Vice Society, which was initially reported to be exploiting the PrintNightmare vulnerability in their routines, have previously deployed ransomware variants such as Hello Kitty/Five Hands and Zeppelin (the group’s email has been in their ransom notes). More recently, Vice Society has been able to develop its own custom ransomware builder and adopt more robust encryption […]
Malicious use of Remote Monitoring and Management Software
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of […]
Black Hat AD network using Hacked WordPress Sites
Since late December, Sucuri team has been tracking a new spike in WordPress website infections. These infections have been exploiting vulnerabilities in outdated versions of WordPress to gain access to the sites. Once they have control, malicious code is injected that displays unwanted ads and redirects visitors to other sites –including tech support scams, adult […]
Supply Chain Attack Using Identical PyPI Packages
The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. […]
Roaming Mantis: New DNS Changer In Its Malicious Mobile App
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, Kaspersky observed a DNS changer function implemented in its Android malware Wroba.o. Back in 2018, Kaspersky first saw Roaming Mantis activities targeting the Asian region, including Japan, South Korea […]
Rhadamanthys: New Stealer Spreading Through Google Ads
Recently, Cyble came across a new strain of malware called “Rhadamanthys Stealer.” This stealer variant is active, and the TA behind the malware stealer is selling this under the Malware as a Service (MaaS) model. Rhadamanthys stealer spreads by using Google Ads that redirect the user to phishing websites that mimic popular software such as […]
What is Advanced Malware Protection
Malware is a serious threat to both individuals and enterprises. It can compromise your sensitive data, disrupt operations, and even cause physical damage to computer systems. That’s not the end of the rope, though. If malware infects your system, it could severely damage your company’s reputation in the case of a data breach. In addition, […]
Coinminers installed by Linux Malware
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the […]
CyberCrime Group Targets MS Exchange
A Swiss cybersecurity firm, Prodaft, has recently released a report about FIN7, deeming it one of the deadliest cybercrime groups on the planet that mainly targets corporations with vulnerabilities. The group uses an auto-attack system, Checkmarks, to breach corporate networks with Microsoft Exchange vulnerabilities. It chooses its targets based on financial size, total employees, vulnerability, and […]
Linux Backdoor Malware infects WordPress Sites
Doctor Web discovered a malicious Linux program that exploits websites running WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If the site uses outdated versions of one of these vulnerable add-ons are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from […]
GodFather: Android Malware
GodFather is a notorious Android banking trojan known for targeting banking users, mostly in European countries. Recently, CRIL identified several GodFather Android samples masquerading as MYT application. The GodFather Android malware, after successful installation on the victim’s device, steals sensitive data such as SMSs, basic device details, including installed apps data, and the device’s phone […]
Google’s Ad-words exploited by Threat Actors
A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. […]