Security News

Python info-stealing malware uses Unicode to evade detection
2023-03-23 15:09

A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices. The malicious package, named "Onyxproxy," uses a combination of different Unicode fonts in the source code to help it bypass automated scans and defenses that identify potentially malicious functions based on string matching.

ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
2023-03-22 12:24

The North Korean advanced persistent threat actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help files to download additional malware. "The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
2023-03-22 08:58

"The packages contained a PowerShell script that would execute upon installation and trigger a download of a 'second stage' payload, which could be remotely executed," JFrog researchers Natan Nehorai and Brian Moussalli said. While NuGet packages have been in the past found to contain vulnerabilities and be abused to propagate phishing links, the development marks the first-ever discovery of packages with malicious code.

Unknown actors deploy malware to steal data in occupied regions of Ukraine
2023-03-22 07:32

A cyber espionage campaign targeting organizations in Russian-occupied regions of Ukraine is using novel malware to steal data, according to Russia-based infosec software vendor Kaspersky. In a report published Tuesday, Kaspersky researchers detailed the infections, which use a PowerShell-based backdoor they've named "PowerMagic" and a previously unknown framework dubbed "CommonMagic" that can steal files from USB devices, take screenshots every three seconds, and send all of this data back to the attacker.

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection
2023-03-22 07:19

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "Network-based forms of detection."

Hackers use new PowerMagic and CommonMagic malware to steal data
2023-03-21 20:33

Security researchers have discovered attacks from an advanced threat actor that used "a previously unseen malicious framework" called CommonMagic and a new backdoor called PowerMagic. Researchers at cybersecurity company Kaspersky say that the hackers are interested in collecting data from victims in Donetsk, Lugansk, and Crimea.

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
2023-03-21 11:41

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.

New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
2023-03-20 13:39

A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. "DotRunpeX is a new injector written in.NET using the Process Hollowing technique and used to infect systems with a variety of known malware families," Check Point said in a report published last week.

Emotet malware now distributed in Microsoft OneNote files to evade defenses
2023-03-18 19:03

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. Emotet is a notorious malware botnet historically distributed through Microsoft Word and Excel attachments that contain malicious macros.

FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps
2023-03-17 18:15

An Android voice phishing malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. FakeCalls was previously documented by Kaspersky in April 2022, describing the malware's capabilities to imitate phone conversations with a bank customer support agent.