A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm.
#Actively #Botnet #Computer #Exploited #FXC #InfectedSlurs #InfoSec #Malware #QNAP #Router #Security #Vulnerability

Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.

Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address.
Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.

The North Korean threat actors behind macOS malware strains such as RustBucket and KANDYKORN have been observed "mixing and matching" different elements of the two disparate attack chains, leveraging RustBucket droppers to deliver KANDYKORN.

Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.

As the use of ChatGPT and other artificial intelligence (AI) technologies becomes more widespread, it is important to consider the possible risks associated with their use. One of the main concerns surrounding these technologies is the potential for malicious use, such as in the development of malware or other harmful software. Our recent reports discussed how cybercriminals are misusing the large language model’s (LLM) advanced capabilities:

We discussed how ChatGPT can be abused to scale manual and time-consuming processes in cybercriminals’ attack chains in virtual kidnapping schemes.
We also reported on how this tool can be used to automate certain processes in harpoon whaling attacks to discover “signals” or target categories.

Newly discovered later-stage malware from BlueNoroff APT group targets macOS with characteristics similar to their RustBucket campaign.

Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.

Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.
#2023 #APT #Apple #EN #Malware #Malware-Description #Triangulation #analysis #iOS #macOS #securelist #spyware

First publicly reported in 2018, DarkGate is a Windows-based malware with a wide-range of capabilities including credential stealing and remote access to victim endpoints. Until recently, it was only seen being delivered through traditional email malspam campaigns. In late August 2023, however, researchers at Trusec found evidence of a campaign using external Teams messages to deliver the DarkGate Loader.

• Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps.
• A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks.
• Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well.
• Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date.
• Human Security has already shared details of its findings with concerned law enforcement agencies.

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.

Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.'

AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware in the form of a batch file (*.bat). This malware is designed to download various scripts based on the anti-malware process, including AhnLab products, installed in the user’s environment. Based on the function names used by the malware and the downloaded URL parameters, it is suspected to have been distributed by the Kimsuky group.

American intelligence officials believe the malware could give China the power to disrupt or slow American deployments or resupply operations, including during a Chinese move against Taiwan.

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.