Security News

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. The malware targeted information stored in browsers, focusing on Facebook Business account data, and exfiltrated it to a private Telegram channel that acted as a C2 server.

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions, the latest version also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi said.

Advanced, a managed software provider to the UK National Health Service, has confirmed that customer data was indeed lifted as part of the attack by cyber baddies that has disrupted operations for months. The incident disrupted healthcare customers, forcing NHS 111 medical services operators, for example, to revert back to pen and paper as digital services went AWOL, sources told us at the time.

Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin. "The darkest hour is now for the financial industry, especially for big and medium-sized corporations," Lozhkin said, during a panel discussion on threats to financial services organizations.

A previously undocumented command-and-control framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News.

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "Allow the use of a WhatsApp account without the app," Kaspersky said in a new report.

Election workers in US battleground states have been hit by a surge in phishing and malware-laced emails in the run up to their primaries and the upcoming 2022 midterm elections. That's according to Trellix security researchers, who said malicious emails sent to Arizona county election workers rose 78 percent, from 617 to 1,101, between the first and second quarter of the year, ahead of the state's August 2 primary.

Malicious actors are resorting to voice phishing tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. Telephone-oriented attack delivery, as the social engineering technique is called, involves calling the victims using previously collected information from fraudulent websites.

A new report from Kaspersky sheds light on the 2020-2022 ATM and Point of Sale malware landscape. Lockdowns all around the globe during the pandemic have seriously reduced ATM and PoS malware activity, since people stayed at home with no other possibility than buying what they needed online instead of physically going to shops.

Unfortunately the page that you requested does not exist. Don't worry we have some great suggestions to help you on your way! Based on the keywords found in the URL that you attempted to visit, we have suggested similar content and articles below.