Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2025/03/06 12:15 p.m.18 views

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, ...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/12/05 11:15 p.m.21 views

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/03 2:12 p.m.24 views

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor

An "extremely sophisticated" Chinese-speaking advanced persistent threat APT actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/10/26 7:30 p.m.39 views

Lazarus Attackers Turn to the IT Supply Chain

Lazarus – a North Korean advanced persistent threat APT group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework. The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used ...

7.2AI score
Exploits0References15
The Hacker News
The Hacker News
added 2021/01/05 3:7 p.m.54 views

Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users

Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems. Called ElectroRAT by Intezer, the RAT is written from...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/05 3:0 p.m.46 views

ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands

A new remote access tool RAT has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. The never-before-seen RAT at the center of the campaign, which researchers dub...

Exploits0References9
The Hacker News
The Hacker News
added 2020/10/20 1:59 p.m.28 views

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbe...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/30 5:45 p.m.56 views

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...

7.8AI score
Exploits0References12
The Hacker News
The Hacker News
added 2019/06/26 11:45 a.m.119 views

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/16 2:15 p.m.59 views

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the...

0.2AI score
Exploits0
Securelist
Securelist
added 2018/04/16 8:30 a.m.44 views

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...

7.1AI score
Exploits0
Rows per page
Query Builder