The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.
Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.
The Banshee Stealer macOS malware operation, which emerged earlier this year, was reportedly shut down following a source code leak.
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications.
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware.
SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.
ESET has launched an investigation after the systems of its official product distributor in Israel were abused to send out emails delivering wiper malware.
The targeted users received an email — signed by ESET’s Advanced Threat Defense (ATD) team — informing them about government-backed attackers trying to compromise their devices.
Analysis of a newly discovered Linux based variant of the DPRK attributed FASTCash malware along with background information on payment switches used in financial networks.
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
Perfctl is particularly elusive and persistent malware employing several sophisticated techniques
McAfee Labs recently observed an infection chain where fake CAPTCHA pages are being leveraged to distribute malware, specifically Lumma Stealer. We are observing a campaign targeting multiple countries. Below is a map showing the geolocation of devices accessing fake CAPTCHA URLs, highlighting the global distribution of the attack.
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named
#Atomic #Computer #Info #InfoSec #Information #Information-stealing #Marko #Polo #Rhadamanthys #Security #Stealc #Stealer #malware
It lets attackers control Macs remotely.
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new
Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware
Antivirus firm Dr.Web has flagged a type of Android malware known as Android.Vo1d that has infected about 1.3 million TV boxes across 197 countries.
The malware effectively enables a backdoor into the TV box's system that allows an attacker to download and install malicious third-party software. The R4 TV box model running Android 7.1.2, a TV Box running Android 12.1, and the KJ-SMART4KVIP TV box running Android 10.1 were the types of devices reportedly impacted.
