31 matches found
Malicious code in nina-mangga15-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f9d51e480718159b77c89fe1af57bedeb4edf259025032f1bd769830a80c4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools
High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents. "A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime CLR to dynamically load and run PowerShell commands, thereby creating a PowerShell...
Gaming-related cyberthreats in 2023: Minecrafters targeted the most
Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five â more than three billion â across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost hal...
Explained: Quishing
Quishing is phishing using QR Quick Response codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link. The use of QR codes in malicious campaigns ...
QR codes used to phish for Microsoft credentials
Researchers have published details about a phishing campaign that uses QR codes to phish for Microsoft credentials. A QR Quick Response code is a kind of two-dimensional barcode that holds encoded data in a graphical black-and-white pattern. The data that a QR code stores can include URLs, email...
Code leaks are causing an influx of new ransomware actors
Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service RaaS outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there...
The federal governmentâs cybersecurity policies are falling into place just in time to be stalled again
Welcome to this weeks edition of the Threat Source newsletter. Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.s critical infrastructure security and more. The...
Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App
A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular...
Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service
A new traffic direction system TDS called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. "The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, universit...
Preparing for denial-of-service attacks with Talos Incident Response
By Yuri Kramarz. Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves in the crosshairs of various malicious campaigns. A detailed... This is only the...
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans RATs such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, whi...
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices
Network-attached storage NAS appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CP...
A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service
Multiple cybercriminal groups are leveraging a malware-as-a-service MaaS solution to carry out a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgi...
Microsoft: Attackers Exploiting âZeroLogonâ Windows Flaw
Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsofts warning comes just days after the U.S. Department of Homeland...
Activities of a Nigerian Cybercriminal Uncovered
Ever wonder whoâs behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how theyâre enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...
Activities of a Nigerian Cybercriminal Uncovered
Ever wonder whoâs behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how theyâre enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...
âHighly Competitive' Buer Loader Emerges in Underground Markets
A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the âhighly competitiveâ loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...
ThreatList: Top 5 Most Dangerous Attachment Types
Researchers with F-Secure have tracked the top spam-related attachments and campaigns used so far in 2019. The verdict, ZIPs, PDF, and MS office files such as DOC and XLSM file attachments were more commonly used in huge spam campaigns than any other type attachment. In addition, researchers...
JasperLoader Emerges, Targets Italy with Gootkit Banking Trojan
Nick Biasini and Edmund Brumaghin authored this blog post with contributions from Andrew Williams. Introduction to JasperLoader Malware loaders are playing an increasingly important role in malware distribution. They give adversaries the ability to gain an initial foothold on a system and are...