menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Malware News

Malware News

source image

Securityaffairs

3w

read

330

img
dot

Image Credit: Securityaffairs

15 SpyLoan Android apps found on Google Play had over 8 million installs

  • 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa.
  • SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss.
  • The researchers reported the apps to Google who notified the developers that their apps violate Google Play policies. Some apps were suspended by Google from Google Play while others were updated by the developers.
  • SpyLoan activity has surged, with malicious apps and infected devices increasing over 75% from Q2 to Q3 2024, highlighting their growing mobile threat presence.

Read Full Article

like

19 Likes

source image

Securityaffairs

3w

read

171

img
dot

Image Credit: Securityaffairs

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

  • Russian authorities arrested a ransomware affiliate, Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups.
  • The man was arrested in Kaliningrad, Russia, links to Lockbit, Conti, and BABUK operations were found.
  • Matveev faces charges under Russian law for creating malicious programs.
  • In May 2023, Matveev was charged by the US Justice Department for his alleged role in multiple ransomware attacks.

Read Full Article

like

10 Likes

source image

Socprime

3w

read

308

img
dot

Image Credit: Socprime

HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe

  • TAG-110 (UAC-0063) cyber-espionage campaign targets organizations in Asia and Europe
  • Adversaries use HATVIBE and CHERRYSPY malware tools to target state bodies, human rights organizations, and educational sector
  • TAG-110 group leverages Ukraine as a testing ground for new attack tactics before expanding to global targets
  • Organizations advised to patch security flaws, enforce multi-factor authentication, and improve cybersecurity awareness to mitigate threats

Read Full Article

like

18 Likes

source image

Hackernoon

3w

read

357

img
dot

Image Credit: Hackernoon

Why Are Hospital Ransomware Attacks Becoming More Frequent Globally? The UN Met to Discuss

  • Hospital ransomware attacks are on the rise, leading healthcare administrators to invest in or update their cyberattack insurance policies.
  • The issue has become so concerning that the United Nations Security Council recently met to discuss updated digital privacy and cybersecurity guidelines and how to reduce attacks.
  • Over 33% of healthcare institutions were ransomware victims in 2020, with one-third of those paying the ransom.
  • Ransomware has been around for decades, but the recent surge in attacks has been fueled by cryptocurrencies and increased sophistication in AI-driven automation.
  • Gangs of hackers use AI for victim reconnaissance and identifying weak points and loopholes in AI-generated defence systems.
  • Medical devices are easier targets for ransomware because they are not yet equipped with adequate defence systems as better-protected networked computer systems.
  • Ransomware threats to health institutions must carry the same severe federal penalties as those that occur beyond networks and computerized frameworks.
  • Vigilance in expert staff hiring and elevated adherence to advanced cybercrime security integration is essential to all hospital policies.
  • The UN has highlighted the need for change and progress, but a greater understanding of the severity and potential consequences is needed.

Read Full Article

like

21 Likes

source image

Securelist

3w

read

242

img
dot

Image Credit: Securelist

IT threat evolution in Q3 2024. Non-mobile statistics

  • In Q3 2024, Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources.
  • Ransomhub was the most prolific ransomware gang, which accounted for 17.75% of all victims.
  • Kaspersky security solutions successfully defended 90,423 individual users from ransomware attacks from July through September 2024.
  • PolyRansom/VirLock was among the top ten most common families of ransomware Trojans.
  • In Q3 2024, Kaspersky solutions detected 15,472 new miner variants, or twice fewer than in Q2.
  • We observed a 12% decline in miner-related attacks during the third quarter.
  • Password stealers were the third quarter’s most noteworthy findings associated with attacks on macOS users.
  • In Q3 2024, Kaspersky solutions blocked 652,004,741 attacks from online resources located around the world.
  • Kaspersky File Anti-Virus detected 23,196,497 malicious and potentially unwanted objects.
  • Overall, 13.53% of user computers globally faced at least one Malware-type local threat during Q3.

