Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
malware (106)
Tens of thousands of devices around the world, including many industrial control systems (ICS) and government computers, have been targeted in what appears to be an espionage campaign that involves a new piece of malware now named PseudoManuscrypt, Kaspersky recently reported. Manuscrypt, aka NukeSped, is a family of malware tools that have been used in espionage campaigns in the past. One such was a February spear-phishing campaign linked to Lazarus a prolific North Korean APT that used the Man
A new Android banking trojan has been discovered targeting international banks and cryptocrrency services from the United Kingdom, Italy and the US. Twenty-two instances have been reported so far. The malware, first detected at the end of October 2021, appears to be new and is still being developed. It was discovered by Cleafy, an Italian fraud detection and prevention firm. Cleafy calls it ‘SharkBot’, named after the frequency of the word ‘sharked’ in its binaries.
SharkBot is not found in
Cybersecurity threats, risks and challenges are often different depending on various international locations. Cyber-attack targets vary based on local resources and means to exploit vulnerabilities. Cyber criminals and nation-state attackers zero in on specific nations, companies and organizations for varying incentives. Additionally, the COVID-19 pandemic amplified and intensified cybersecurity threats. Since 2019, attackers have launch remote work-enabled attacks or social engineering att
A Russian-linked group known as Turla has been deploying a secondary backdoor against numerous targets to maintain persistence within compromised devices even after the primary malware has been discovered and removed from the infrastructure, according to a research report released by Cisco Talos this week.
The newly discovered backdoor, which the researchers call "TinyTurla," has been deployed against targets in the U.S. and Germany over the last two years. More recently, however, Turla has used
Eventually, everyone need help with their heating and air conditioning (HVAC) units. Most technicians are trustworthy and do a great job. The bad news is that more than 9 out of 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies. The study found that external attackers can penetrate the corporate network in all these organizations, and once inside, can obtain user credentials and complete control over the infrastructure in 100
An emerging information-stealing malware, sold and distributed on underground Russian underground forums has been written in Rust, is signaling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts. Rust is a multi-paradigm, high-level, general-purpose programming language designed for performance and safety, especially safe concurrency. Rust is syntactically similar to C++ b
A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam. Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.
The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States. Panda Stealer was discovered by Trend Micro at the beginning of A
Cybersecurity threats are more prevalent than ever. As of 2020, 67% of small businesses (those with less than 1,000 employees) were targeted. More than half of all small businesses have been breached. As a small business owner, you have to be aware of the dangers lurking on the web.
Red Sky Alliance offers a suite of Intelligence Services that revolve around cyber threat analysis. Today’s post is aimed at small business owners that need a quick primer on the threats streaming into their organiza
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web. Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Joker is a malware Trojan that targets Android users. It was packaged in at least two dozen applications that were downloaded from Google Play store over 400,000 times. The main p
Purple Fox is the name of a malware downloader, a malicious program that proliferates other programs of this type. This malware is used to infect systems with cryptocurrency mining programs. Purple Fox can cause serious damage and must be uninstalled immediately. An example of malware that could be installed through Purple Fox is ransomware. These programs encrypt files and prevent victims from accessing them unless ransoms are paid or confidential information is disclosed and offered for sa
Researchers have discovered a new information-stealing Trojan, which targets Android devices with a blitz of data-exfiltration capabilities from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this clever new malicious app masquerades itself as a System Update application to take control of compromised devices.
"The spyware creates a notificati
The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place. The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely. Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds
The age-old trick of romance scams remains real and is getting worse. The number of people being targeted by fake relationship-seekers has drastically spiked during the COVID-19 pandemic. Why? People are lonely and clever criminals play on this new phenomenon. Romance scams remain the most successful fraud strategy for cybercriminals and represent a growing arena of opportunity; this according to the Federal Trade Commission. During 2020, romance schemes accounted for a record $304 million ra
A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. Analyzing it has been difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code difficult.
OSAMiner is a typical Trojan which mainly cause system vulnerability on PCs to help hackers’ remote attack. Use
Security researchers have discovered a new Android banking trojan that can spy and steal data from 153 Android applications.
Named Ghimob, the trojan is believed to have been developed by the same group behind the Astaroth (Guildma) Windows malware, according to a report published on Monday by Kaspersky. Kaspersky says the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth operation. Distribution was never c
A stealthy new Windows Trojan steals saved passwords, session cookies, hardware and software information and other valuable items from the Google Chrome and Mozilla Firefox browsers and from Windows itself.
The malware, named Jupyter by its finders at Israeli security firm Morphisec, has been active since at least May 2020, but it escaped detection by most antivirus software until last week; partly because unlike most malware, Jupyter runs mostly in memory and leaves very little trace on a syst
In August 2020, the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware. The entire report can be viewed here
The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems.
Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, t
