A naukri.com initiative
Malware News
Securityaffairs
3w
137
Image Credit: Securityaffairs
New Eleven11bot botnet infected +86K IoT devices
- The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs).
- The botnet has targeted various sectors, including communications service providers and gaming hosting infrastructure, and has used a variety of attack vectors.
- GreyNoise researchers have flagged 305 IP addresses as malicious, with 61% of them originating from Iran.
- Shadowserver Foundation has discovered approximately 86,400 infected devices, with the highest number in the US and the United Kingdom.
Read Full Article
8 Likes
Socprime
4w
336
Image Credit: Socprime
Detect Hellсat Ransomware Attacks: New Ransomware-as-a-Service Threat Group Targeting а Variety of High-Profile Organizations Globally
- Hellcat is a newly identified Ransomware-as-a-Service (RaaS) threat group targeting critical national infrastructure, major corporations, and government entities globally.
- The group has launched attacks on organizations like Schneider Electric, Telefónica, Pinger, and Israel’s Knesset, creating concerns for cybersecurity.
- Proactive detection is crucial due to the prevalence of ransomware attacks, with Cybersecurity Ventures estimating attacks every two seconds by 2031.
- SOC Prime Platform offers real-time threat intelligence and detection rules to help identify potential Hellcat ransomware intrusions early on.
- Security professionals can access a dedicated rule stack for Hellcat ransomware attacks and explore detections compatible with various security solutions.
- Hellcat operators use sophisticated techniques such as phishing, PowerShell infection chains, and custom ransomware payloads to infiltrate and encrypt data.
- The group demonstrates a high level of operational security by employing secure communication tools and exfiltration tactics to evade detection.
- There seems to be an overlap in ransomware payloads and ransom notes between Hellcat and Morpheus, suggesting a potential connection or shared source code.
- Recently, Hellcat announced the theft of internal documents from Orange Group, reinforcing the need for robust cybersecurity measures and threat detection.
- To combat ransomware attacks effectively, leveraging tools like the SOC Prime Platform and Uncoder AI can enhance detection and response capabilities.
Read Full Article
20 Likes
Cybersecurity-Insiders
4w
217
Image Credit: Cybersecurity-Insiders
CISA issues warning against Qilin ransomware group
- The Cybersecurity and Infrastructure Security Agency (CISA) clarifies that the US has not halted surveillance operations against Russia and its affiliated threat groups.
- CISA issues an urgent warning about the Qilin Ransomware Group, a Russian-speaking cybercriminal syndicate, which recently targeted hospital databases in London and disrupted operations at a major US-based newspaper publisher.
- The Qilin Ransomware Group has expanded its operations internationally, targeting a prominent cancer treatment facility in Japan and stealing approximately 135GB of data.
- Authorities and organizations are working to raise awareness, provide guidance, and enhance cybersecurity measures to protect against such malicious activities.
Read Full Article
13 Likes
Securityaffairs
4w
199
Image Credit: Securityaffairs
Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
- A mass exploitation campaign originating from Eastern Europe has targeted ISPs in China and the U.S. West Coast.
- The threat actors gain access through weak credential brute-force and deploy info stealers and crypto miners.
- The malware disables remote access and uses PowerShell to drop binaries and disable security features.
- The campaign focuses on ISPs in China and the U.S. West Coast, and the malware sends data to its C2 server via a Telegram bot.
Read Full Article
11 Likes
Securelist
4w
199
Image Credit: Securelist
Mobile malware evolution in 2024
- In 2024, there were 33.3 million attacks involving mobile malware, adware, or unwanted software prevented by Kaspersky Security Network.
- Adware accounted for 35% of total detections, making it the most common mobile threat.
- 1.1 million malicious installation packages were detected, with nearly 69,000 linked to mobile banking Trojans.
- Cybercriminals targeted mobile devices with 2.8 million monthly attacks, totaling 33,265,112 attacks blocked in 2024.
