Security News

CoralRaider attacks use CDN cache to push info-stealer malware
2024-04-23 21:27

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.

Hackers hijack antivirus updates to drop GuptiMiner malware
2024-04-23 14:56

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
2024-04-23 04:23

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called...

Using Legitimate GitHub URLs for Malware
2024-04-22 15:26

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL. What this means is that someone can upload malware and "Attach" it to a legitimate and trusted project. As the file's URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures.

GitLab affected by GitHub-style CDN flaw allowing malware hosting
2024-04-22 15:05

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most of the malware-associated activity was based around the Microsoft GitHub URLs, this "Flaw" could be abused with any public repository on GitHub or GitLab, allowing threat actors to create very convincing lures.

Fuxnet malware: Growing threat to industrial sensors
2024-04-22 04:00

In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call to industrial operators about the...

Malware dev lures child exploiters into honeytrap to extort them
2024-04-21 18:49

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. Since 2012, threat actors have been creating a variety of malware and ransomware that pretend to be government agencies warning infected Windows users that they were viewing CSAM. The malware tells victims they must pay a "Penalty" to prevent their information from being sent to law enforcement.

GitHub comments abused to push malware via Microsoft repo URLs
2024-04-20 14:14

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. While most of the malware activity has been based around the Microsoft GitHub URLs, this "Flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.

Fake cheat lures gamers into spreading infostealer malware
2024-04-19 00:46

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. Redline is a powerful information-stealing malware capable of harvesting sensitive information from infected computers, including passwords, cookies, autofill information, and cryptocurrency wallet information.

Google ad impersonates Whales Market to push wallet drainer malware
2024-04-18 17:55

Today, BleepingComputer was contacted about a phishing ad for the trading platform in Google search results. A quick search for Whales Market in Google displayed a sponsored ad at the top of the search results, displaying what looks like legitimate URLs for the site.