Security News

Threat Actors Abuse Discord to Push Malware
2021-10-22 11:44

Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware-in particular remote access trojans that can take over systems-putting its 150 million users at risk, researchers have found. Researchers warn, "Many files sent across the Discord platform are malicious, pointing to a significant amount of abuse of its self-hosted CDN by actors by creating channels with the sole purpose of delivering these malicious files," according to a report published Thursday by Team RiskIQ. Initially Discord attracted gamers, but the platform is now being used by organizations for workplace communication.

Massive campaign uses YouTube to push password-stealing malware
2021-10-21 21:10

Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers. Password stealing trojans are malware that quietly runs on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors.

S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
2021-10-21 15:13

Hook up with our forthcoming Live Malware Demo presentation. Why we think you should celebrate Global Encryption Day.

RAT malware spreading in Korea through webhards and torrents
2021-10-21 14:22

An ongoing malware distribution campaign targeting South Korea is disguising RATs as an adult game shared via webhards and torrents. The attackers are using easily obtainable malware such as njRAT and UDP RAT, wrap them in a package that appears like a game or other program, and then upload them on webhards.

Google: YouTubers’ accounts hijacked with cookie-stealing malware
2021-10-20 15:49

Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors. The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.

Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse
2021-10-18 17:30

Microsoft has been branded as "The world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers. TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service.

State-backed hackers breach telcos with custom malware
2021-10-18 17:28

"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said. "The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."

NFTs not annoying enough? Now they come with wallet-emptying malware
2021-10-17 11:01

People were receiving free NFTs from an unknown benefactor, but when they accepted the gift the attackers got access to their wallet information in OpenSea's storage systems. Arming robots with sniper rifles, not worrying at all.

Attackers Behind Trickbot Expanding Malware Distribution Channels
2021-10-15 07:40

The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, has been found to partner with other cybercrime gangs known Hive0105, Hive0106, and Hive0107, adding to a growing number of campaigns that the attackers are banking on to deliver proprietary malware, according to a report by IBM X-Force.

Photo editor Android app STILL sitting on Google Play store is malware
2021-10-12 08:13

An Android app sitting on the Google Play store touts itself to be a photo editor app. Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with the sign-in with Facebook functionality.