Security News

Threat actors behind the infamous TrickBot malware have been linked to a new ransomware strain named "Diavol," according to the latest research. Diavol and Conti ransomware payloads were deployed on different systems in a case of an unsuccessful attack targeting one of its customers earlier this month, researchers from Fortinet's FortiGuard Labs said last week.

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "Mirai ptea" that leverages an undisclosed vulnerability in digital video recorders provided by KGUARD to propagate and carry out distributed denial-of-service attacks. Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.

Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypter service used by the Kelihos botnet to obfuscate malware payloads and evade detection. "In particular, Koshkin worked with Peter Levashov, the operator of the Kelihos botnet, to develop a system that would allow Levashov to crypt the Kelihos malware multiple times each day," the Department of Justice said.

A recently developed botnet named "Simps" has emerged from the cyber-underground to carry out distributed denial-of-service attacks on gaming targets and others, using internet of things nodes. According to the Uptycs' threat research team, Simps was first seen in April being dropped on IoT devices by the Gafgyt botnet.

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That's according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities.

Roughly one million computers are getting rid of the Emotet malware after law enforcement agencies served them an update meant to trigger an uninstall process on April 25. One of the most prevalent threats of the past half a decade, Emotet first emerged in 2014 as a banking Trojan, but evolved into a malware downloader that was employed by many cybercriminals to distribute various payloads.

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. The report noted that Cybereason has recently seen wide swathes of Prometei attacks on a variety of industries, including construction, finance, insurance, manufacturing, retail, travel and utilities.

A recently observed malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies, legitimate DevOps tools, and the removal of competing malware, according to new research from anti-malware vendor Trend Micro. The researchers say the malware is capable of downloading all of the files it needs from the Tor anonymity network, including post-infection scripts and legitimate, essential binaries that might be missing from the environment, such as ss, ps, and curl.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.