Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Medium

174

Image Credit: Medium

AMSI Patching Evasion

AMSI is Microsoft's security feature that scans and blocks suspicious PowerShell scripts.
A new technique patches AMSI functions in memory to make the scanner return an error code and allow code execution.
The tool locates the PowerShell process, calculates the memory addresses of critical AMSI functions, and writes a small assembly code patch to bypass scanning.
This technique disables AMSI's scanning capability directly at its source and allows PowerShell code execution without triggering security alerts.

Read Full Article

10 Likes

Dataprivacyandsecurityinsider

353

Image Credit: Dataprivacyandsecurityinsider

Joint Alert Warns of Medusa Ransomware

A joint cybersecurity advisory has been issued by multiple agencies to warn companies about the Medusa ransomware.
Medusa is a ransomware-as-a-service (RaaS) variant that has impacted over 300 victims across various critical infrastructure sectors.
The ransomware gains access through phishing campaigns and exploits unpatched software vulnerabilities.
The threat actors encrypt files with the .medusa extension and communicate with victims through a .onion data leak site.

Read Full Article

21 Likes

Bitcoinist

315

Image Credit: Bitcoinist

Crypto Traders Beware: This Fake TradingView Is Stealing Funds

Hackers are spreading hazardous malware through phony 'cracked' versions of TradingView Premium.
The malware targets cryptocurrency wallets and personal information of crypto traders.
Scammers act as helpful users on cryptocurrency subreddits, luring victims into downloading the malware.
The malware exhibits warning signs such as double-zipped files with password protection, and requests to disable security software.

Read Full Article

18 Likes

Cybersecurity-Insiders

357

Image Credit: Cybersecurity-Insiders

Akira Ransomware encryption breached with cloud computing

An Indonesian programmer successfully decrypted Akira ransomware encryption using cloud computing resources.
The programmer harnessed GPU computing power to crack the encryption algorithm.
This breakthrough offers hope for future victims of ransomware attacks.
The integration of AI-driven approaches and GPU computing resources makes decrypting ransomware more feasible.

Read Full Article

21 Likes

Discover more

Securityaffairs

340

Image Credit: Securityaffairs

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members.
In March 2025, threat actors distributed archived messages through Signal containing a fake PDF report and DarkTortilla malware.
The purpose was to deploy the Dark Crystal RAT (DCRat) remote control software tool, which has modular functionalities for surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.
The attack highlights the broadening attack surface through the use of popular instant messaging apps, bypassing security measures and compromising contacts to increase trust.

Read Full Article

20 Likes

Cybersecurity-Insiders

127

Image Credit: Cybersecurity-Insiders

List of Countries which are most vulnerable to Cyber Attacks

Denmark, Sweden, Ireland, Norway, and Finland have the lowest malware infection rates.
Tajikistan, Bangladesh, China, Vietnam, and Pakistan have the highest malware infection rates.
India, United States, Germany, Brazil, and Russia are the most affected by ransomware attacks.
The United States, Brazil, Germany, and the United Kingdom are most targeted by web application attacks.

Read Full Article

7 Likes

Securityaffairs

333

Image Credit: Securityaffairs

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

WhatsApp has fixed a zero-click, zero-day vulnerability that was used to install Paragon's Graphite spyware on targeted devices.
The hacking campaign targeting 90 users, which was suspected to be carried out by Paragon, an Israeli commercial surveillance vendor.
Citizen Lab group from the University of Toronto shared its analysis of Paragon's infrastructure with WhatsApp, which later discovered and mitigated the exploit.
Citizen Lab identified Paragon's tool 'Graphite' through digital fingerprints and certificates, indicating its global spyware operations involving several countries.

Read Full Article

20 Likes

TechCrunch

294

Image Credit: TechCrunch

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

The Pennsylvania State Education Association (PSEA), a teachers' union, reported a cyberattack that led to the theft of sensitive personal data of over 500,000 members.
The stolen information includes government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial information.
Member account numbers, PINs, passwords, and security codes were also accessed during the breach.
PSEA indicated that they took steps to ensure the stolen data was deleted, but paying a ransom does not guarantee data deletion.

