119 matches found
Kotlin-based malicious apps penetrate Google market
An open-source programming language, Kotlin is a fully-supported official programming language for Android. Google boasts that Kotlin contains safety features in order to make apps "healthy by default." Many apps are already built with Kotlin, from the hottest startups to Fortune 500 companies...
New Point-of-Sale Malware Steals Credit Card Data via DNS Queries
Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal...
Huawei HG532 Router Remote Code Execution(CVE-2017-17215)
A Zero-Day vulnerability CVE-2017-17215 in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild. The delivered payload has been identified as OKIRU/SATORI, an updated variant of Mirai...
Satori IoT Botnet Exploits Zero-Day to Zombify Huawei Routers
Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass a...
Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger
If you receive a video file packed in zip archive sent by someone or your friends on your Facebook messenger — just don't click on it. Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google...
A simple example of a complex cyberattack
We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...
Linux Trojan Using Hacked IoT Devices to Send Spam Emails
Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things IoT devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service DDoS attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New...
WireX Variant Capable of UDP Flood Attacks
The WireX botnet presented defenders with many superlatives: the largest mobile botnet ever; hundreds of mobile apps spreading application-layer DDoS malware; unprecedented cooperation between technology companies—even competitors—to halt some of its activities. And now a companion piece to WireX...
CowerSnail — Windows Backdoor from the Creators of SambaCry Linux Malware
Last month, we reported about a group of hackers exploiting SambaCry—a 7-year-old critical remote code execution vulnerability in Samba networking software—to hack Linux computers and install malware to mine cryptocurrencies. The same group of hackers is now targeting Windows machines with a new...
Watch Out for Malware If You're Interested in North Korean Missile Program
If you hold an interest in the North Korean Missile Program and are one of those curious to know capabilities of the recently tested North Korean long-range missile than you could be a target of a new malware campaign. North Korea claims to have conducted the first test of an intercontinental...
Ztorg: from rooting to SMS
I've been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that used exploits to gain root rights on the infected device. Then, in the second half of May 2017 I found one that wasn't...
BrainDamage - A fully featured backdoor that uses Telegram as a C&C server
A python based backdoor which uses Telegram as C&C server. /\ /.\ ,.-'/ ",'-., -^ /-^: | \ | \ | | | | | | | | Coded by: Mehul [email protected] -- Github: https://github.com/mehulj94 -- Twitter: https://twitter.com/wayfarermj -- For windows only | | | | | | | | | / / | | | | | '/ / |...
Malware exploit: Poisonivy
Type: Stack Buffer Overflow Author: Gal Badishi This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def...
Phony Android Flash Player Installs Banking Malware
Security researchers warn that a bogus Flash Player app aimed at Android mobile devices has surfaced and is luring victims to download and install banking malware that steals credit card information and can defeat two-factor identification schemes. Wells Fargo, Discovery Financial and Chase...
Sofacy APT organization to develop new Flash exploit framework-vulnerability warning-the black bar safety net
Sofacy cyber espionage Group, also known as Fancy Bear, and APT28, a Sednit, a Pawn Storm, and Strontium in. The organization has developed a new hack tool, and in the summer of this year the attacks have been put into use. Palo Alto Networks, the company said, the gang will be targeted in the...
RockLoader SQL Injection / Shell Upload
Exploit Title: RockLoader aka Bart Malware SQLi and shell file upload Date: 27-06-2016 Software Link Leak: https://github.com/colocation/RockLoader-source Exploit Author: Danail Velev Contact: ICQ: 209030 / [email protected] Website: http://colocation.bg/ Category: webapps / malware / private...
DarkComet Server 3.2 Remote File Download
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This module exploits an arbitrary file download vulnerabilit...
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
Poison Ivy 2.1.x C2 Server - Remote Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This...
Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module...
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the Poison Ivy 2.1.x C...