A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads.

Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.

• U.S. banks and financial institutions processed more than $1 billion in potential ransomware-related payments in 2021.
• It’s a new record and almost triple the amount that was reported the previous year.
• Over half the ransomware attacks are attributed to suspected Russian cyber hackers, according to a new report.

The Splunk SURGe team shares an outline of their interpretation of the CVE-2022-3602 vulnerability and what you can do to detect it in your environment.

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.

The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary.

In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems.

First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.

We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

Background
On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our
article was published, Fodcha suffered a crackdown from the relevant
authorities, and its authors quickly responded by leaving "Netlab pls leave me
alone I surrender" in an updated sample.No surprise, Fodcha's authors didn't
really stop updating after the fraudulent surrender, and soon a new version was
released.

In the new version, the authors of Fodcha redesigned the communication protocol
and started to us

One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.

Dormant Colors, a browser extension campaign, was spotted stealing browser data and hijacking search results and affiliation to thousands of sites.

• In this interview this person will be identified as LB0 (Lockbit administrator, founding member)
• vx-underground conducted this interview over TOX
  • Text and grammar has been modified to improve legibility

It was the largest dark-web drug and crime bazaar in history, run by a technological mastermind who seemed untouchable—until his tech was turned against him.

Leaked data obtained by TechCrunch reveals the notorious network of Android spyware apps tracked locations and recorded calls of Americans.

Ransomware attacks are becoming more frequent and costlier—breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. What’s more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service (RaaS) model.

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try to prevent anomalies like Malware, Ransomware by using automated rule based response method.

On August 4, 2022, Twilio identified accounts of employees who were compromised by a social engineering attack. The attacker then gained access to data for a limited number of customers.

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.

Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint