Security News

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2 such as CobaltStrike or RDP," IBM X-Force researchers Golo Mühr and Ole Villadsen said.

A new dropper-as-a-service cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android to install malware on devices and obtain access to Accessibility Services. Restricted Settings is a security feature introduced with Android 13 that prevents side-loaded applications installed from outside Google Play to access powerful features like the Accessibility settings and Notification Listener.

Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN for hosting and pushing malware. "Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content, and generally reduce the amount of malware distributed using our CDN," Discord told BleepingComputer.

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process....

North Korean hackers are using novel MacOS malware named KandyKorn to target blockchain engineers of a cryptocurrency exchange platform. By impersonating blockchain engineering community members on Discord, the attackers used social engineering techniques to make victims download a malicious ZIP file.

Compromised Facebook business accounts are being used to run bogus ads that employ "revealing photos of young women" as lures to trick victims into downloading an updated version of a malware...

A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. At the final stage of the attack, a loader known as HLoader is used, which impersonates Discord and uses macOS binary code-signing techniques seen in past Lazarus campaigns.

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. Mozi is a well-known DDoS malware botnet that emerged in 2019, primarily targeting IoT devices such as routers, digital video recorders, and other internet-connected gadgets.

State-sponsored threat actors from the Democratic People's Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel...

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data.