menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securelist

7d

read

141

img
dot

Image Credit: Securelist

Download a banker to track your parcel

  • The Android banking Trojan Mamont is now being distributed on a number of websites that offer high-value goods for cheap to businesses and individuals.
  • This is the latest attempt by criminals to distribute Mamont, which had previously been disseminated via a neighborhood chat groups or unknown messaging contacts.
  • Criminals have set up a dedicated private Telegram chat to instruct users to DM their agent to place an order. On delivery, no prepayment is required.
  • The criminals then send a tracking number to the app and attach a tracking number to download a fake parcel tracking app.
  • When installed, the Mamont banking Trojan requests permission to access a wide range of personal data, as well as initiating malicious services designed to harvest data useful for social engineering hacks to extract money, and hijack users' push notifications.
  • The cybercriminals running this Mamont campaign exclusively target Android phone users in Russia.
  • Kaspersky Security Network (KSN) telemetry data consensually provided by users revealed more than 31,000 Mamont attacks disguised as a parcel-tracking app in October and November 2024.
  • In conclusion, businesses and individuals should avoid clicking on links from unknown sources, beware of generous offers and only download apps from trusted sources.
  • To prevent Mamont from infecting devices, Kaspersky recommends using a reliable security solution.
  • If you want to check for indicators of compromise, the C2 server is at apisys003[.]com, and the MD5 for the Mamont Trojan is 12936056e8895e6a662731c798b27333.

Read Full Article

like

8 Likes

source image

Securityaffairs

1w

read

292

img
dot

Image Credit: Securityaffairs

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

  • Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone.
  • Amnesty International discovered that Serbian authorities used the Cellebrite tool to unlock and extract data from the journalist's device without consent.
  • They also found the presence of NoviSpy spyware, which can extract personal data and activate the device's microphone and camera.
  • The spyware deployment utilized the Cellebrite unlocking process and is linked to the Serbian intelligence agency and government.

Read Full Article

like

17 Likes

source image

Socprime

1w

read

406

img
dot

Image Credit: Socprime

UAC-0099 Attack Detection: Cyber-Espionage Activity Against Ukrainian State Agencies Using WinRAR Exploit and LONEPAGE Malware

  • The UAC-0099 hacking collective has been launching cyber-espionage attacks against Ukraine, with a spike in malicious activity observed throughout November-December 2024 targeted at Ukrainian government entities.
  • The group has been using phishing as an attack vector and spreading LONEPAGE malware.
  • The continuous rise in cyberattacks against government agencies in Ukraine calls for stronger defense measures against CVE-2023-38831 exploitation and LONEPAGE malware distribution.
  • The latest CERT-UA alerts focus on UAC-0099's adversary operations that span November and December 2024.
  • All detections are mapped to the MITRE ATT&CK® framework to enhance threat research, including CTI and other important metadata.
  • In addition, teams can accelerate IOC packaging and retrospective hunting of the group's TTPs.
  • The UAC-0099 group has been observed launching cyberattacks against forestry departments, forensic institutions, factories, and public sector agencies.
  • The group uses phishing emails, containing attachments in the form of double archives with LNK or HTA files. Some archives include an exploit for the known WinRAR vulnerability CVE-2023-38831. Once successfully compromised, the LONEPAGE malware executes on the affected machines, enabling command execution.
  • Leveraging MITRE ATT&CK helps security teams gain insight into UAC-0099 TTPs used in cyber-espionage campaigns against Ukraine.
  • The expanding scope of UAC-0099's cyber-espionage campaigns, combined with its shifting methods, tools, and targets, highlights the critical need for improved cyber vigilance to counter the group's adaptability effectively.

Read Full Article

like

24 Likes

source image

Cybersafe

1w

read

58

img
dot

Image Credit: Cybersafe

Clop Ransomware claims responsibility for Cleo Data Breaches

  • The Clop ransomware gang has claimed responsibility for the recent data breaches targeting Cleo's file transfer platforms.
  • Cleo, a provider of managed file transfer solutions, had patched a vulnerability (CVE-2024-50623) in October.
  • However, the patch was incomplete and cybercriminals continued to exploit the flaw to steal data using a JAVA backdoor.
  • The Clop ransomware group has been increasingly targeting secure file transfer platforms to conduct data theft.

