Security News

Google said it obtained a court order to shut down domains used to distribute CryptBot after suing the distributors of the info-stealing malware. The court granted Google a temporary restraining order, which allowed it to shut down the bot operators' internet infrastructure.

Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users' devices with malicious apps. "In 2022, we prevented 1.43 million policy-violating apps from being published on Google Play in part due to new and improved security features and policy enhancements - in combination with our continuous investments in machine learning systems and app review processes," the Google Security team said.

A new macOS information-stealing malware named 'Atomic' is being sold to cybercriminals via private Telegram channels for a subscription of $1,000 per month. For this hefty price, buyers get a DMG file containing a 64-bit Go-based malware designed to target macOS systems and steal keychain passwords, files from the local filesystem, passwords, cookies, and credit cards stored in browsers.

Interestingly, LimeRAT shares similarities with njRAT, which ANY.RUN ranks as the third most popular malware family in terms of uploads during Q1 2023. ANY.RUN researchers have recently conducted an in-depth analysis of a LimeRAT sample and successfully extracted its configuration.

A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app. ESET reports that the malicious MsgBot malware payload was delivered to victims as a Tencent QQ software update from legitimate URLs and IP addresses belonging to the software developer.

Google is taking down malware infrastructure linked to the Cryptbot info stealer after suing those using it to infect Google Chrome users and steal their data. "Yesterday, a federal judge in the Southern District of New York unsealed our civil action against the malware distributors of Cryptbot, which we estimate infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data," the Head of Litigation Advance Mike Trinh and Threat Analysis Group's Pierre-Marc Bureau said.

The prolific Iranian nation-state group known as Charming Kitten targeted multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.

The advanced persistent threat group referred to as Evasive Panda has been observed targeting an international non-governmental organization in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in a new report published today. The group's hallmark is the use of the custom MgBot modular malware framework, which is capable of receiving additional components on the fly to expand on its intelligence-gathering capabilities.

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033. PingPull is a RAT first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus.

The Mirai malware botnet is actively exploiting a TP-Link Archer A21 WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS swarms. Researchers first abused the flaw during the Pwn2Own Toronto hacking event in December 2022, where two separate hacking teams breached the device using different pathways.