Security News

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Cisco Talos added: "Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application."

Researchers have identified new versions of the Agent Tesla remote access trojan that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses to fend off the ever-evolving Agent Tesla malware.

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37, Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool.

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.

Subway patrons in the UK received suspicious emails this morning and infosec researchers fear this is linked to the theft of customer details - and a Trickbot malware campaign. "I've just had an email purporting to be from Subway and sent to an address used only for Subway," Reg reader Alan told us.

New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer. NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects.

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the "Operation Manul" and "Dark Caracal" campaigns, respectively.

A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected. Previously, the Stantinko group was mainly known for the targeting of Windows systems, but recent attacks show that they are also focusing on evolving their Linux malware, with a new proxy Trojan that masquerades as httpd, the Apache Hypertext Transfer Protocol Server found on many Linux servers.

Ever since its discovery in 2014-when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Emotet is the most uploaded malware throughout the past few years.

A new banking trojan has been discovered targeting Android users, with the capabilities to spy on 153 mobile apps from various banks, cryptocurrencies and exchanges. Kaspersky telemetry shows that all victims of the Ghimob mobile banking trojan are currently located in Brazil at the moment.