Security News

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. Coinciding with the use of IronWind are consistent updates to its malware delivery mechanisms, using Dropbox links, XLL file attachments, and RAR archives to distribute IronWind.

The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. Ducktail, alongside Duckport and NodeStealer, is part of a cybercrime ecosystem operating out of Vietnam, with the attackers primarily using sponsored ads on Facebook to propagate malicious ads and deploy malware capable of plundering victims' login cookies and ultimately taking control of their accounts.

Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns Google has sued three scammers for offering a fake download of its Bard AI chatbot that contained malware capable of...

The recent attacks were discovered by researchers at cybersecurity company CrowdStrike, who made the attribution based on infrastructure overlaps with past campaigns, observed tactics, techniques, and procedures, the use of the IMAPLoader malware, phishing lures. In a report published earlier this week, researchers say that Imperial Kitten launched phishing attacks in October using a 'job recruitment' theme in emails carrying a malicious Microsoft Excel attachment.

SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware. The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."

A new malware is bypassing an Android 13 security measure that restricts permissions to apps downloaded out of the legitimate Google Play Store. A new report from ThreatFabric, a fraud protection company, exposes SecuriDropper malware, which is capable of bypassing Android 13 restricted settings.

A new set of malicious Python packages has slithered their way to the Python Package Index repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, Checkmarx said in a report shared with The Hacker News.

The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices. ObjCShellz is an Objective-C-based malware, quite different from other malicious payloads deployed in previous BlueNorOff attacks.

Months of work reveals how this tricky malware family targets... the financial services sector A brand-new macOS malware strain from North Korean state-sponsored hackers has been spotted in the wild.…

The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign, which came to light earlier this year.