Security News

Microsoft is tracking a series of attacks that use SEO poisoning to infect targets with a remote access trojan capable of stealing the victims' sensitive info and backdooring their systems. The malware delivered in this campaign is SolarMarker, a.NET RAT that runs in memory and is used by attackers to drop other payloads on infected devices.

Researchers said, is the novel backdoor, which they said has been in development by a Chinese APT for at least three years. A multi-stage chain eventually results in the installation of the backdoor module, which is called "Victory." It "Appears to be a custom and unique malware," according to Check Point.

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. It organizes app containers into pods, nodes, and clusters, with multiple nodes forming clusters managed by a master which coordinates cluster-related tasks such as scaling or updating apps.

A previously unknown Windows backdoor enables remote access and the collection of considerable live data - but only during Chinese working hours. Researchers from Check Point Research report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.

Microsoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. Some of the entities that were singled out include the U.S. Atlantic Council, the Organization for Security and Co-operation in Europe, the Ukrainian Anti-Corruption Action Center, the EU DisinfoLab, and the Government of Ireland's Department of Foreign Affairs. The attacks leveraged a legitimate mass-mailing service called Constant Contact to conceal its malicious activity and masquerade as USAID, a U.S.-based development organization, for a wide-scale phishing campaign that distributed phishing emails to a variety of organizations and industry verticals.

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the attacker-controlled server.

QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage devices. "The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3," the Taiwan-based NAS appliance maker said in a security advisory issued today.

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. Once installed, it kills all running browser processes to terminate any existing sessions with online banking websites - so, when a user initiates a mobile banking session, they have to sign back in, allowing the malware to harvest the details.

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a security-analysis tool.

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems.