11 matches found
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, ...
Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware
The North Korean Lazarus Group, aka APT38, is one of the most sophisticated North Korean APTs. It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks...
Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
An "extremely sophisticated" Chinese-speaking advanced persistent threat APT actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "This groundbreaking development allows the actor to modify network traffic...
Lazarus Attackers Turn to the IT Supply Chain
Lazarus – a North Korean advanced persistent threat APT group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework. The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used ...
Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users
Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems. Called ElectroRAT by Intezer, the RAT is written from...
ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands
A new remote access tool RAT has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. The never-before-seen RAT at the center of the campaign, which researchers dub...
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbe...
StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group a.k.a. Promethium is operating a...
'Legit Apps Turned into Spyware' Targeting Android Users in Middle East
Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed "ViceLeaker" by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle...
Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the...
Roaming Mantis uses DNS hijacking to infect Android smartphones
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...