Attack of the clones: Fake ChatGPT apps are everywhere

The mobile AI gold rush has flooded app stores with lookalikes—shiny, convincing apps promising “AI image generation,” “smart chat,” or “instant productivity.” But behind the flashy logos lurks a spectrum of fake apps, from harmless copycats to outright spyware. Spoofing trusted brands like...

A week in security (May 26 – June 1)

Last week on Malwarebytes Labs: Porn sites probed for allegedly failing to prevent minors from accessing content Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts Deepfake-posting man faces huge $450,000 fine Fake AI video generator tools lure in...

SilverRAT Source Code Leaked Online: Here’s What You Need to Know

SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal...

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service RaaS operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver BYOVD attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware...

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection. Cybersecurity company CrowdStrike is tracking the adversa...

U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

An unnamed Federal Civilian Executive Branch FCEB agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by th...

Unveiling the Stealthy Operations of GoldenJackal APT Group

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing...

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian...

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection

Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. The Early Bird code injection technique, highlighted in a Wednesday report by Cyberbit,...

Windows Forensic Data Collection: IR-rescue

Windows Forensic Data Collection ir-rescue is a Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility. It is intended for incident response use at different stages in the analysis and investigation process. It...

'Dropping Elephant' APT Attackers Targets Old Windows Flaws

Don’t judge an APT by its exploits alone. That’s the takeaway from a report that details a unique advanced persistent threat that leverages a kludge of unsophisticated, outdated and rudimentary attack tools to conduct cyber espionage. The target of the attacks are government and diplomatic agenci...

APT Groups Emerging in Middle East

CANCUN–Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game ...

Red October Attackers Return With CloudAtlas APT Campaign

The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails. Red October emerged in January 2013 and researchers found that th...

Atrax Kit Boasts Tor Connectivity, Bitcoin Extraction

Yet another commercial crimekit has been spotted making the rounds on the underground malware forums that uses the anonymity network Tor to stealthily communicate with its command and control servers. While it isn’t the first of its kind to use Tor, the kit, nicknamed Atrax, is cheap and comes wi...

[HoneyDrive Desktop v0.2] Honeypot LiveCD

HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...

Researchers Uncover 'TeamSpy' Attack Campaign Against Government, Research Targets

Researchers have uncovered a long-term cyber-espionage campaign that used a combination of legitimate software packages and commodity malware tools to target a variety of heavy industry, government intelligence agencies and political activists. Known as the TeamSpy crew because of its affinity fo...

Costin Raiu on the Red October Cyberespionage Campaign

Dennis Fisher talks with Costin Raiu and Ryan Naraine about the newly uncovered Red October cyberespionage campaign that has targeted embassies, diplomats, research facilities and military targets for more than five years now. Raiu explains the origins of the campaign, where the attackers likely...

Russian Underground Cybercrime market offering sophisticated services

Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it wi...

Automated Malware Tools At Heart of Data Extraction

Most attention goes to keeping hackers out. But once they’re inside, how do they extract data? Research of 200 data breaches in 24 countries examines the ways data is leaving. Read the full article. CSO...