Security News

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. The control panel, called TeslaGun, is said to be used by the adversary to manage the ServHelper implant, working as a command-and-control framework to commandeer the compromised machines.

Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service. Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.

Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims' exfiltrated data when used by other cybercriminals. Prynt Stealer, which came to light earlier this April, comes with capabilities to log keystrokes, steal credentials from web browsers, and siphon data from Discord and Telegram.

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. So system library is used by any app, it triggers the execution of a trojan incorporated in libmtd.

A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox. This malicious set of PyPi Python packages has not been removed from the open source package repository at the time of writing this, so software developers are still at risk.

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

A threat actor is said to have "Highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. "The evidence indicates that the threat actor executed malicious commands with a parent process of tomcat9.exe in Atlassian's Confluence directory," the company said.

Microsoft says attackers increasingly use malicious Internet Information Services web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells. Microsoft previously saw custom IIS backdoors installed after threat actors exploited ZOHO ManageEngine ADSelfService Plus and SolarWinds Orion vulnerabilities.