Security News

Internet snoops has been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East. The Witchetty gang used steganography to stash backdoor Windows malware, dubbed Backdoor.

Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo. The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.

Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.A modified level of trust is not enough for the ESXi system to accept it by default but the attacker also used the '-force' flag to install the malicious VIBs.

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

North Korean hackers are using trojanized versions of the PuTTY SSH client to deploy backdoors on targets' devices as part of a fake Amazon job assessment. A novel element in this campaign is the use of a trojanized version of the PuTTY and KiTTY SSH utility to deploy a backdoor, which in this case, is 'AIRDRY.V2'.

ESET researchers have discovered a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group. Commands with different or missing implementation in the Linux version of SideWalk.

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S. Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware's similarities to that of Crosswalk.

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. The control panel, called TeslaGun, is said to be used by the adversary to manage the ServHelper implant, working as a command-and-control framework to commandeer the compromised machines.

Cybercriminals using Prynt Stealer to collect data from victims are being swindled by the malware developer, who also receives a copy of the info over Telegram messaging service. Prynt Stealer can steal cryptocurrency wallet information, sensitive info stored in web browsers, VPN account data, cloud gaming account details.