Security News

Kaspersky discovered two new Prilex variants in early 2022 and found a third in November that can target NFC-enabled credit cards and block contactless transactions, forcing payers over to the less-secure PIN machines. "Contactless credit cards offer a convenient and secure way to make payments without the need to physically insert or swipe the card," the researchers wrote.

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Enterprise firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone.

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. In a Google advertising campaign spotted by Sentinel Labs, threat actors push the Formbook information-stealing malware as virtualized.

Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. NET-based malware and embedding it into the Office add-in.

NET loaders that are highly obfuscated and dropping info-stealer malware. The loaders are distributing the Formbook info-stealing malware collection as part of an ongoing campaign, the researchers write in a report out this week.

Prilex is particularly experienced with payment markets, electronic funds transfer software and protocols, and the threat actor has recently updated its POS malware to block contactless transactions to steal your credit card information. This resulted in cybercriminals' POS malware seeing a huge decrease in the number of transactions it could abuse.

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "Elusive and severe threat" dubbed HeadCrab since early September 2021. The findings come two months after the cloud security firm shed light on a Go-based malware codenamed Redigo that has been found compromising Redis servers.

New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency. "This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," the researchers said.

Some other cybercriminals have found a different way to keep abusing Microsoft products for infecting computers with malware: infected OneNote documents. A new Bitdefender study exposes a phishing campaign abusing OneNote to infect computers with malware.

Hackers have been targeting online gaming and gambling companies with what appears to be a previously unseen backdoor that researchers have named IceBreaker. Researchers at incident response firm Security Joes believe that the IceBreaker backdoor is a the work of a new advanced threat actor that uses "a very specific social engineering technique," which could lead to a more clear picture of who they are.