27 matches found
CVE-2026-8628
The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon...
New Stealer Uses Invalid Cert To Compromise Systems
New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...
‘Operation Endgame’ Hits Malware Delivery Platforms
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort...
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
The Kimsuky aka Springtail advanced persistent threat APT group, which is linked to North Korea's Reconnaissance General Bureau RGB, has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is...
SoumniBot: the new Android banker’s unique techniques
The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...
Threat Roundup for May 5 to May 12
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 5 and May 12. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Examining New DawDropper Banking Dropper and DaaS on the Dark Web
In this blog post, we discuss the technical details of a new banking dropper that we have dubbed DawDropper, give a brief history of banking trojans released in early 2022 that use malicious droppers, and elaborate on cybercriminal activities related to DaaS in the deep web...
New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
A number of rogue Android apps that have been cumulatively installed from the official Google Play Store more than 50,000 times are being used to target banks and other financial entities. The rental banking trojan, dubbed Octo, is said to be a rebrand of another Android malware called...
SAS 2021: Operation Software Concepts
During the Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security Japan will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack...
The Ransomware Killchain: How It Works, and How to Protect Your Systems
Much ado has been made by this very author on this very blog! about the incentives for attackers and defenders around ransomware. There is also a wealth of information on the internet about how to protect yourself from ransomware. One thing we want to avoid losing sight of, however, is just how w...
Malware droppers for hire targeting users on fake pirated software sites
By Deeba Ahmed Some fake piracy websites have been found distributing Crypto Bot and Raccoon Stealer malware in cracked software. This is a post from HackRead.com Read the original post: Malware droppers for hire targeting users on fake pirated software sites...
Malware Makers Using ‘Exotic’ Programming Languages
Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...
Mobile Adware Booms, Online Banks Become Prime Target for Attacks
Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile...
Experts Uncover Malware Attacks Against Colombian Government and Companies
Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubb...
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans RAT capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word...
Custom dropper hide and seek
Executive summary Most users assume they are safe when surfing the web on a daily basis. But information-stealing malware can operate in the background of infected systems, looking to steal users' passwords, track their habits online and hijack personal information. Cisco Talos has monitored...
Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of...
Hello! My name is Dtrack
Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and...
SWEED: Exposing years of Agent Tesla campaigns
By Edmund Brumaghin and other Cisco Talos researchers. Executive summary Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling "SWEED," including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our...