Read Full Article

like

3 Likes

source image

Securelist

1w

read

377

img
dot

Image Credit: Securelist

Dark web threats and dark market predictions for 2025

  • AV evasion tools for malware have become more popular as developers have incorporated new ways to evade security solutions. There has been a shift towards private solutions ranging from $100 for monthly subscriptions to $20,000 for premium ones.
  • Loader malware family has witnessed a surge in the number of services. They exhibit broad capabilities, from mass-distributed to specialized loaders.
  • Crypto asset-draining services are still increasing, with drainers aimed at stealing victims’ tokens and NFTs.
  • Black traffic schemes continue to remain popular on underground markets, posing a threat to online users.
  • The number of services advertising cryptocurrency “cleaning” solutions has not seen a significant increase in 2024.
  • The year 2025 may witness an increase in data breaches via contractors. The dark web has seen an increase in the frequency of corporate database advertisements.
  • Cybercriminals may migrate from Telegram to the dark web forums in search of better data trading resources. We may see an increase in high-profile law enforcement operations against cybercrime groups.
  • Stealers and drainers will continue to be promoted as services on the dark web.
  • We may see ransomware groups fragmenting into smaller independent entities next year. The number of Dedicated Leak Sites (DLS) grew 1.5 times compared to 2023.
  • The Middle East is a potential hotbed for cyber threats like hacktivism and ransomware with an increase in hacktivist movements.
  • Many successful operations against cybercrime in the year 2024 have highlighted the coordination and collaboration between law enforcement and cybersecurity organizations.

Read Full Article

like

22 Likes

source image

Cybersecurity-Insiders

1w

read

339

img
dot

Image Credit: Cybersecurity-Insiders

Cybersecurity News Headlines Trending on Google

  • Tech giants like Google, Amazon, Microsoft, and Facebook are leading the adoption of passkey security technology.
  • Long-lived credentials pose a serious security threat to cloud service providers and require regular rotation and management.
  • Mastercard introduces biometric Payment Passkey Service in Latin America, aiming to phase out traditional passwords by 2030.
  • Iran-linked IOCONTROL malware targets critical infrastructure in the US and Israel, posing a surveillance and disruption threat.

Read Full Article

like

20 Likes

source image

Siliconangle

1w

read

311

img
dot

Image Credit: Siliconangle

Rhode Island’s RIBridges system breached in cyberattack targeting personal data

  • Rhode Island’s RIBridges system has been breached in a cyberattack.
  • Unknown threat actor stole personal data and is demanding payment.
  • Data stolen includes names, addresses, dates of birth, Social Security numbers, and banking information.
  • Rhode Island is providing free credit monitoring and assistance to affected individuals.

Read Full Article

like

18 Likes

source image

Pymnts

1w

read

33

img
dot

Image Credit: Pymnts

Rhode Island Benefits Portal Hit by Ransomware Attack

  • Rhode Island’s public benefits system has been targeted in a ransomware attack.
  • Hackers breached the online system and have threatened to disclose users’ personal information unless they get a payment.
  • The online portal, known as RIBridges, has been shut down to deal with the threat.
  • Users are advised to change passwords and set up two-factor authentication protocols.

Read Full Article

like

2 Likes

source image

Securityaffairs

1w

read

8

img
dot

Image Credit: Securityaffairs

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

  • Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware.
  • IOCONTROL is a custom-built, modular malware used to target devices in critical infrastructure.
  • Multiple device families were affected, including IP cameras, routers, PLCs, and firewalls.
  • The malware is believed to be part of a global cyber operation against western IoT and OT devices.

