Security News
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The threat, which was spotted by Trend Micro in...
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. Analysis of Silence's attacks over the past months revealed that the gang delivered Clop ransomware typically deployed by TA505 hackers, which are associated with the FIN11 group.
Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. Analysis of Silence's attacks over the past months revealed that the gang delivered Clop ransomware typically deployed by TA505 hackers, which are associated with the FIN11 group.
Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers, Kaspersky said in a technical report published this week.
Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect. Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware.
Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution flaw in Netwrix auditor as well as the Raspberry Robin worm. TrueBot is a Windows malware downloader that's attributed to a threat actor tracked by Group-IB as Silence, a Russian-speaking crew believed to share associations with Evil Corp and TA505.
Zero2Automated, the creators of the popular malware analysis and reverse-engineering course, is having a Christmas special where you can get 20% off all courses on their site, with additional...
The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver...
A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Ukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.
A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. This new platform was discovered by cybersecurity firm ThreatFabric, which spotted malicious Windows and Android campaigns distributing multiple malware families.