Security News

BP Chargemaster, purveyors of sockets for electric vehicles, seemingly had its email domain hijacked by criminals who used formerly legitimate addresses to send banking trojans to customers. Register reader Matt received some emails from BP Chargemaster which he was certain didn't come from the company.

The Metamorfo banking trojan is abusing AutoHotKey and the AHK compiler to evade detection and steal users' information, researchers have warned. One is a purported request to download a password-protected file; and the other is an elaborate spoofed notification about pending legal documents, with a link that downloads a.ZIP file.

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Malware campaigns relying on Gootloader's mechanism have been spotted last year delivering REvil ransomware to targets in Germany.

The actor received the name LazyScripter and has been active since 2018, using phishing to target individuals seeking immigration to Canada for a job, airlines, and the International Air Transport Association. The researchers from Malwarebytes also found other examples where the attacker dropped other remote access trojans that are common to multiple hacking groups: LuminosityLink, RMS, Quasar, njRat, and Remcos.

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a.NET-based malware with capabilities to hinder static analysis - building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020.

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Cisco Talos added: "Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application."

Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37, Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool.

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.