Security News
The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations. The cybersecurity company has published two reports, one illustrating new APT10's infection chain techniques and a second focusing on the evolution of LODEINFO. Abusing security software.
The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.
A set of Android malware droppers were found infiltrating the Google Play store to install banking trojans pretending to be app updates. Malware droppers are a challenging category of apps to stop because they do not contain malicious code themselves and thus can more easily pass Google Play reviews when submitted to the store.
A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials. Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages.
As many as 85 command-and-control servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit, which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications.
Separately, charges slapped on alleged operator of dark market, The Real Deal Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on...
A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the Raccoon Stealer malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law...
The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy.
26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service cybercrime operation. Raccoon Stealer is an information-stealing trojan distributed under the MaaS model that threat actors can rent for $75/week or $200/month.
Two point-of-sale malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. While a significant proportion of attacks aimed at gathering payment data rely on JavaScript sniffers stealthily inserted on e-commerce websites, PoS malware continues to be an ongoing, if less popular, threat.