Read Full Article

like

Like

source image

Securityaffairs

1w

read

284

img
dot

Image Credit: Securityaffairs

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

  • The German agency BSI has sinkholed a botnet composed of 30,000 devices infected with BadBox malware pre-installed.
  • The BSI blocked communication between the infected devices and the C2 server, isolating the malware.
  • BadBox malware conducts ad fraud, creates email accounts for spreading disinformation, and operates as a residential proxy.
  • At least 74,000 Android-based devices worldwide were shipped with the backdoored firmware.

Read Full Article

like

17 Likes

source image

Securityaffairs

1w

read

280

img
dot

Image Credit: Securityaffairs

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

  • The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.
  • Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon, making them the first known mobile malware families linked to the Russian APT.
  • BoneSpy and PlainGnome were used in attacks against Russian-speaking victims in former Soviet states, likely due to strained relations post-Ukraine invasion.
  • Both BoneSpy and PlainGnome collect various data from infected devices and show similarities in infrastructure, techniques, and targeting, leading researchers to conclude that they are operated by Gamaredon.

Read Full Article

like

16 Likes

source image

Securityaffairs

1w

read

379

img
dot

Image Credit: Securityaffairs

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

  • Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout.
  • The surveillance tool, known as EagleMsgSpy, has been active since 2017 and requires physical access to the target device to initiate operations.
  • EagleMsgSpy collects extensive data from victim devices, including messages from various apps, screen recordings, audio, contacts, call logs, GPS coordinates, and more.
  • The surveillance tool is developed and maintained by Wuhan Chinasoft Token Information Technology Co., Ltd. and is believed to be used by several public security bureaus in mainland China.

Read Full Article

like

22 Likes

source image

Siliconangle

1w

read

337

img
dot

Image Credit: Siliconangle

Rubrik introduces Turbo Threat Hunting for faster cyber recovery

  • Rubrik Inc. has launched Turbo Threat Hunting, a feature designed to accelerate cyber recovery and locate clean recovery points in seconds.
  • Turbo Threat Hunting allows organizations to quickly identify clean recovery points and recover from cyber incidents with minimal disruption.
  • The feature allows scanning up to 75,000 backups in less than 60 seconds, eliminating the need for file-by-file scanning and reducing recovery time.
  • Turbo Threat Hunting is now available in beta for Rubrik Enterprise Edition and cloud customers.

Read Full Article

like

20 Likes

source image

Securelist

1w

read

401

img
dot

Image Credit: Securelist

Careto is back: what’s new after 10 years of silence?

  • The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007.
  • Kaspersky researchers have found traces of The Mask recently, identifying several cyberattacks that have been conducted by the threat actor.
  • One attack targeted an organization in Latin America in 2022, and the researchers established that attackers gained access to its MDaemon email server.
  • The researchers further discovered that attackers maintained persistence inside the organization using a unique method involving the MDaemon webmail component called WorldClient.
  • The persistence method used by the threat actor was based on WorldClient allowing loading of extensions that handle custom HTTP requests from clients to the email server.
  • The malicious extension installed by attackers implemented a set of commands associated with reconnaissance, performing file system interactions and executing additional payloads.
  • The attackers used scheduled tasks to launch files that would configure the malware to persist on compromised devices, and they leveraged COM hijacking via the CLSID.
  • The malware deployed by The Mask uses cloud storages for exfiltration and propagates across system processes.
  • Researchers attribute the attacks observed in 2022 and 2024 with medium to high confidence to The Mask.
  • The Kaspersky researchers have attributed previous attacks by The Mask as well, due to file names used by the malware and overlaps in TTPs.

Read Full Article

like

24 Likes

source image

Securityaffairs

1w

read

260

img
dot

Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

  • Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor.
  • Secret Blizzard leveraged the Amadey bot malware to infiltrate devices used by the Ukrainian military.
  • The group has a strategy of blending cybercrime with targeted cyber-espionage activities.
  • Microsoft is investigating how Secret Blizzard gained control of other threat actors' access to deploy its own tools.

Read Full Article

like

15 Likes

For uninterrupted reading, download the app