Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 15
296 résultats taggé Malware  ✕
LockBit Ransomware v4.0 https://chuongdong.com/reverse%20engineering/2025/03/15/Lockbit4Ransomware/
30/04/2025 11:30:36
QRCode
archive.org

Malware Analysis Report - LockBit Ransomware v4.0

In this blog post, I’m going over my analysis for the latest variant of LockBit ransomware - version 4.0. Throughout this blog, I’ll walk through all the malicious functionalities discovered, complete with explanations and IDA screenshots to show my reverse engineering process step by step. This new version of LockBit 4.0 implements a hybrid-cryptography approach, combining Curve25519 with XChaCha20 for its file encryption scheme.

This version shares similarities with the older LockBit Green variant that is derived from Conti ransomware. While the multi-threading architecture seems more streamlined than previous versions, it still delivers an encryption speed that outpaces most other ransomware families.

As always, LockBit is still my most favorite malware to look at, and I certainly enjoyed doing a deep dive to understand how this version works.

chuongdong EN 2025 Malware Analysis Report LockBit LockBit4.0 ransomware
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide https://www.wired.com/story/cyberav3ngers-iran-hacking-water-and-gas-industrial-systems/
27/04/2025 11:57:14
QRCode
archive.org
thumbnail

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.
The intermittent cyberwar between Israel and Iran, stretching back to Israel's role in the creation and deployment of the Stuxnet malware that sabotaged Iran's nuclear weapons program, has been perhaps the longest-running conflict in the era of state-sponsored hacking. But since Hamas' October 7 attack and Israel's retaliatory invasion of Gaza, a new player in that conflict threatens not just digital infrastructure in Israel but also critical systems in the US and around the world.
The group known as CyberAv3ngers has, in the last year and a half, proven to be the Iranian government's most active hackers focused on industrial control systems. Its targets include water, wastewater, oil and gas, and many other types of critical infrastructure. Despite being operated by members of Iran's Revolutionary Guard Corps, according to US officials who have offered a $10 million bounty for information leading to their arrest, the group initially took on the mantle of a “hacktivist” campaign.

wired EN 2025 CyberAv3ngers iran malware Critical-Infrastructure state-sponsored
New Rust Botnet "RustoBot" is Routed via Routers https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers
23/04/2025 08:30:04
QRCode
archive.org

FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices.

fortinet EN 2025 TOTOLINK Botnet Rust Routers RustoBot malware
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation https://www.cleafy.com/cleafy-labs/supercardx-exposing-chinese-speaker-maas-for-nfc-relay-fraud-operation
21/04/2025 09:20:01
QRCode
archive.org
thumbnail

This report details a newly identified and active fraud campaign, highlighting the emergence of sophisticated mobile malware leveraging innovative techniques:

  • SuperCard X Malware: A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs.
  • Evolving Threat Landscape: Demonstrates the continuous advancement of mobile malware in the financial sector, with NFC relay representing a significant new capability.
  • Combined Attack Vectors: Employs a multi-stage approach combining social engineering (via smishing and phone calls), malicious application installation, and NFC data interception for highly effective fraud.
  • Low Detection Rate: SuperCard X currently exhibits a low detection rate among antivirus solutions due to its focused functionality and minimalistic permission model.‍
  • Broad Target Scope: The fraud scheme targets customers of banking institutions and card issuers, aiming to compromise payment card data.
cleafy.com EN 2025 SuperCardX Malware NFC report campaign mobile
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/?_bhlid=7cad219df2b33b89940e503424edaf8ccb6df9b1
20/04/2025 12:38:06
QRCode
archive.org
thumbnail

Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration.

microsoft EN 2025 Node.js malware ClickFix exfiltration analysis campaign
Microsoft Warns of Node.js Abuse for Malware Delivery https://www.securityweek.com/microsoft-warns-of-node-js-abuse-for-malware-delivery/
16/04/2025 14:38:27
QRCode
archive.org

In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.

Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads.

