Security News
Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware. The first account serves the "Phishing" repository template; The second account provides the "Image" used for the phishing template; The third account serves malware as a password-protected archive in a Release.
CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the Falcon sensor update fiasco. Lumma is a relatively popular stealer that has been in high demand among ransomware crews since 2022.
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. As the Binarly Research Team found, affected devices use a test Secure Boot "Master key"-also known as Platform Key-generated by American Megatrends International, which was tagged as "DO NOT TRUST" and that upstream vendors should've replaced with their own securely generated keys.
The French police and Europol are pushing out a "Disinfection solution" that automatically removes the PlugX malware from infected devices in France. The operation is conducted by the Center for the Fight Against Digital Crime of the National Gendarmerie with assistance by French cybersecurity firm Sekoia, which sinkholed a command and control server for a widely distributed PlugX variant last April.
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.
Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group...
A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale...
Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing...
Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...]
CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...]