Steam games abused to deliver malware once again

A cybercriminal known as EncryptHub aka Larva-208 has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in...

TookPS: DeepSeek isn’t the only game in town

In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader, a malware strain detailed in the article, was not limited to mimicking neural networks. We identified...

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

Cybersecurity experts have discovered yet another malware-as-a-service MaaS threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credential...

SUSE CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...

Trojan-Downloader.Win32.Genome.omht Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.omht Vulnerability: Insecure Permissions Description: Genome.omht...

Pre-Installed Malware Dropper Found On German Gigaset Android Phones

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui,...

Trojan-Downloader.Win32.Delf.nzg Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3c5c6f0f6f78af12d6b76119696a4074.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.nzg Vulnerability: Insecure Permissions Description: Win32.Delf.nzg...

We found yet another phone with pre-installed malware via the Lifeline Assistance program

We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile. This time, an ANS American Network Solutions UL40 running Android OS 7.1.1. After our writing back in January—"United States...

sLoad launches version 2.0, Starslord

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service BITS for malicious activities, has launched version 2.0. The new version comes on the heels of a comprehensive blog we published detailing the malware’s multi-stage...

Hunting down Dofoil with Windows Defender ATP

Dofoil is a sophisticated threat that attempted to install coin miner malware on hundreds of thousands of computers in March, 2018. In previous blog posts we detailed how behavior monitoring and machine learning in Windows Defender AV protected customers from a massive Dofoil outbreak that we...

An in-depth malware analysis of QuantLoader

This guest post is written by Vishal Thakur, CSIRT/Salesforce. For more on Vishal, read his bio at the end of the blog. QuantLoader is a Trojan downloader that has been available for sale on underground forums for quite some time now. It has been used in campaigns serving a range of malware,...

No slowdown in Cerber ransomware activity as 2016 draws to a close

Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene. As everybody else winds down for the holidays, the cybercriminals behind Cerber are busy ramping up their operations. Following our discovery of a spam...

Eznet 3.5.0 - Remote Stack Overflow and Denial of Service Exploit

No description provided by source. !/usr/bin/perl -w Stack Overflow in eZnet.exe - Remote Exploit Will download a trojan from any address which you provide on the target system, then will execute the trojan. For this exploit I have tried several strategies to increase reliability and performance:...

Trojan Downloader Determines OS, Infects Systems With Custom Malware

A new downloader uncovered by researchers at the Finnish security firm F-Secure is capable of sniffing out which operating system a user is running and infecting them with a custom malicious payload. F-Secure’s Karmina Aquino discovered the attack on a compromised Colombian transport website. The...

Virus removal website compromised to serving malware

Virus removal website compromised to serving malware One of the Famous Virus Removal Service website : laptopvirusrepair.co.uk is compromised and Hacker is Serving Malware on the website. In above screenshot Avira detects the JS/Blacole.psak Java script Virus hosted on the site. The snippet of co...

New Chinese MBR Rootkit Identified

A new rootkit that uses the master boot record MBR to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as...

Inside the Java 0-Day Exploit

The Java Web Start vulnerability that has been getting so much attention of late is being attacked by a number of different sites now, with a relatively simple and easily reproducible exploit, researchers say. The Java flaw, which Google researcher Tavis Ormandy disclosed publicly on April 9, was...

Update Protection against Recent Malware Threats (2-Nov-09)

The update includes new protections against 10 recent malware threats: Botnet: Backdoor.Win32.Httpbot.yiTrojan: Packed.Win32.Krap.wTrickler: Trojan.Win32.Agent2.kxuTrickler: Trojan-Downloader.Win32.Pher.ijTrickler: Trojan-Downloader.Win32.SillyFDC-DSWorm: W32.FnumbotWorm:...

Update Protection against Recent Malware Threats (21-Oct-09)

The update includes new protections against 11 recent malware threats: Backdoor: Teevsock CRogue-Software: Antivirus Pro 2010Rogue-Software: NoAdwareRogue-Software: Trust WarriorTrickler: Trojan-Downloader.Win32.Agent.cqcvTrickler: TrojanDownloader.Win32.Caxnet.ATrickler:...

Update Protection against Recent Malware Threats (1-Sep-09)

The update includes new protections against 9 recent malware threats:Backdoor-Trojan: Backdoor.Win32.Dreamy.bcTrickler: Trojan-Dropper.Win32.Agent.aqpnTrickler: Trojan-Downloader.Win32.Banload.bvkTrojan: Sus.BancDl-BTrojan: Trojan-Spy.Win32.VB.btmTrojan: Trojan-Downloader.Win32.VB.necTrojan:...