39 matches found
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks
A crypter alternatively spelled cryptor malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per...
AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks
A crypter alternatively spelled cryptor malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per...
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine CERT-UA. The emails, per the agency, are sent using compromised accounts and come with a ZIP...
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine
An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine CERT-UA. The emails, per the agency, are sent using compromised accounts and come with a ZIP...
Trading platforms are in jeopardy due to ArkeiStealer
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Threat actors are currently disseminating ArkeiStealer via Windows Installer binaries disguised as trading applications. The trading application has been backdoored with the SmokeLoader downloader, which...
Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware
Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as...
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like...
SmokeLoader Infecting Targeted Systems with Amadey Info-Stealing Malware
An information-stealing malware called Amadey is being distributed by means of another backdoor called SmokeLoader. The attacks hinge on tricking users into downloading SmokeLoader that masquerades as software cracks, paving the way for the deployment of Amadey, researchers from the AhnLab Securi...
Kraken botnet bypass Windows Defender to steal crypto wallet data
By Deeba Ahmed Kraken botnet utilizes SmokeLoader malware, and its operators have already been raking in around $3,000 per month. ZeroFox… This is a post from HackRead.com Read the original post: Kraken botnet bypass Windows Defender to steal crypto wallet data...
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report. Though its name may soun...
Researchers Warn of a New Golang-based Botnet Under Continuous Development
Cybersecurity researchers have unpacked a nascent Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary...
Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers
An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. Dubbed Tardigrade by the Bioeconomy Information Sharing and Analysis Center...
Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware
An advanced persistent threat APT has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center BIO-ISAC this...
Threat Source newsletter for Sept. 3, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoade...
Salfram: Robbing the place without removing your name tag
By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader...
Threat Roundup for January 24 to January 31
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 24 and Jan. 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
New Loader Variant Behind Widespread Malware Attacks
Behind a recent wave of cyberattacks, pelting PCs with FormBook, LokiBot, SmokeLoader malware, is an updated version of a malware-loading technique called TxHollower. It is described as a new “significant threat”, according to researchers, who added, attacks using TxHollower have “spread like...
Threat Roundup for October 5 to October 12
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 5 and 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...