malware (67)

12292775877?profile=RESIZE_400xA new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.  This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection.

While malvertising campaigns are known to set up replica sites advertising widely

12283099090?profile=RESIZE_400xA highly sophisticated piece of malware posing as a cryptocurrency miner has stayed hidden for five years, infecting more than one million devices, cybersecurity investigators warn.  Named StripedFly, the threat contains code sequences previously observed in the malware used by the threat actor known as the Equation Group, known for APT malware and attacks, which has been linked to the US National Security Agency.

Designed as a modular framework, StripedFly can target both Windows and Linux and

12264243686?profile=RESIZE_400xA new information stealer named ExelaStealer has become the latest one to become available to the hacker audience.  There are many choices available for off-the-shelf malware designed to capture sensitive data from compromised Windows systems.  ExelaStealer is a largely open-source infostealer with paid customizations available from the threat actor creator.

Written in Python and incorporating support for JavaScript, it comes fitted with capabilities to siphon passwords, Discord tokens, credit c

12246230285?profile=RESIZE_400xA new malware-as-a-service option for cybercriminals known as BunnyLoader was released on September 4th, 2023.  It has since seen a variety of updates and has reached version 2.0.  As one might expect from any number of the “as a service” monikers, malware-as-a-service is a business model for cybercriminals.  The business model is such that malware and its associated infrastructure are provided to customers for a fee.  This can also be seen as a variation to the software-as-a-service model.


12239425294?profile=RESIZE_400xIn 1923, the Soviet Union created the Nagorno-Karabakh Autonomous Oblast (an oblast is an administrative region or province) within the Azerbaijan Soviet Socialist Republic.  This oblast has a 95% ethnically Armenian population.  In 1988, Nagorno-Karabakh intended to leave Azerbaijan and join the neighboring Republic of Armenia.  While the Soviet Union was able to keep the resulting tension under control, once the USSR began to collapse, armed conflict between Azerbaijan and Armenia began for co

12143866499?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint cybersecurity advisory (CSA) regarding new Truebot malware variants that are being used against organizations in the United States and Canada.

Older versions of the Truebot malware variant were delivered via malicious phishing email attachments, the CSA expla

12127855284?profile=RESIZE_400xA common tactic for cybercriminals is to distribute storage drives, phones, or other internet-connected devices filled with hidden malware to hack victims and steal their information. Although smartwatches have not been known for major security breaches so far, they carry many of the same vulnerabilities as other IoT products and warrant a similar degree of caution.  A recent InfraGard brief by DHS cautioned the use of Smartphones and being vulnerable to malware.

The US Army’s Criminal Investiga

11836228891?profile=RESIZE_400xDetection of malware is typically done using virus definitions or signatures in a database.  Security products, such as antiviruses, will scan files using a virus database to detect if the files are good or bad.  They detect files as good if they don’t match an entry in the database and consider files bad if they do match an entry. It works almost like an advanced blacklist.

Malware authors understand how security products work and build malware that these products cannot detect.  In the undergr

11063692094?profile=RESIZE_400xDuring the dark days of COVID-19, the transfer from office to remote working cybersecurity was often neglected so that businesses could just “stay in business.”  Even after a couple years, common sense tells us that companies would have caught up with cybersecurity.  There are three business scenarios: those that have been attacked, those that do not know they have been attacked, and those that are going to be attacked. 

The risks are high with research showing the average cost of an IT security

11038585896?profile=RESIZE_400xThe nasty Iranian nation-state APT group known as Charming Kitten is actively targeting multiple victims in the US, Europe, the Middle East, and India with a new malware named BellaCiao, adding to its ever-expanding list of custom tools.  Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that is capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.  The attackers appear to customize their attacks for eac

11021568859?profile=RESIZE_400xIt is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month.  But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.  And once installed, it’s tough to remove.

While many apps collect vast troves of user data, sometimes without explicit consent, experts say e-com

10969155500?profile=RESIZE_400xA new financially motivated campaign that began in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.  Investigators said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389."  The attacks primarily focus on individuals, small businesses, and large organizations located in the US, and to a lesser extent in the UK, Turkey,

10968416861?profile=RESIZE_400xCybersecurity researchers have found a new piece of evasive malware named “Beep” (just one Beep) designed to operate undetected and deliver additional payloads onto a compromised host.  The authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find, reported investigators.  One such technique involved delaying execution through the Beep API function, hence the malware's name.[1]

All PCs previously shared an 8254 programmable i

10957340299?profile=RESIZE_400xA few weeks ago, reported about a malware-infected Android TV box available on Amazon: the T95 TV box.[1]  The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant.   Now the same TV box is in the news again, and the person who has identified security threats is a Malwarebytes mobile malware researcher.  He purchased this device from Amazon to further probe and instantly realized something was off about this TV box.  He di

10947154064?profile=RESIZE_400xCyberattacks in the US have significantly increased over the past year, with the healthcare system and other critical sectors being attacked as the threat of malware like ransomware and foreign spyware continues to evolve.   During 2022, US government officials and lawmakers renewed their focus on cyber security and sought to secure the country’s critical sectors from rising cyber threats. This issue will increase in 2023, as many of those threats are still escalating while the cyber sector is c

10923797266?profile=RESIZE_400xRisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

10913981254?profile=RESIZE_400xCybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems.  Azov is the name of ransomware, malware that blocks access to files by encrypting them.  It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i

10906606696?profile=RESIZE_400xMalware is nothing more that burglary tools.  Cyber researchers have recently shed light on a Dark web marketplace called “In the Box” that is designed to specifically cater to mobile malware operators.  The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own.  The automation allows other bad actors to create o

10905077878?profile=RESIZE_400xBack in 1969, the rock group – The Rolling Stones – recorded an album titled “Let it Bleed.” The album sold over 2.4 million copies, and in 1997, it was voted the 27th "Best Album Ever." The current "Bleed You" malicious cyber campaign is far from being popular and is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. More than 1,000 systems are unpatched and vulnerable to compromise.

If an attacker gains cont

10895583072?profile=RESIZE_400xOver the past six months, the infamous Emotet botnet has shown almost no activity, and now it is distributing malicious spam.  Emotet is by far one of the most dangerous trojans ever created.  The malware became a very destructive program as it grew in scale and sophistication.  The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents.  When users open these documents and enable