323 matches found
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat APT group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful...
North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor
Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the U.S. "Dtrack allows criminals to upload, download, start ...
Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network
The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-...
EvilnoVNC - Ready To Go Phishing Platform
EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim's actions, access to their downloaded files and the entire browser...
Tax refund phish logs keystrokes to swipe personal details
Theres been some smart phishing campaigns running over the last few weeks, and this one is particularly sneaky. Bleeping Computer reports that a phishing page is targeting Greek taxpayers with a tax refund scam. The added sting in the tail comes in the form of an embedded keylogger which grabs...
Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware
Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan RAT known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing...
A week in security (August 29 - September 4)
Last week on Malwarebytes Labs: Twilio data breach turns out to be more elaborate than suspected Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18 Chromium browsers can write to the system clipboard without your permission British Airways customers targeted in lost luggag...
Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms
By Waqas The IP addresses used in the attack originated from Vietnam, while the campaign’s primary targets were located in the USA. This is a post from HackRead.com Read the original post: Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms...
What is a keylogger?
A blog post published earlier this year posed the question "Is Grammarly a keylogger?" I have personally had people reference that post and ask me to add detection of Grammarly to Malwarebytes. The answer has always been, "no." Whether or not you like what Grammarly does, Grammarly is not a...
Watering Hole Attacks Push ScanBox Keylogger
A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...
Meet Borat RAT, a New Unique Triple Threat
Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan RAT malware. What makes this particular RAT malware distinct enough to be named after the comic creation of Sacha Baron Cohen? RAT malware typically helps cybercriminals gain complete control of a victim's...
Spying on the spies. See what JavaScript commands get injected by in-app browsers
Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...
Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution...
WebView2-Cookie-Stealer - Attacking With WebView2 Applications
Please read this blog post to get more information. Source Code This code is a modified version of Microsoft's WebView2 Code. The current code can be cleaned up and made much better. Demo Launch Example Usage Example Usage Tested onWindows 10 & 11. When the binary is executed...
New Android Banking Trojan 'Revive' Targeting Users of Spanish Financial Services
A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware — dubbed Revive by Italian cybersecurity firm Cleafy — was first observed on June 15, 2022 and...
Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware
Cybersecurity researchers have detailed the workings of a fully-featured malware loader dubbed PureCrypter that's being purchased by cyber criminals to deliver remote access trojans RATs and information stealers. "The loader is a .NET executable obfuscated with SmartAssembly and makes use of...
Snake Keylogger Spreads Through Malicious PDFs
While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...
pikachu
It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool is designed to demonstrate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...
No-Joke Borat RAT Propagates Ransomware, DDoS
Attackers are using a newly released remote access trojan RAT to spread ransomware and distributed denial of service DDoS — in addition to the traditional RAT function of backdooring victims’ systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it us...
Gh0stCringe RAT makes database servers squeal for protection
Researchers have found that the Gh0stCringe RAT is infecting Microsoft SQL and MySQL, and seems to focus on servers with weak protection. The Gh0stCringe RAT communicates with a command and control C&C server to receive instructions and is capable of exfiltrating information. SQL SQL is short for...