Security News

PixPirate Android malware uses new tactic to hide on phones
2024-03-13 18:13

The latest version of the PixPirate banking trojan for Android employs a new method to hide on phones while remaining active, even if its dropper app has been removed. PixPirate is a new Android malware first documented by the Cleafy TIR team last month seen targeting Latin American banks.

Keyloggers, spyware, and stealers dominate SMB malware detections
2024-03-13 04:00

In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. "The value of 'data,' as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation. For example, let's say attackers deploy an infostealer on their target's network to steal credentials and then get hold of the password for the company's accounting software. Attackers could then gain access to the targeted company's financials and have the ability to funnel funds into their own accounts," said Christopher Budd, director of Sophos X-Ops research at Sophos.

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
2024-03-12 09:15

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected...

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware
2024-03-12 08:55

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
2024-03-10 15:38

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. Sucuri says the exact actions of the code may vary, but the primary purpose of the injections appears to be redirecting visitors of infected sites to malicious destinations such as phishing pages and malware-dropping sites.

Magnet Goblin hackers use 1-day flaws to drop custom Linux malware
2024-03-09 15:08

A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. Check Point analysts who identified Magnet Goblin report that these threat actors are quick to exploit newly disclosed vulnerabilities, in some cases exploiting flaws a day after a PoC exploit is released.

Web-based PLC malware: A new potential threat to critical infrastructure
2024-03-07 11:45

"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.

Reminder: Infostealer malware is coming for your ChatGPT credentials
2024-03-07 06:27

Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year. According to Group-IB, it found around 130,000 of the ChatGPT credential-containing logs in the five months from June to October, 2023, representing a 36 percent increase in the number of logs found in the prior five-month period between January and May of last year.

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware
2024-03-07 06:11

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and...

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
2024-03-06 12:09

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. According to the researchers, the hackers deploy a set of four novel Golang payloads that are responsible for identifying and exploiting hosts running services for Hadoop YARN, Docker, Confluence, and Redis.