- New distribution schemes for banking Trojans like Mamont and NFC banking scams were identified, targeting users in Russia and the Czech Republic.
- Several new preinstalled malicious apps were discovered, including the LinkDoor backdoor and SparkCat implant targeting Android users primarily for cryptocurrency theft.
- The year saw a rise in banking Trojans and fraudulent apps on platforms like Google Play and the App Store.
- Region-specific threats were prominent in countries like Turkey and India, with banking Trojans being a common type of attack.
- The number of unique malware installation packages decreased in 2024, but mobile banking Trojan activity continued to increase.
- Despite a decline in unique installation packages, cybercriminals focused on distributing the same malware to a larger number of victims.
Read Full Article
12 Likes
Securityaffairs
4w
84
Image Credit: Securityaffairs
Serbian student activist’s phone hacked using Cellebrite zero-day exploit
- Amnesty International reported that a Cellebrite zero-day exploit was used to unlock the Android smartphone of a Serbian activist.
- The exploit involved a zero-day exploit chain targeting Android USB drivers developed by Cellebrite, impacting over a billion Android devices.
- Google patched vulnerabilities identified in the Cellebrite zero-day exploit chain in Android's February 2025 update and the Linux kernel.
- The exploit targeted Linux kernel USB drivers, allowing physical access to bypass Android lock screens and gain privileged access.
- Serbian police used the Cellebrite exploit to unlock a student activist's Samsung Galaxy A32 and install an unknown Android application, likely NoviSpy spyware.
- Amnesty International documented the incident of the activist being detained, interrogated, and having his phone exploited by Serbian authorities.
- Cellebrite suspended its technology provision to Serbia following reports of abuse by local police, as confirmed by an Amnesty International report.
- The Security Lab at Amnesty International emphasized the importance of investigating and holding accountable those misusing digital forensic technology.
- According to Donncha Ó Cearbhaill, further exports of surveillance technology to Serbia should be halted until proper oversight is in place to protect privacy and rights.
Read Full Article
5 Likes
Securityaffairs
4w
350
Image Credit: Securityaffairs
Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
- The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, stealing 350GB of data.
- Lee Enterprises, Inc. is a publicly traded American media company with 79 newspapers in 25 states.
- Qilin ransomware gang threatened to leak the stolen data on March 5.
- Qilin is a Russian-speaking cybercrime group operating a Ransomware-as-a-Service (RaaS) model since 2022.
Read Full Article
21 Likes
Securityaffairs
4w
244
Image Credit: Securityaffairs
Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION
- Ransomware gangs exploited a Paragon Partition Manager BioNTdrv.sys driver zero-day.
- Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service.
- Enhanced capabilities sustain the rapid growth of Vo1d botnet.
- China-linked threat actors stole 10% of Belgian State Security Service's staff emails.
- Criminal group UAC-0173 targets the Notary Office of Ukraine.
- DragonForce Ransomware group targeted Saudi Arabia.
- New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus.
- GitVenom campaign targets gamers and crypto investors posing as fake GitHub projects.
- Lazarus APT stole $1.5B from Bybit, the largest cryptocurrency heist ever.
- Australia bans Kaspersky over national security concerns.
Read Full Article
14 Likes
Securityaffairs
4w
400
Image Credit: Securityaffairs
Ransomware gangs exploit a Paragon Partition Manager BioNTdrv.sys driver zero-day
- Microsoft warns of a Paragon Partition Manager BioNTdrv.sys driver zero-day flaw actively exploited by ransomware gangs in attacks.
- The IT giant reported that one of the discovered vulnerabilities (CVE-2025-0289) is currently being exploited by ransomware groups in zero-day attacks.
- Paragon Software has released an update (BioNTdrv.sys v2.0.0) to address the vulnerabilities.
- Users are advised to update Paragon Partition Manager and enable Windows' Vulnerable Driver Blocklist for protection.