Read Full Article

like

14 Likes

source image

Securelist

3w

read

176

img
dot

Image Credit: Securelist

IT threat evolution in Q3 2024. Mobile statistics

  • In Q3 2024, over 6.7 million attacks including malware, adware and potentially unwanted apps were prevented on mobile devices by Kaspersky Security Network.
  • 36% of threats were adware, while 17,822 out of 222,000 installation packages were linked to mobile banking Trojans, and 1576 packages were mobile ransomware Trojans.
  • There was a 13% drop in mobile attacks from the previous quarter. The adware AdWare.AndroidOS.HiddenAd was the main cause of the decline.
  • In Q3 we detected xHelper Trojan which installs various apps on your phone unbeknownst to the user. Many apps were infected with the Necro Trojan which performs any action on the compromised device.
  • The number of detected Android malware and potentially unwanted app samples also decreased in Q3 to 222,444.
  • Adware (36.28%) and riskware classified as RiskTool (23.90%) dominated the landscape of installed software packages.
  • Compared to the previous quarter, there was a significant decrease in the number of installation packages for the BrowserAd.
  • The generalized cloud verdict of DangerousObject.Multi.Generic took the top spot, followed by WhatsApp mods with embedded Triada modules and the Fakemoney phishing app.
  • Trojan-Banker.AndroidOS.UdangaSteal.f was the 6th most hazardous mobile banking Trojan in Q3, attacking users in Indonesia.
  • Mobile banking Trojans installation packages reached 17,822 in Q3, with the majority belonging to the Mamont family.

Read Full Article

like

10 Likes

source image

Securelist

3w

read

92

img
dot

Image Credit: Securelist

IT threat evolution Q3 2024

  • In Q3 2024, a new APT malware called CloudSorcerer was discovered targeting Russian government organizations. CloudSorcerer functions as separate modules – for communication and data collection, but executes from a single executable.
  • In August, Blind Eagle, a threat actor targeting government, finance, energy, oil and gas and other sectors in Latin America, launched a new campaign using DLL side-loading.
  • Tropic Trooper, active since 2011, initiated a series of persistent campaigns targeting a government body in the Middle East in June 2023.
  • The Twelve and BlackJack groups emerged as hacktivist groups targeting Russian government organizations and institutions in late 2023 and 2024 with overlapping TTPs.
  • Cybercriminals boosting the business of ransomware can find leaked ransomware variants online, buy ransomware on the dark web, or become an affiliate of a ransomware group.
  • In June, a macOS version of the HZ Rat backdoor was discovered, being used to target users of the enterprise messenger DingTalk and the social networking and messaging platform WeChat.
  • The Kaspersky Global Emergency Response Team (GERT) identified a complex campaign consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals called Tusk.
  • A new RAT called SambaSpy was discovered in May, exclusively targeting victims in Italy, using phishing emails disguised as messages from a real estate agency.
  • Head Mare, a hacktivist group targeting organizations in Russia and Belarus, maintains a public account on a social network, posting information about its victims. The group also deploys LockBit and Babuk ransomware.
  • Loki, a previously unknown backdoor, was discovered in July, being used in a series of targeted attacks against Russian companies in various industries.

Read Full Article

like

5 Likes

source image

Cybersecurity-Insiders

3w

read

145

img
dot

Image Credit: Cybersecurity-Insiders

HawkEye Malware: Technical Analysis

  • HawkEye, also known as PredatorPain, is a malware categorized as a keylogger but has adopted new functionalities that align it with the capabilities of other tools like stealers.
  • HawkEye emerged before 2010 and gained significant popularity starting in 2013 after several spearphishing campaigns.
  • Although it is not one of the most widely used malwares, it remains in active use and saw a significant resurgence during the COVID period.
  • To conduct a quick analysis of HawkEye, ANY.RUN's Interactive Sandbox is used to extract critical data quickly.
  • HawkEye's delivery methods are diverse compared to other malware but execution and behavior have remained consistent over the years.
  • One of the dropped files, the smaller one, acts as the injector. The injector includes a phase where it checks running processes to detect analysis tools or whether the process is already running.
  • HawkEye is not just a malware that establishes persistence once as it has been observed to check and establish persistence up to three different times depending on the phases.
  • HawkEye carries out various functions such as keylogging, system information gathering, credential theft, screenshot capture, etc. once injected into vbc.exe or other processes.
  • The builder provides a multitude of configuration options, allowing the attacker to choose where to send the stolen information, what to collect, whether to check for certain tools and change the payload data to make it appear legitimate.
  • HawkEye has incredible versatility and longevity, making it a tremendously powerful and easy-to-use tool which unfortunately will continue to be seen in security incidents from actors of all types.