Read Full Article

17 Likes

Socprime

384

Image Credit: Socprime

Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor

China-linked threat groups are prominent in global APT campaigns, with MirrorFace expanding targeting to a European diplomatic agency using the ANEL backdoor in the AkaiRyū operation.
Amid rising geopolitical tensions, APTs pose significant cybersecurity threats, with state-sponsored actors employing zero-day vulnerabilities and advanced malware to infiltrate critical systems.
SOC Prime Platform offers detection algorithms to counter MirrorFace APT attacks, aligned with MITRE ATT&CK framework for seamless integration into security tools.
Security professionals can leverage Uncoder AI to parse and utilize IOCs from ESET's Operation AkaiRyū research for tailored SIEM or EDR queries.
By exploring the Threat Detection Marketplace, defenders can access rules and queries to detect malicious activities associated with state-sponsored APT groups.
MirrorFace's AkaiRyū operation targeted a Central European diplomatic entity in 2024, utilizing tools like AsyncRAT, ANEL backdoor, Visual Studio Code's remote tunnels, and more.
MirrorFace, a China-linked threat actor, has targeted various sectors since 2019 and exhibited advanced TTPs, including spearphishing campaigns and the use of LODEINFO and HiddenFace backdoors.
MirrorFace's operations in 2024 involved spearphishing and the deployment of malicious files through trusted applications, like McAfee and JustSystems, to install the ANEL backdoor.
By erasing evidence and employing techniques like running malware in Windows Sandbox, MirrorFace has enhanced operational security, emphasizing the need for heightened cybersecurity vigilance globally.
The surge in cyber-espionage campaigns by China-backed groups underscores the importance of proactive defense measures and global collaboration to mitigate evolving cyber threats.

Read Full Article

23 Likes

TechJuice

FBI Issues Warning on the Dangers of Free Online File Converters

The FBI has issued a warning about the dangers of using free online file converters.
These tools, while seemingly convenient, have become a gateway for malware infections.
Criminals use these services to distribute hidden malware, putting users' personal and financial data at risk.
To protect yourself, it is advised to use trusted file converters and take security precautions.

Read Full Article

3 Likes

Cybersecurity-Insiders

295

Image Credit: Cybersecurity-Insiders

Browser search can land you into ransomware troubles

Ransomware attacks are now using browser searches to distribute malware.
Fake websites appearing at the top of search results trick users looking for pirated software or cryptocurrency wallets.
Malicious files downloaded from these sites can steal sensitive information and alter cryptocurrency wallet addresses.
Experts advise being cautious when browsing, not clicking on suspicious links, and avoiding password reuse across accounts.

Read Full Article

17 Likes

Dev

291

Image Credit: Dev

Windows Security Alert: Signs of a Hack & How to Remove Malware

Windows OS being targeted by hackers is a common concern, requiring immediate action when a hack is suspected.
Steps to contain a hack include disconnecting the system from the internet, quarantining the affected machine, and changing passwords on a separate device.
Investigation involves checking for unknown users, recent logins, network connections, and scanning for malware/rootkits.
Recovery involves removing threats, restoring the system, and reinstalling Windows if necessary.
To strengthen security, enabling multi-factor authentication, updating software, using a firewall, and monitoring for threats are recommended.
In case of a serious breach, contacting cybersecurity professionals and authorities is advised.
Taking back control of a hacked Windows PC involves quick detection, malware removal, and proactive security measures.
Keeping systems updated, using strong passwords, running scans, and enabling firewalls are key to preventing hacks.
By staying vigilant and proactive, users can safeguard their Windows PCs against cyber threats and maintain data security.
Securing personal information and minimizing vulnerabilities are essential practices in the face of evolving cybersecurity challenges.
Being aware, informed, and prepared is crucial in maintaining a secure digital presence and protecting against potential hacks.

Read Full Article

17 Likes

Siliconangle

223

Image Credit: Siliconangle

Flashpoint report highlights rising cyberthreats, with infostealers and ransomware leading the way

A new report from Flashpoint highlights major cyberthreats shaping 2025, with infostealers, ransomware, and vulnerabilities leading the way.
The report reveals a 33% increase in credential theft year-over-year, with over 3.2 billion credentials stolen through 2024.
Ransomware attacks increased by 10% in 2024, with five major ransomware groups accounting for nearly half of all incidents.
Vulnerabilities increased by 12% last year, with more than 39% of them being publicly available exploits.

Read Full Article

13 Likes

Securityaffairs

Image Credit: Securityaffairs

New StilachiRAT uses sophisticated techniques to avoid detection

Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection.
StilachiRAT is a sophisticated RAT designed for stealth, persistence, and data theft.
The malware supports functionalities to steal credentials, digital wallet data, clipboard content, and system information.
StilachiRAT employs advanced evasion methods and targets cryptocurrency wallet extensions.

Read Full Article

3 Likes

TechCrunch

167

Image Credit: TechCrunch

Hackers are exploiting Fortinet firewall bugs to plant ransomware

Hackers linked to the LockBit gang are exploiting Fortinet firewall vulnerabilities to carry out ransomware attacks on company networks.
The hackers are specifically using two vulnerabilities, CVE-2024-55591 and CVE-2025-24472, to breach the networks and deploy a custom ransomware strain called 'SuperBlack.'
Forescout Research has investigated three attacks, and there may be others, with the hackers selectively encrypting file servers after exfiltrating data.
The threat actor, Mora_001, shows close ties to the previously disrupted LockBit ransomware gang.

Read Full Article

10 Likes

For uninterrupted reading, download the app