Security News

New Python malware backdoors VMware ESXi servers for remote access
2022-12-12 21:26

A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system. VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively.

New Redigo malware drops stealthy backdoor on Redis servers
2022-12-01 18:45

A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. Today, AquaSec reports that its Redis honeypots vulnerable to CVE-2022-0543 caught a new piece of malware that is not detected as a threat by antivirus engines on Virus Total.

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets
2022-11-30 18:30

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today.

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets
2022-11-30 18:30

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers," ESET researcher Filip Jurčacko said in a new report published today.

North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
2022-11-17 05:56

Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report. Discovered in September 2019, the malware has been previously deployed in a cyber attack aimed at a nuclear power plant in India, with more recent intrusions using Dtrack as part of Maui ransomware attacks.

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
2022-11-14 06:05

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to facilitate information theft.

SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan
2022-10-24 06:25

SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority to deliver a tailored malware called WarHawk. "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz said.

Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor
2022-10-21 10:28

As one of the oldest banking trojans - dating back to the mid-2000s - the software nasty has a number of variants and been given a few monikers, including URSNIF, Gozi, and ISFB. It's crossed paths with other malware families, had its source code leaked twice since 2016 and, according to Mandiant, is now less a single malware family than a "Set of related siblings." In a report this week, Mandiant researchers Sandor Nemes, Sulian Lebegue, and Jessa Valdez wrote that a strain of URSNIF's RM3 version is no longer a banking trojan but a generic backdoor, similar to the short-lived Saigon variant.

Hackers use new stealthy PowerShell backdoor to target 60+ victims
2022-10-19 16:29

A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities. When first detected, the PowerShell backdoor was not seen as malicious by any vendors on the VirusTotal scanning service.

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update
2022-10-19 10:09

Details have emerged about a previously undocumented and fully undetectable PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at SafeBreach, said in a new report.