Internet threat news

Banking trojan malware, namely malware designed to intercept a victim’s banking-related information, including login passwords, so that funds can be fraudulently stolen, is an ever-present danger for those using banking applications on mobile phones.

Reminding us of this danger is the recent discovery by security researchers at Kaspersky Labs, which discovered a new banking trojan called SoumniBot.

According to a recently published article on Bleeping Computer, threat actors have compromised at least 2000 WordPress sites to push crypto malware onto unsuspecting visitors to the compromised sites.

The crypto-related malware, often called a crypto drainer, is a type of malware that tricks the user into approving a cryptocurrency transaction, automatically draining their associated cryptocurrency wallets.

The Indian government announced that it had rescued 250 Indian citizens enslaved by a Cambodian cybercrime gang. The kidnapped Indians were forced to serve and commit cybercrimes.

In a recently published article by Netcraft, a new Phishing-as-a-Service (PhaaS) platform targeting iPhones via the iMessage application has been discovered.

Named Darcula, the platform uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.

Security researchers at Trend Micro have discovered a DarkGate malware campaign using a vulnerability already patched in Windows Defender’s Smart Screen utility.

Several news outlets, including Reuters, have been covering a fair amount of exciting news regarding the BlackCat ransomware gang, also tracked as ALPHV by this publication.

When this publication last covered BlackCat operations, they were seen exploiting both the Impacket and RemCom frameworks to facilitate infections better.

Now, the ransomware developers are looking to bow out of the operation, not by retiring gracefully but via an exit scam that may be intended to prevent affiliates from being paid out.

Following the announcement and subsequent patching of CVE-2024-1709, several security researchers have noted ransomware gangs have been seen trying to exploit the flaw.

If the flaw is exploited, it allows an attacker to create admin accounts on Internet-exposed servers, delete all other users, and take over any vulnerable instance associated with a machine.

According to the latest report published by Google's Threat Analysis Group (TAG), the rise of commercial surveillance vendors is driving zero-day vulnerability discovery, development, and exploitation. This poses significant risks to free speech, the free press, and the open internet.

According to a recently published report by security firm ESET, a new sophisticated Advanced Persistent Threat (APT) group called Blackwood has emerged from the shadows.

Researchers discovered that the APT group was conducting cyberespionage campaigns against businesses and individuals. Based on what was found, the group has been active since 2018.

Security firm CyberArk has developed an online version of its White Phoenix decryptor, designed to help make it easier for victims to decrypt encrypted files. This can help victims of specific ransomware attacks recover files without downloading a GitHub repository.

In the space of little over a month, security firm Kaspersky discovered not one but two trojan malware that target macOS machines being spread via cracked software packages. This again shows the danger of downloading and installing pirated and cracked software to save a few dollars.

In a joint advisory issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), both agencies warned that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.

Recently, local media in Paraguay reported that Tigo, the largest mobile carrier in Paraguay, with its Tigo Business division offering digital solutions to the enterprise.

The list of provided services includes cybersecurity consulting, cloud and data center hosting, and wide area network (WAN) solutions, suffered a cyberattack directly impacting cloud and hosting services in the company's business division.

According to new research published by Check Point, the ongoing Israel-Hamas war has seen a new version of the SysJoker being actively deployed against targets.

The newly discovered version of SysJoker has been written in the Rust programming language, suggesting that it has been completely rewritten.

Researchers also noted that the new version was utilized in targeted attacks in 2023, similar in tactics and approach to known threat actors, such as the Gaza Cybergang.