Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets

LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools...

Cybercriminals hit malware authors with malicious NPM packages

By Deeba Ahmed Discord tokens have become the perfect medium for cybercriminals to gain unauthorized access to accounts allowing the operators… This is a post from HackRead.com Read the original post: Cybercriminals hit malware authors with malicious NPM packages...

Is crypto’s criminal rollercoaster approaching a terminal dip?

It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tighter ship The mining banhammer continues to swing as China keeps puttin...

Babuk Ransomware Builder Mysteriously Appears in VirusTotal

The Babuk ransomware gang’s source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. It’s unclear however just how that happened. According to a Wednesday posting from Malwarebytes, the operators of the ransomware – perhaps best-known for hitting t...

Behind the scenes with the head of Kaspersky’s GReAT

Costin Raiu has been with Kaspersky since 2000, initially as the Chief Security Expert overseeing research efforts in the EEMEA region. In 2010, he became Director of our Global Research and Analysis Team GReAT. During his tenure at Kaspersky, he has spearheaded the companys research on some of t...

9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware

Cybersecurity researchers have discovered a new malware dropper contained in as many as 9 Android apps distributed via Google Play Store that deploys a second stage malware capable of gaining intrusive access to the financial accounts of victims as well as full control of their devices. "This...

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion...

TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol RDP connection exposed to the Internet. The module, dubbed...

Partner Perspectives: Protecting Against Fileless Malware with BluVector and Carbon Black

Josh Rosenthol is the Alliance and Integration Manager for BluVector. The Challenge of Fileless Malware “The infectiousness of crime is like that of the plague.” -Napoleon Bonaparte While first spoken over 200 years ago, this quote is remarkably relevant to the modus operandi of malware authors a...

Dynamic API Call Tracer for Windows and Linux Applications: Drltrace

Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. Motivation Malware analysis is not an easy task. Sophisticated software packers like Themida and...

Hackers behind Dyre Malware Busted in Police Raid

The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor. According to the Russian authorities, 25th Floor was allegedly involved in distributing th...

Stegoloader Malware Uses Steganography to Hide Itself

Malware writers aren’t hesitant to do what it takes to protect a campaign and keep it hidden from detection technologies and security researchers. The group behind the Stegoloader malware, disclosed Monday by researchers at Dell SecureWorks, has taken to digital steganography to keep its...

Apple Updates XProtect to Detect Mac Trojan

Apple released an update today for its built-in, malware protection platform, XProtect, in response to the emergence of Mac-targeting trojan that hijacks Google searches, according to an article posted on Softpedia. Once the trojan has installed itself on a user’s machine, it starts adding fake...

DroidDream Again Appears in Android Market Apps

For Android users, the refrain must be getting a little tiresome: Researchers have found another batch of apps in the Android Market that were infected with malware. Once again, it was the DroidDream malware family causing the trouble, but this time, it was just a handful of apps and they were on...

Android Targeted by Two New Spyware Programs

Two new spyware programs, SW.SecurePhone and SW.Quieting, are targeting users of Android devices, mainly in the U.S., and could lead to serious data compromises, according to new research from NetQin Mobile. These programs are collecting all of the data saved on the phone’s SD card. This data...

New Conference Wants to Bring Malware Writers Out of the Shadows

ED: Malcon Conference hopes to bring malware writers out of the shadows DEK: Malcon, a new, Mumbai-based conference, says that the security community can benefit from what malware authors have to teach. The computer security community is used to vilifying the hackers and malware authors who choos...

Pay-Per-Install Malware Models Affiliate Marketing

From Black Hat DC: Sites like Amazon offer affiliate programs that pay users for sending them new customers. And now, malware authors, always quick to adopt tactics that work elsewhere, have developed their own affiliate program. Read the full article. MIT Technology Review...

Twitter Domain API Back in Malware Fray

Malware writers have revamped code that uses a popular Twitter command to generate hard-to-predict domain names, a technique that brings stealth to their drive-by exploits. Read the full article. The Register...