ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries. The descriptions for these packages, for the most part, don’t hint at their malicious intent. Some are disguised as real libraries and make flattering comparisons between their capabilities and those of known, legitimate HTTP libraries. The packages […]
S1deload Stealer – Social Network Account Hijacker
An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems’ resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components. […]
GlobeImposter Malware’s latest campagin
Since 2017, campaigns delivering GlobeImposter have continued to proliferate even though the ransomware has only evolved slightly. GlobeImposter is most often delivered via phishing email as an attachment or a link to a malicious attachment. The payloads are typically distributed via 7zip or traditional zip file archives. The archives often include a JavaScript (.js) file […]
Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) are issuing this joint Cybersecurity Advisory (CSA) to […]
Hunting Cyber Evil Ratels
Brute Ratel a commercial Red Team Operations framework developed by Chetan Nayak, an expert red teamer, has been used by attackers both in cybercrime and APT operations. This Red Team framework is designed to be capable of being highly evasive and undetectable by security products, as demonstrated by many shellcodes intercepted through hunting activities with […]
ProxyShellMiner Targets Windows Endpoints
Morphisec has recently identified a highly evasive malware campaign delivering ProxyShellMiner to Windows endpoints. As the name suggests, ProxyShellMiner exploits the ProxyShell vulnerabilities CVE-2021-34473 and CVE-2021-34523 in Windows Exchange servers for initial access and compromise of an organization to deliver crypto miners. After successfully breaching an Exchange server and obtaining control, the attackers use the […]
Cl0p ransomware variant targets Linux
SentinelLabs observed the first ELF variant of Cl0p (also known as Clop) ransomware variant targeting Linux systems on the 26th of December 2022. The new variant is similar to the Windows variant, using the same encryption method and similar process logic. While the Windows versions contain a hashing algorithm in order to avoid encrypting specific […]
ESXi : ransomware target
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi […]
Phishing Activities in 2022
Phishing scams continue to plague the internet in 2022, more now than ever. This article explores the latest data and current trends and shows you how to avoid a phishing attack today. Cybercrime consultants have found over a million discrete phishing attacks perpetrated this year, which is up by 61% in the same time period in 2021. In […]
Ransomware Group Targets Manufacturing Companies
Vice Society, which was initially reported to be exploiting the PrintNightmare vulnerability in their routines, have previously deployed ransomware variants such as Hello Kitty/Five Hands and Zeppelin (the group’s email has been in their ransom notes). More recently, Vice Society has been able to develop its own custom ransomware builder and adopt more robust encryption […]
Malicious use of Remote Monitoring and Management Software
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of […]
Black Hat AD network using Hacked WordPress Sites
Since late December, Sucuri team has been tracking a new spike in WordPress website infections. These infections have been exploiting vulnerabilities in outdated versions of WordPress to gain access to the sites. Once they have control, malicious code is injected that displays unwanted ads and redirects visitors to other sites –including tech support scams, adult […]
Supply Chain Attack Using Identical PyPI Packages
The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. […]
Roaming Mantis: New DNS Changer In Its Malicious Mobile App
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, Kaspersky observed a DNS changer function implemented in its Android malware Wroba.o. Back in 2018, Kaspersky first saw Roaming Mantis activities targeting the Asian region, including Japan, South Korea […]
Rhadamanthys: New Stealer Spreading Through Google Ads
Recently, Cyble came across a new strain of malware called “Rhadamanthys Stealer.” This stealer variant is active, and the TA behind the malware stealer is selling this under the Malware as a Service (MaaS) model. Rhadamanthys stealer spreads by using Google Ads that redirect the user to phishing websites that mimic popular software such as […]
Coinminers installed by Linux Malware
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the […]
CyberCrime Group Targets MS Exchange
A Swiss cybersecurity firm, Prodaft, has recently released a report about FIN7, deeming it one of the deadliest cybercrime groups on the planet that mainly targets corporations with vulnerabilities. The group uses an auto-attack system, Checkmarks, to breach corporate networks with Microsoft Exchange vulnerabilities. It chooses its targets based on financial size, total employees, vulnerability, and […]
Linux Backdoor Malware infects WordPress Sites
Doctor Web discovered a malicious Linux program that exploits websites running WordPress CMS. It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If the site uses outdated versions of one of these vulnerable add-ons are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from […]
GodFather: Android Malware
GodFather is a notorious Android banking trojan known for targeting banking users, mostly in European countries. Recently, CRIL identified several GodFather Android samples masquerading as MYT application. The GodFather Android malware, after successful installation on the victim’s device, steals sensitive data such as SMSs, basic device details, including installed apps data, and the device’s phone […]
Google’s Ad-words exploited by Threat Actors
A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. […]