Read Full Article

like

8 Likes

source image

Cybersecurity-Insiders

3w

read

119

img
dot

Image Credit: Cybersecurity-Insiders

Ransomware spreading through Microsoft Teams

  • Black Basta ransomware is spreading file-encrypting malware through Microsoft Teams.
  • The group impersonates IT support personnel to trick users into revealing login information.
  • This new strategy marks a shift from their previous methods of spam and social engineering.
  • Microsoft advises users to be cautious of suspicious messages and verify sender's identity through other channels.

Read Full Article

like

7 Likes

source image

Securityaffairs

3w

read

225

img
dot

Image Credit: Securityaffairs

Bootkitty is the first UEFI Bootkit designed for Linux systems

  • ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty.
  • Bootkitty allows attackers to disable the kernel’s signature verification feature and preload two unknown ELF binaries via the Linux init process.
  • The bootkit, named bootkit.efi, is a UEFI application that can bypass UEFI Secure Boot by patching integrity verification functions in memory.
  • Bootkitty marks an advancement in the UEFI threat landscape for Linux systems, emphasizing the importance of enabling UEFI Secure Boot and keeping system firmware and OS up-to-date.

Read Full Article

like

13 Likes

source image

Medium

3w

read

261

img
dot

Image Credit: Medium

Hide Payload in Alternate Data Streams with a Kernel Driver

  • An Alternate Data Stream (ADS) is a feature of the NTFS file system in Windows that allows multiple streams of data to be associated with a single file.
  • Malware developers leverage ADS to hide payloads or information while remaining concealed.
  • By leveraging ADS, malware can effectively hide its components without being detected by traditional file browsing methods, bypassing many security solutions.
  • The use of ADS in malware development remains a powerful method for hiding payloads and understanding how to manipulate these streams can provide valuable insight into offensive and defensive cybersecurity practices.

Read Full Article

like

15 Likes

source image

Arstechnica

3w

read

35

img
dot

Image Credit: Arstechnica

Found in the wild: The world’s first unkillable UEFI bootkit for Linux

  • Researchers at ESET have discovered Bootkitty, the world's first unkillable UEFI bootkit for Linux.
  • Bootkitty was uploaded to VirusTotal and appears to be a proof-of-concept bootkit, lacking the capability to infect all Linux distributions other than Ubuntu.
  • No evidence of actual infections in the wild has been found so far.
  • The discovery suggests that threat actors may be actively developing a Linux version of an unkillable bootkit, similar to those found in Windows machines.

Read Full Article

like

2 Likes

source image

Neuways

3w

read

185

img
dot

Image Credit: Neuways

Black Friday Alert: Beware of Sophisticated Tech Support Scams

  • Tech support scams are a persistent and increasingly sophisticated threat as Black Friday approaches.
  • These scams involve fraudsters impersonating trusted tech companies to trick victims into handing over money or personal details.
  • Scammers use tactics like cold calls or pop-up warnings to initiate the scams and often request remote access to steal data or install malware.
  • To protect yourself, ignore unsolicited calls, never allow remote access, and be cautious of fake pop-ups. Keep software updated and contact trusted sources for tech support.

Read Full Article

like

11 Likes

source image

Cybersecurity-Insiders

3w

read

208

img
dot

Image Credit: Cybersecurity-Insiders

Illegal Movie Piracy Streaming service taken down and malware spread investigation impending

  • A major illegal piracy streaming service was dismantled in a joint operation led by Italy’s Postal and Cybersecurity Police Service, in collaboration with Europol, Eurojust, and a specialized cyber team connected to the UK’s National Cyber Security Centre (NCSC).
  • The investigation revealed that the service was being exploited to distribute malware, and raids were conducted in multiple countries, leading to the arrest of 96 individuals.
  • The dismantled service had over 22 million users and earned approximately $265 million monthly, posing a serious threat to the global movie industry.
  • Pirated movie streaming services can compromise devices, monitor activities, steal sensitive information, and deliver malicious payloads.

Read Full Article

like

12 Likes

source image

Securityaffairs

3w

read

261

img
dot

Image Credit: Securityaffairs

Operation Serengeti: INTERPOL arrested 1,006 suspects in 19 African countries

  • Operation Serengeti, a joint law enforcement operation between INTERPOL and AFRIPOL, resulted in the arrest of 1,006 suspects across 19 African countries.
  • During the operation, 134,089 malicious infrastructures and networks were dismantled.
  • The operation targeted ransomware, business email compromise (BEC), digital extortion, and online scams.
  • The total financial losses caused by these cybercrimes amounted to USD 193 million.

Read Full Article

like

15 Likes

For uninterrupted reading, download the app