Security News

Legitimate Android app transforms into data-snooping malware
2023-05-24 07:51

This is not the first time that AhMyth-based Android malware has been available on the official store; ESET previously published research on such a trojanized app in 2019. The iRecorder app can also be found on alternative and unofficial Android markets, and the developer also provides other applications on Google Play, but they don't contain malicious code.

N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware
2023-05-24 07:30

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center, which detailed the advanced persistent threat's continued abuse of DLL side-loading techniques to deploy malware.

PyPI open-source code repository deals with manic malware maelstrom
2023-05-23 18:45

Public source code repositories, from Sourceforge to GitHub, from the Linux Kernel Archives to, from PHP Packagist to the Python Package Index, better known as PyPI, are a fantastic source of free operating systems, applications, programming libraries, and developers' toolkits that have done computer science and software engineering a world of good. In cases like that, you can save time by searching for a package that already exists in one of the many available repositories, and hooking that external package into your own tree of source code.

New AhRat Android malware hidden in app with 50,000 installs
2023-05-23 14:53

ESET malware researchers found a new remote access trojan on the Google Play Store, hidden in an Android screen recording app with tens of thousands of installs. While first added to the store in September 2021, the 'iRecorder - Screen Recorder' app was likely trojanized via a malicious update released almost a year later, in August 2022.

North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
2023-05-23 13:56

The North Korean advanced persistent threat group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks," SentinelOne researchers Aleksandar Milenkoski and Tom Hegel said in a report published today.

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
2023-05-23 11:11

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. A key security measure to mitigate against malicious drivers is Driver Signature Enforcement, which ensures that only drivers signed by Microsoft can be loaded on the system.

An AI-based Chrome Extension Against Phishing, Malware, and Ransomware
2023-05-22 14:02

To address this issue and provide practical prevention solutions, Criminal IP, a CTI search engine developed by AI SPERA, launched a comprehensive Chrome extension named "Criminal IP Phishing scams link checker" on May 22, 2023. A web browsing guard against Phishing, Malware, and Ransomware based on AI. This Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.

PyPI temporarily pauses new users, projects amid high volume of malware
2023-05-21 01:19

PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new projects from being uploaded to the platform until further notice. As of today, the Python Package Index, more commonly known as PyPI, has temporarily suspended new user registrations and project creations until further notice.

Cloned CapCut websites push information stealing malware
2023-05-20 15:08

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. Threat actors exploit this by creating websites that distribute malware disguised as CapCut installers.

npm packages hide TurkoRAT malware in what looks like a NodeJS EXE
2023-05-20 13:06

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given their stealthiness and a very low detection rate, had been present on npm for over two months prior to their detection by the researchers.