Internet threat news
According to a report by cybersecurity firm Cleafy, a new Malware-as-a-Service has begun operating, with much evidence pointing to the malware's developers operating within Turkey. Cleafy has called the malware itself DroidBot, based on the domain used to host the malware's infrastructure.
According to a recent article published by McAfee, security researchers have noticed a significant spike in the use of predatory loan apps by malicious actors.
These Potentially Unwanted Programs (PUPs) are referred to as SpyLoan applications and typically use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which can lead to extortion, harassment, and financial loss.
According to Trend Micro, Chinese state-sponsored threat actor Salt Typhoon, also tracked as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been seen deploying a new backdoor malware. Called "GhostSpider" by Trend Micro researchers, the malware has been used in attacks against Southeast Asian telecommunications companies.
Cybersecurity researcher g0njxa recently discovered a cyberattack campaign leveraging fake AI video generators to infect machines with info-stealing malware. The attacker installed the Lumma and AMOS stealers on both Windows and macOS machines.
Lumma targets Windows machines, while AMOS targets macOS machines. Both are used to steal cryptocurrency wallets, cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium browsers.
In a recent article by security firm Gen Digital, researchers detailed a new campaign delivering Glove Stealer as its primary malware payload.
The new stealer was discovered as the payload has been named Glove by Gen Digital and uses ClickFix social engineering tactics to gain high privileges and install the malware. This is another instance of threat actors favoring info-stealing malware recently while relying on ClickFix or FakeCapthca tactics for distribution.
In a recently published blog article by Check Point's research team, an attack campaign was discovered spreading the Rhadamanthys info stealer. The infection chain starts with victims receiving fake copyright infringement emails to act as the lure.
According to a new report by security firm Kaspersky, researchers discovered a new crimeware bundle being distributed via forum posts, torrent trackers, and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. The malware itself is capable of extracting the victim's credit card data, details about the infected device, and a cryptocurrency miner.
According to a new report by Palo Alto’s Unit 42, North Korean state-sponsored threat actors, tracked by the security firm as Jumpy Pisces but also tracked as Andariel, have been linked to the Play ransomware gang.
Researchers believe this is the first instance of the group using existing ransomware infrastructure, potentially acting as an initial access broker (IAB) or an affiliate of the Play ransomware group. This also possibly signals deeper involvement in the broader ransomware threat landscape.
According to a blog article published by ReliaQuest, their security team discovered a new Black Basta ransomware campaign that begins with a spam email, which is then followed by threat actors posing as Microsoft Teams IT Support to trick victims into installing remote access software, which is then used to deploy Black Basta.
A recently published article by GoDaddy's Security Team revealed that a new ClickFix malware campaign targeting vulnerable WordPress sites to deliver information-stealing malware is making the rounds. Information-stealing malware, or info stealers, is somewhat in vogue by financially motivated and state-sponsored threat actors.
In a recent report by ZScaler, data collected from June 2023 to April 2024 showed that Google Play, the official store for Android, distributed more than 200 malicious applications, which amounted to nearly eight million downloads. The collected data focused on analyzing malware families on both Google Play and other distribution platforms.
According to a recent report by the United Nations Office on Drugs and Crime (UNODC), a large and diverse set of malicious AI tools have been developed across Southeast Asia to supplement the needs of cybercrime cartels across the region.
Tools to generate convincing deep fakes appear to be the most popular, with UNODC recording an exponential increase in Telegram channel mentions, with those channels acting as marketplaces for said tools.
Microsoft 365 users should be aware of a new threat actor offering their services as a phishing-as-a-service platform to conduct Adversary-in-the-Middle (AiTM) attacks for a monthly fee. Called Mamba2FA, not to be confused with Mamba ransomware, the malware targets Microsoft 365 users with well-crafted login pages.
However, the real danger to Microsoft 365 users is the ability to conduct AiTM attacks to capture the victim's authentication tokens and bypass multifactor authentication (MFA) protections on their accounts. The malware costs 250 USD per month, making it incredibly competitive and presenting a significant drop in the skill floor required for threat actors to carry out sophisticated attacks.
Law enforcement agencies from 12 countries have collaborated to arrest four individuals associated with the LockBit ransomware gang. Along with the arrests' law enforcement officials seized servers critical to the ransomware gang's operations.
Regarding the arrests, a suspected developer of LockBit was arrested at the request of the French authorities, while the British authorities arrested two individuals for supporting the activity of a LockBit affiliate. The Spanish officers seized nine servers, part of the ransomware's infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group.
More Articles...
Page 1 of 55
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>