Security News

A new threat actor tracked as TA886 targets organizations in the United States and Germany with new custom malware to perform surveillance and data theft on infected systems. The threat actor targets victims using phishing emails that include Microsoft Publisher attachments with malicious macros, URLs linking to.

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation.

Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players' systems. The unknown attacker created four game mods for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game's fans, as Avast Threat Labs researchers found.

Security researchers have discovered four malicious Dota 2 game modes that were used by a threat actor to backdoor the players' systems. The unknown attacker created four game modes for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game's fans, as Avast Threat Labs researchers found.

A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels, which allows easier abuse of sensitive permissions. Starting with the "Runtime receivers," which enable apps to receive intents broadcast by the system or other applications, all apps targeting Android 14 must declare if they need to receive information from other apps or if they should be limited to system "Broadcasts."

A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine as UAC-0056.

A new QBot malware campaign dubbed "QakNote" has been observed in the wild since last week, using malicious Microsoft OneNote'. Qbot is a former banking trojan that evolved into malware that specializes in gaining initial access to devices, enabling threat actors to load additional malware on the compromised machines and perform data-stealing, ransomware, or other activities across an entire network.

Criminals using Google search ads to deliver malware isn't new, but Ars Technica declared that the problem has become much worse recently. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros.

The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. While attack chains in 2021 leveraged a ZIP archive containing a macro-laced Word document to drop an executable file tasked with loading GuLoader, the new phishing wave employs NSIS files embedded within ZIP or ISO images to activate the infection.

The shift to Google malvertising is the latest example of how crimeware actors are devising alternate delivery routes to distribute malware ever since Microsoft announced plans to block the execution of macros in Office by default from files downloaded from the internet. NET applications for concealing its behavior and are tasked with distributing the FormBook malware family.