A non-fungible token (NFT) is a record on a blockchain associated with a digital or physical asset—usually a digital file such as a photo, video, or audio. An NFT’s ownership is recorded in the blockchain, and it can be sold and traded. NFTs differ from cryptocurrencies, which are mostly fungible, in that NFTs are unique […]
Fake Mobile Banking Rewards Apps
Rewards Plus: Fake Mobile Banking Rewards Apps Lure Users to Install Info-Stealing RAT on Android Devices A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote […]
Pay Per Install Malware Service
Pay-Per-Install (PPI) is a malware service widely used in the cybercrime ecosystem that monetizes the installation of malicious software. SEKOIA observed that PrivateLoader is one of the most widely used loaders in 2022. It is used by a PPI service to deploy multiple malicious payloads on the infected hosts. The threat actor ruzki (aka les0k, […]
Malware spreads through YouTube Ads
RedLine Spreads Through Ads for Cheats and Cracks on YouTube A malicious bundle containing the RedLine stealer and a miner is being distributed on YouTube through cheats and cracks ads for popular games. RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. […]
Dear or Alive ? An Emotet Story
Dead or Alive? An Emotet Story Emotet, while perviously takendown by Interpol and Eurojust efforts, has seen a resurgence since November 2021. In May of this year, DFIR witnessed an intrusion that started from a phishing email which included Emotet. The intrusion lasted four days and contained many of the usual suspects, including the Cobalt […]
Crypto Miners Latest Exploits
Crypto miners have been present in the threat landscape for some years, since an attacker identified the opportunity of leveraging victim’s CPUs to mine cryptocurrencies for them. Despite the current rough patch in the world of cryptocurrencies, these miners are still present and will be in the foreseeable future. Attackers have been sending malicious attachments, […]
Check Point picks up Cypto Miner disguised as Google Translate
At the end of July 2022, Check Point Research (CPR) detected a previously undisclosed cryptomining campaign, called Nitrokod, which potentially infected thousands of machines worldwide. At the campaign’s core there are several useful utilities. Created by a Turkish speaking entity, the campaign dropped malware from free software available on popular websites such as Softpedia and uptodown. The software […]
Defending against Computer Worms
What Are Computer Worms and What Are the Best Tools to Defend Your Network against Them? A computer worm is a malicious program that distributes itself across a computer network. Like biological systems, computer systems are also plagued by various maladies known as malware. Malware is an all-encompassing term that refers to malicious, hostile, and invasive programs aiming to harm computer systems or networks. […]
SocGHolish: 5+ Years of Massive Website Infection
SocGholish: 5+ Years of Massive Website Infections SocGholish is a JavaScript malware framework that has been in use since at least 2017. It is distributed through a number of malicious sites claiming to provide critical browser updates. In reality, these sites are designed to trick victims into downloading and installing malware — usually in the […]
PyPl Package Drops Fileless Linux Malware
PyPI Package ‘secretslib’ Drops Fileless Linux Malware to Mine Monero Sonatype has identified a ‘secretslib’ PyPI package that describes itself as “secrets matching and verification made easy.” On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters. […]
Malware that runs automatically and hides on Google Play
McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize their batteries for device management. However, this malware hides and continuously show advertisements to victims. In addition, they run malicious services automatically upon installation without executing […]
DUCKTAIL: Infostealer Malware targeting Facebook business accounts
WithSecure™ has discovered an ongoing operation (dubbed “DUCKTAIL”) that targets individuals and organizations that operate on Facebook’s Business and Ads platform. The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware. The malware is designed to steal browser cookies and take advantage of authenticated Facebook […]
Lightning Framework: New “Swiss Army Knife” Linux malware
Lightning Framework is a new undetected ‘Swiss Army Knife’-like Linux malware that has modular plugins and the ability to install rootkits. The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration. The framework consists of […]
ABCsoup: The Malicious Adware Extension with 350 Variants
Recently, Zimperium discovered and began monitoring the growth of a wide range of malicious browser extensions with the same extension ID as Google Translate. This family, codenamed ABCsoup, targets three popular browsers: Google Chrome, Opera, and Firefox. https://blog.zimperium.com/abc-soup-the-malicious-adware-extension-with-350-variants/
Linux News
It used to be that Microsoft attracted all the attention of malicious hackers. They seemed mostly happy to leave macOS and Linux alone for the most part. Not any more (Ars Technica). Will Microsoft’s growing footprint in the Linux/FOSS landscape cause the Black Hat community to up their targeting of Linux systems? What do you think? Open Source software […]
Rise of LNK (Shortcut files) Malware | McAfee Blog
A LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut option or sometimes they […]