Recherche : [Backdoor]

Trojanized Free Download Manager found to contain a Linux backdoor https://securelist.com/backdoored-free-download-manager-linux-malware/110465/

14/09/2023 12:20:50

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

TETRA Radio Code Encryption Has a Flaw: A Backdoor https://www.wired.com/story/tetra-radio-encryption-backdoor/

30/07/2023 21:08:14

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Emerging Threat! Exposing JOKERSPY https://www.elastic.co/fr/security-labs/inital-research-of-jokerspy

22/06/2023 21:36:02

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack https://www.bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack/

22/06/2023 21:18:20

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA https://www.wired.com/story/hualan-encryption-chips-entity-list-china/

17/06/2023 13:06:40

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

04/04/2023 20:43:33

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.

A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/rss/29534

09/02/2023 18:27:30

Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions.

For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.

PNG Steganography Hides Backdoor https://decoded.avast.io/martinchlumecky/png-steganography/

12/11/2022 22:35:11

Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.

From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud

21/10/2022 21:32:38

A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL… https://medium.com/@DCSO_CyTec/mssql-meet-maggie-898773df3b01

05/10/2022 23:20:17

Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage

30/09/2022 09:08:07

Espionage group begins using new backdoor that leverages rarely seen steganography technique.

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks https://thehackernews.com/2022/09/ta505-hackers-using-teslagun-panel-to.html

06/09/2022 12:16:00

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505.

"The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact https://securelist.com/the-sessionmanager-iis-backdoor/106868/

30/06/2022 22:25:26

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

SeaFlower 藏海花 A backdoor targeting iOS web3 wallets https://objective-see.org/blog/blog_0x6F.html

13/06/2022 15:45:33

Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it.

The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces.

SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.

Lyceum .NET DNS Backdoor https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor

13/06/2022 11:40:06

The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.

Malicious PyPI package opens backdoors on Windows, Linux, and Macs https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/

21/05/2022 22:21:57

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

BPFDoor — an active Chinese global surveillance tool https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896

07/05/2022 17:54:58

Chinese hackers abuse VLC Media Player to launch malware loader https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/

06/04/2022 10:17:20

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft's Official Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/

26/02/2022 11:27:25

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store

The Bvp47 - a Top-tier Backdoor of US NSA Equation Group https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/

23/02/2022 10:13:09

Bvp47 - a Top-tier Backdoor of US NSA Equation Group

PDF Document

Liens par page

Filtres