89 matches found
Malicious Package
Overview rblxtools is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Disco...
Malicious Package
Overview plutos is a malicious package. This is one of 12 malicious packages created by the same actor and discovered by Snyk. It downloads and executes malicious exe files containing malicious code that attempts to steal information from Google Chrome, tokens from Discord, and Injects a Discord...
Researchers Warn of Raspberry Robin's Worm Targeting Windows Users
Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. Describing it as a "persistent" and "spreading" threat, Cybereason said it observed a number of victims ...
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts...
70 European and South American Banks Under Attack By Bizarro Banking Malware
A financially motivated cybercrime gang has unleashed a previously undocumented banking trojan, which can steal credentials from customers of 70 banks located in various European and South American countries. Dubbed "Bizarro" by Kaspersky researchers, the Windows malware is "using affiliates or...
Operation TunnelSnake
Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O...
Perkiler malware turns to SMB brute force to spread
Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force. Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit EK...
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...
LodaRAT Windows Malware Now Also Targets Android Devices
A previously known Windows remote access Trojan RAT with credential-stealing capabilities has now expanded its scope to set its sights on users of Android devices to further the attacker's espionage motives. "The developers of LodaRAT have added Android as a targeted platform," Cisco Talos...
Android Devices Hunted by LodaRAT Windows Malware
A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both...
APT annual review: What the world’s threat actors got up to in 2020
We track the ongoing activities of more than 900 advanced threat actors; you can find our quarterly overviews here, here and here. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat...
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...
BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity
A cyberespionage group known as BAHAMUT has been linked to a “staggering” number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. That’s according to BlackBerry researchers, who...
Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian...
This Week in Security News: More Than 8,000 Unsecured Redis Instances Found in the Cloud and Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 8,000 Redis instances running unsecured in different parts of the world, even deployed in public clouds. Also, read about a new...
Wiper Malware Called "Coronavirus" Spreads Among Windows Victims
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record MBR. It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that...
Charming Kitten Uses Fake Interview Requests to Target Public Figures
The Iran-based hacking group Charming Kitten has resurfaced with a new campaign that uses fake interviews to target public figures to launch phishing attacks and steal victims’ email-account information. In a report released Wednesday, security researchers at Certfa Lab say they discovered the...
This Cryptomining Malware Launches Linux VMs On Windows and macOS
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed "LoudMiner" and also "Bird Miner," the attack leverages...
This Cryptomining Malware Launches Linux VMs On Windows and macOS
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed "LoudMiner " and also "Bird Miner, " the attack leverages...
AV-Comparatives: Trend Micro Antivirus for Mac Provides 100% Malware Protection for Mac Users
Despite popular opinion otherwise, the days have long since passed when Mac users can venture forth on the Internet without having to worry about viruses or ransomware, phishing attacks or dangerous URLs. Though the number of attacks on the Mac are fewer than those on Windows machines because the...