The tech giant has been seeing such attacks aimed at its customers since October 2024 and some of the observed campaigns are still active in April 2025.

securityweek EN 2025 malware node.js Microsoft Abuse
A miner and the ClipBanker Trojan being distributed via SourceForge | Securelist https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/?ref=metacurity.com
09/04/2025 20:20:08
QRCode
archive.org
thumbnail

Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.

securelist EN 2025 officepackage ClipBanker Cryptocurrencies Malware Malware-Descriptions Malware-Technologies Microsoft-Office Miner Piracy SourceForge Trojan
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs https://www.elastic.co/security-labs/outlaw-linux-malware
06/04/2025 11:21:09
QRCode
archive.org
thumbnail

OUTLAW is a persistent yet unsophisticated auto-propagating coinminer package observed across multiple versions over the past few years [1], [2], [3], [4]. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics such as SSH brute-forcing, SSH key and cron-based persistence, and manually modified commodity miners and IRC channels. This persistence highlights how botnet operators can achieve widespread impact without relying on sophisticated techniques.

elastic EN 2025 OUTLOW linux malware analisys
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/
02/04/2025 14:56:40
QRCode
archive.org
thumbnail

New malware targets Apache Tomcat servers, hijacking resources through stealthy payloads & lateral movement. What to watch for to protect your workloads

aquasec EN 2025 Tomcat Ongoing Attacks malware workloads
Hidden Malware Strikes Again: Mu-Plugins Under Attack https://blog.sucuri.net/2025/03/hidden-malware-strikes-again-mu-plugins-under-attack.html
31/03/2025 19:30:17
QRCode
archive.org
thumbnail

Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.

sucuri EN 2025 Wordpress Mu-Plugins malware Hidden plugin
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
23/03/2025 10:56:48
QRCode
archive.org
thumbnail

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]

microsoft EN 2025 microsoft Phishing campaign credential-stealing malware Booking.com ClickFix
WordPress ClickFix Malware Causes Google Warnings and Infected Computers https://blog.sucuri.net/2025/02/wordpress-clickfix-malware-causes-google-warnings-and-infected-computers.html
23/02/2025 21:00:41
QRCode
archive.org
thumbnail

Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.

sucuri EN 2025 WordPress ClickFix Malware reCAPTCHA
Microsoft spots XCSSET macOS malware variant used for crypto theft https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/
18/02/2025 15:37:22
QRCode
archive.org
thumbnail

A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app.

bleepingcomputer EN 2025 Apple Malware Supply-Chain-Attack Xcode XCSSET Security
Hidden Backdoors Uncovered in WordPress Malware Investigation https://blog.sucuri.net/2025/02/hidden-backdoors-uncovered-in-wordpress-malware-investigation.html
16/02/2025 14:38:31
QRCode
archive.org
thumbnail

Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.

sucuri E*N 2025 WordPress malware backdoor plugin php mu-plugins
PirateFi game on Steam caught installing password-stealing malware https://www.bleepingcomputer.com/news/security/piratefi-game-on-steam-caught-installing-password-stealing-malware/
16/02/2025 14:28:40
QRCode
archive.org
thumbnail

A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.

bleepingcomputer EN 2025 Games Gaming Malware Steam Valve
Unpacking the BADBOX Botnet with Censys https://censys.com/unpacking-the-badbox-botnet/
05/02/2025 15:17:01
QRCode
archive.org
thumbnail

Discover BADBOX, a new botnet pre-infecting Android devices—including TVs—via factory malware. Explore supply chain threats from one SSL certificate.

censys EN 2025 BADBOX pre-infecting Android malware analysis
SparkCat crypto stealer in Google Play and App Store https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/
05/02/2025 09:18:19
QRCode
archive.org
thumbnail

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.

securelist EN 2025 Apple iOS Cryptocurrencies Google-Android Malware Malware-Descriptions Malware-Technologies Mobile-Malware Trojan Trojan-stealer
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed https://www.sentinelone.com/blog/macos-flexibleferret-further-variants-of-dprk-malware-family-unearthed/
04/02/2025 11:23:34
QRCode
archive.org
thumbnail

DPRK 'Contagious Interview' campaign continues to target Mac users with new variants of FERRET malware and Github devs with repo spam.

sentinelone EN 2025 macOS FlexibleFerret DPRK Malware
10,000 WordPress Websites Found Delivering MacOS and Windows Malware https://cside.dev/blog/10-000-wordpress-websites-found-delivering-macos-and-microsoft-malware
30/01/2025 09:16:23
QRCode
archive.org
thumbnail

Third-party scripts are a key part of the supply chain, giving 3rd party access to sensitive data or allowing malicious actions in the browser of your user. c/side helps you regain control over your website.

cside.dev EN 2025 WordPress MacOS Windows Malware
New TorNet backdoor seen in widespread campaign https://blog.talosintelligence.com/new-tornet-backdoor-campaign/
29/01/2025 22:23:37
QRCode
archive.org
thumbnail

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.

  • The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware.
  • The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence.
  • The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions.
  • We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
talosintelligence EN 2025 TorNet backdoor campaign Poland Germany analysis malware
page 1 / 15
4258 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio