Recherche : [Malware]

Bumblebee: increasing its capacity and evolving its TTPs https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/

04/10/2022 19:49:59

The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families.

Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence

03/10/2022 20:11:54

Earlier this year, Mandiant identified a novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines that enables a threat actor to take the following actions:

1) Maintain persistent administrative access to the hypervisor
2) Send commands to the hypervisor that will be routed to the guest VM for execution
3) Transfer files between the ESXi hypervisor and guest machines running beneath it
4) Tamper with logging services on the hypervisor

Lazarus hackers abuse Dell driver bug using new FudModule rootkit https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/

02/10/2022 12:36:22

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying https://www.wired.com/story/hyperjacking-vmware-mandiant/

01/10/2022 01:07:10

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

Chaos is a Go-based Swiss army knife of malware https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/

01/10/2022 01:03:28

Black Lotus Labs, the threat intelligence arm of Lumen Technologies, recently uncovered a multifunctional Go-based malware developed for Windows and Linux

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/

28/09/2022 15:28:47

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

MAR-10400779-1.v1 – Zimbra 1 https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-270a

28/09/2022 15:27:59

CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.

New Malware Campaign Targets Zoom Users https://blog.cyble.com/2022/09/19/new-malware-campaign-targets-zoom-users/

26/09/2022 09:49:59

Cyble Research and Intelligence Labs analyzes a new malware campaign targeting Zoom users.

The Evolution of the Chromeloader Malware - VMware Security Blog - VMware https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html

21/09/2022 23:39:47

The VMware Carbon Black MDR team goes in depth on the latest variants of the Chromeloader malware and how to detect them.

Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing https://cofense.com/blog/lampion-trojan-utilizes-new-delivery-through-cloud-based-sharing

12/09/2022 14:05:35

Analysts at the Cofense Phishing Defense Center (PDC) have recently analyzed an email asking users to download a “Proof of Payment” as well as other documents. While it is important to never click on the link(s) or download the attachment(s) of any suspicious email, if the recipient interacts with the link, it downloaded the malware Lampion.

Shikitega - New stealthy malware targeting Linux https://cybersecurity.att.com/blogs/labs-research/shikitega-new-stealthy-malware-targeting-linux

07/09/2022 11:11:43

AT&T Alien Labs has discovered a new malware targeting endpoints and IoT devices that are running Linux operating systems. Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist.

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/

03/09/2022 11:24:16

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

North Korean hackers use signed macOS malware to target IT job seekers https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-signed-macos-malware-to-target-it-job-seekers/

18/08/2022 08:54:14

North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.

Two more malicious Python packages in the PyPI https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/

16/08/2022 19:41:05

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.

Last Week on My Mac: Is your Mac still secure from malware? https://eclecticlight.co/2022/08/07/last-week-on-my-mac-is-your-mac-still-secure-from-malware/

07/08/2022 11:16:02

If you’re still running macOS Mojave or earlier, now is the time to take action to ensure your Mac maintains protection against malware.

Raccoon Stealer v2: The Latest Generation of the Raccoon Family https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family

02/08/2022 08:02:58

Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.

Microsoft links Raspberry Robin malware to Evil Corp attacks https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-malware-to-evil-corp-attacks/

30/07/2022 11:33:31

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities https://www.trendmicro.com/en_us/research/22/g/lockbit-ransomware-group-augments-its-latest-variant--lockbit-3-.html

28/07/2022 08:40:45

In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware

Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware https://www.vice.com/en/article/bvmnxd/russia-released-a-ukrainian-app-for-hacking-russia-that-was-actually-malware

20/07/2022 22:19:28

Google researchers said the app was designed to figure out who may want to use this kind of app.

Joker, Facestealer and Coper banking malwares on Google Play store https://www.zscaler.com/blogs/security-research/joker-facestealer-and-coper-banking-malwares-google-play-store

19/07/2022 08:43:01

Joker, Facestealers and Banker swarming Google Play store

Liens par page

Filtres