Security News

The threat actors behind the IcedID Trojan are experimenting with various delivery methods to increase efficiency, including sending malicious messages from web-based contact forms. Some of the attacks switched to the abuse of contact forms for the delivery of malicious messages.

The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID, bears similarities to Emotet in that it's a modular malware that started life as a banking trojan used to steal financial information.

Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. "These pop-ups contain fake forms, aiming to trick the malware's victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its servers," ESET researchers Facundo Muñoz and Matías Porolli said in a write-up.

Enterprise software developer Proxmox Server Solutions GmbH has released Proxmox Mail Gateway 6.4, the latest version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster 10.9, but using Linux kernel 5.4.106, which is under long term support status.

BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers. Register reader Matt received some emails from BP Chargemaster which he was certain didn't come from the company.

The Metamorfo banking trojan is abusing AutoHotKey and the AHK compiler to evade detection and steal users' information, researchers have warned. One is a purported request to download a password-protected file; and the other is an elaborate spoofed notification about pending legal documents, with a link that downloads a.ZIP file.

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.

The actor received the name LazyScripter and has been active since 2018, using phishing to target individuals seeking immigration to Canada for a job, airlines, and the International Air Transport Association. The researchers from Malwarebytes also found other examples where the attacker dropped other remote access trojans that are common to multiple hacking groups: LuminosityLink, RMS, Quasar, njRat, and Remcos.

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a.NET-based malware with capabilities to hinder static analysis - building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020.