DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee’s laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company’s systems and data last month. The CI/CD service CircleCI said the “sophisticated attack” took place on December 16, 2022, and that the malware went undetected by its antivirus […]
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. “Attackers now use the polyglot technique to confuse security solutions that don’t properly validate the JAR file […]
A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. “Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement […]
A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with […]
A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. “The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines,” Uptycs security researcher Karthickkumar Kathiresan said in a report. Details […]
The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity […]
Malware analysis tools are highly essential for Security Professionals who always need to learn many tools, techniques, and concepts to analyze sophisticated Threats and current cyber attacks. Malware Analysis Tools & Courses Malware Analysis Courses Hex Editors Disassemblers Detection and Classification Dynamic Binary Instrumentation Dynamic Analysis Deobfuscation Debugging Malware Analaysis Courses Reverse Engineering Binary Analysis Decompiler […]
A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. “It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system,” AhnLab Security Emergency Response Center (ASEC) said in a […]
A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. The unknown adversary is believed to have hijacked the IT infrastructure of a Colombian cooperative bank, using the information to craft convincing decoy messages to lure victims […]
In an attempt to inject malicious JavaScript into WordPress plugins and themes that are outdated, a previously detected Linux malware that is unknown has been found exploiting 30 vulnerabilities. The targeted website is injected with malicious JavaScript code if any outdated versions of the vulnerable add-ons are used on the site, as they lack crucial […]
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,” Russian security vendor Doctor Web said in a […]
An advanced malware downloader named GuLoader has recently been exposed by cybersecurity researchers at CrowdStrike. This advanced downloader has the capability to evade the detection of security software by adopting a variety of techniques. While analyzing the shellcode of GuLoader, a brand-new anti-analysis technique was discovered by CrowdStrike through which researchers would be able to […]
Researchers at Phylum recently discovered that hackers had been injecting information stealer malware into Python developers’ machines in order to steal their information. As they dug deeper, they discovered a new stealer variant with many different names. While apart from this, the source code of the program reveals that it is a straightforward copy of […]
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. “New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings,” CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a technical write-up […]
The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered “several sets of logs” exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware, RisePro is […]
A new Android trojan called BrasDex has been identified as the work of the same threat actors responsible for the Casbaneiro malware that targets Windows banking systems. The security analysts at ThreatFabric recently spotted an ongoing multi-platform campaign in which Brazilian users have been observed to be targeted as part of this malware (BrasDex) attack. […]
The Computer Emergency Response Team of Ukraine (CERT-UA) this week disclosed that users of the Delta situational awareness program received phishing emails from a compromised email account belonging to the Ministry of Defense. The attacks, which have been attributed to a threat cluster dubbed UAC-0142, aimed to infect systems with two pieces of data-stealing malware […]
The newly discovered information stealer known as “RisePro” is being delivered through the pay-per-install malware downloader service known as “PrivateLoader,”. RisePro is a backdoor that is written in C++ and it gathers potentially sensitive information from workstations that have been hacked. It then tries to exfiltrate this information as logs. Malware known as log (or […]
Cyble Research and Intelligence Labs (CRIL) detected threat Actors (TAs) distributing the malware DarkTortilla. Since 2015, the complex .NET-based malware known as DarkTortilla has been operating. Researchers say that numerous stealers and Remote Access Trojans (RATs) including AgentTesla, AsyncRAT, NanoCore, etc. are known to be dropped by the malware. DarkTortilla and Its Specific Actions Security researchers […]
To perform HTML smuggling, the QBot malware phishing campaigns utilize SVG image files as a method of distribution. This method creates a malicious installer for Windows that can be run by the user locally. A Base64 encoded QBot malware installer is reassembled via embedded SVG images that contain JavaScript which can be used to perform […]
Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using […]