Security News
The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.
A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins.
A man suspected of providing the IT infrastructure behind the Gozi banking trojan has been extradited to the US to face a string of computer fraud charges. According to court documents [PDF], Paunescu allegedly ran a "Bulletproof hosting" service using computers in Romania, America, and other locations to help cybercriminals distribute Gozi and other malware including the Zeus Trojan and SpyEye Trojan.
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers. The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.
Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers. The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.
That's certainly the case for a troika of cybercriminals alleged to have been behind the infamous Gozi "Banking Trojan" malware, which first appeared in the late 2000s. Kuzmin, as we explained at the time, was effectively the COO of the group, hiring coders to create malware for the gang, and managing a bunch of cybercrime affiliates to deploy the malware and fleece victims - an operating model known as crimeware-as-a-service that is now used almost universally by ransomware gangs.
The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. The hackers pretended to be a "Community of free people around the world who are fighting russia's aggression"-much like the IT Army.
Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims. Zscaler's ThreatLabZ and security researcher Maxime Ingrao from fraud protection firm Evina discovered the downloader apps stuffed with software nasties including Joker, Facestealer, Coper, and Autolycos malware - the latter is a new family, according to Ingrao, who named and discovered Autolycos in eight different apps with more than three million downloads to Android devices.
Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.
ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control communication. CloudMensis' capabilities clearly show that its operators' main goal is to collect sensitive info from infected Macs through various means.