Security News

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. Other instructions the malware is capable of accepting from a command-and-control server include the ability to execute DLL and EXE files.

In this Help Net Security video, Tonia Dudley, VP, CISO at Cofense, provides a look at the various changes seen in the phishing threat landscape. Dudley talks about the impact of credential phishing and business email compromise, which allow cybercriminals to steal substantial amounts of money from global organizations.

Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal payment information.Smart Link is a feature reserved for LinkedIn Sales Navigator and Enterprise users, allowing them to send a pack of up to 15 documents using a single trackable link.

A.NET-based evasive crypter named DarkTortilla has been used by threat actors to distribute a broad array of commodity malware as well as targeted payloads like Cobalt Strike and Metasploit, likely since 2015. "DarkTortilla has versatility that similar malware does not," the researchers noted.

Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. "What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine," the researchers pointed out.

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through the external service.

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments. Microsoft Threat Intelligence Center, which dubbed the defense evasion malware "Tarrask," characterized it as a tool that creates "Hidden" scheduled tasks on the system.

The Palestinian-aligned APT group tracked as TA402 was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. If the target's IP address matches the defined targeted region, a copy of NimbleMamba is dropped on their system inside a RAR file.

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats, that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection.

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT designed to remotely monitor and control its infected computers through a secure, encrypted connection," Michael Dereviashkin, security researcher at enterprise breach prevention firm Morphisec, said in a report.