Read Full Article
24 Likes
Cryptopotato
4w
355
Image Credit: Cryptopotato
Chainalysis Report Reveals Rising Sophistication in Crypto Crime
- The 2025 crypto crime report by Chainalysis highlights the rising sophistication of criminal activities.
- Stablecoins have overtaken Bitcoin as the primary currency for illicit crypto transactions, accounting for 63% of such activities.
- Ransomware payments have declined by 35% in 2024, attributed to law enforcement crackdowns and reduced willingness to pay.
- Crypto theft increased by 21% in 2024, reaching $2.2 billion, with North Korean hackers responsible for 61% of the thefts.
Read Full Article
21 Likes
Digitaltrends
4w
432
Image Credit: Digitaltrends
Nearly 1.6 million Android TV devices have been infected by Vo1d malware
- A new variant of the Vo1d botnet has infected nearly 1.6 million Android TV devices globally
- Active bot numbers have come down from the peak, but there was a surge in infections in February
- Brazil, South Africa, Indonesia, and Argentina have the highest infection rates
- Experts recommend updating firmware, using Google Play store for apps, and following safe security practices
Read Full Article
26 Likes
Securityaffairs
4w
374
Image Credit: Securityaffairs
Enhanced capabilities sustain the rapid growth of Vo1d botnet
- Operators behind the Vo1d botnet have enhanced its capabilities, enabling rapid growth in recent months.
- The Vo1d botnet infected nearly 1.3 million Android-based TV boxes in 197 countries, acting as a backdoor for downloading and installing third-party software.
- The infections were most prevalent in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
- The Vo1d botnet has improved its stealth and resilience, utilizing RSA encryption, hardcoded and DGA-based Redirector C2s, and optimized payload delivery for harder detection.
Read Full Article
22 Likes
Silicon
4w
187
Image Credit: Silicon
Ransomware Attacks Reach Record-Breaking Levels In 2024 – BlackFog
- In 2024, BlackFog's State of Ransomware Report highlighted a significant increase in data exfiltration, accounting for 94% of all attacks.
- LockBit and RansomHub were the dominant ransomware variants, affecting a large number of victims in 2024.
- LockBit remained active, with May 2024 being particularly busy, while RansomHub emerged as a threat in February 2024.
- Various sectors, such as healthcare, government, and education, were heavily targeted by ransomware attacks.
- Ransom demands by financially motivated groups like Medusa exceeded $40 million, highlighting the financial impact of attacks.
- Data exfiltration reached an all-time high, with attackers increasingly combining encryption with data theft to demand ransoms.
- Ransomware incidents led to growing financial and reputational damage for organizations in high-value sectors.
- BlackFog emphasized the importance of proactive strategies to mitigate ransomware and data exfiltration in the evolving threat landscape.
- Retail, services, and finance sectors experienced significant rises in disclosed ransomware attacks in 2024.
- Critical Infrastructure, including energy companies, remained a key target for ransomware attacks.
Read Full Article
11 Likes
Securityaffairs
4w
147
Image Credit: Securityaffairs
Criminal group UAC-0173 targets the Notary Office of Ukraine
- Criminal group UAC-0173 is targeting the Notary Office of Ukraine.
- The campaign, which started in mid-January 2025, uses the DCRat malware.
- Phishing messages with malicious links are being sent to notaries in Ukraine.
- CERT-UA has provided recommendations to enhance cybersecurity and prevent further attacks.
Read Full Article
8 Likes
Securityaffairs
4w
258
Image Credit: Securityaffairs
DragonForce Ransomware group is targeting Saudi Arabia
- DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA).
- The attack is a part of the rising cyber threats facing the region, particularly against critical infrastructure and major corporations.
- This is the first time the ransomware gang has targeted a large KSA enterprise entity, with over 6 TB of data being exfiltrated.
- The targeting of KSA by ransomware groups raises concerns about the security of critical infrastructure in the region.
Read Full Article
15 Likes
For uninterrupted reading, download the app