Image Credit: Securityaffairs

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

A malicious campaign called SparkCat has been discovered, targeting crypto wallets.
Malware-laced apps were distributed through official stores and were downloaded over 242,000 times from Google Play.
The malware used OCR technology to scan the victim's gallery for images with recovery phrases to steal access to crypto wallets.
Localized keywords and apps supporting multiple countries were used in this campaign, targeting Android and iOS users in Europe and Asia.

Read Full Article

5 Likes

Securelist

256

Image Credit: Securelist

Take my money: OCR crypto stealers in Google Play and App Store

Google Play and the App Store were infiltrated with malware apps that stole crypto wallet phrases from over 242,000 downloads done by unaware users. This is the first time a stealer had been found in Apple’s App Store.
A team of researchers from ESET discovered the malware implants in various messaging app mods, with some scanning users’ image galleries to search for crypto wallet access recovery phrases.
The malware stretched across both Android and Windows devices, with the scam spreading through unofficial sources.
The “SparkCat” malware campaign was discovered in late 2024 using functions very similar to the messaging app mods for stealing recovery phrases for crypto wallets through apps within the official App Store and Google Play.
A food delivery app in the UAE and Indonesia, named “ComeCome,” was particularly suspect during the investigation, with the malware module literally named “Spark”.
The campaign targeted in particular, crypto wallet recovery phrases, which have the power to provide full control over an individual’s wallet to steal funds.
The malware is also flexible enough to steal other sensitive data from image galleries, such as passwords.
The attackers have not yet been identified, and the malware apps were found in various languages hidden in the official app marketplaces, giving the false impression that permissions requested were necessary for the apps to operate correctly.
The ESET investigation exposes how easy it is for malware to hide inside otherwise legitimate-looking applications and the importance of running a robust security product on all devices.
Users are reminded to avoid storing screenshots with sensitive information in the gallery and to store sensitive information in special apps.

Read Full Article

15 Likes

Pymnts

215

Image Credit: Pymnts

Blockchain’s New Identity Paradigm Helps Reimagine Enterprise Cyber Protection

The convergence of blockchain technology, digital identity solutions, and AI-assisted cybersecurity is helping protect sensitive data, prevent fraud, and ensure compliance.
Traditional cybersecurity measures are struggling to keep pace with advanced threats and AI-powered fraud tactics.
Blockchain-based identity solutions offer a decentralized and tamper-proof approach to security.
However, widespread adoption of blockchain-driven digital identity faces challenges around integration complexity, regulatory uncertainty, user adoption, and scalability.

Read Full Article

12 Likes

For uninterrupted reading, download the app