Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware

By Deeba Ahmed The new Whiffy Recon Malware was identified by cybersecurity researchers at Secureworks. This is a post from HackRead.com Read the original post: Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware...

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, weve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One o...

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight ...

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called "Domen" being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we...

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

Popular Malware Families Using 'Process Doppelgänging' to Evade Detection

The fileless code injection technique called Process Doppelgänging is actively being used by not just one or two but a large number of malware families in the wild, a new report shared with The Hacker News revealed. Discovered in late 2017, Process Doppelgänging is a fileless variation of Process...

Exploit kits: fall 2018 review

Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...

Kronos Banking Trojan Surfaces After Years of Silence

The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...

Smoking Guns - Smoke Loader learned new tricks

This post is authored by Ben Baker and Holger Unterbrink Overview Cisco Talos has been tracking a new version of Smoke Loader — a malicious application that can be used to load other malware — for the past several months following an alert from Cisco Advanced Malware Protection’s AMP Exploit...

New Cryptocurrency Mining Malware Infected Over 500,000 PCs in Just Few Hours

Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil, aka Smoke Loader, the malware was found dropping a cryptocurrency miner program as payloa...

A week in security (January 8 – January 14)

It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...

Fake Spectre and Meltdown patch pushes Smoke Loader malware

The Meltdown and Spectre bugs have generated a lot of media attention, and users have been urged to update their machines with fixes made available by various vendors. While some patches have created more issues than they fixed, we came across a particular one targeted at German users that actual...

Malvertising Campaign Redirects Browsers To Terror Exploit Kit

Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the...

Malware exploit: Smoke Loader

Type: SQLi http://localhost/control.php?id=1 http://localhost/guest.php?id=1 POST...

Smoke Loader SQL Injection Vulnerability

The Smoke Loader HTTP-based exploit kit suffers from a remote SQL injection vulnerability. Like other http-based exploit kits, I've discovered that the smoke loader malware downloader has a sql injection in its C&C administration panel that can be used to revel the administrator's password. sqlma...

Smoke Loader SQL Injection

Like other http-based exploit kits, I've discovered that the smoke loader malware downloader has a sql injection in its C&C administration panel that can be used to revel the administrator's password. sqlmap can identify the vulnerable parameter with the string:...