Malicious code in nj-logger (npm)

nj-logger is a malicious npm package that when imported in file dist/logger/telemetry.js downloads a trojan for Windows only, W64.AIDetectMalware / Trojan.Malware.300983.susgen from http://178.128.88.40:8080/download/svc to path nodemodules/.cache/nj-logger/nj-transport-win32-x64.node and execute...

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Fake Xeno and Roblox gaming tools are spreading a Windows RAT remote access trojan using PowerShell and LOLBins, Microsoft Threat Intelligence warns...

ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings...

EUVD-2016-10085

Malware in sbrugna...

EUVD-2016-3599

Malware in sbrugna...

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index PyPI repository that's designed to deliver an information stealer called Lumma aka LummaC2. The package in question is crytic-compilers, a typosquatted version of a legitimate library named...

Threat Roundup for May 5 to May 12

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 5 and May 12. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the...

Threat Roundup for May 24 to May 31

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 24 and May 31. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

New Windows Trojan Spreads MIRAI Malware To Hack More IoT Devices

MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service DDoS attacks against the popular DNS provider Dyn. Now, the infamous malware has updated itself to boost its...

DualToy Windows Trojan Attacks Android, iOS Devices

A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer. Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing...

Another Java zero-day vulnerability being exploited in the wild

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Updat...

Office 2010 Beta Email Is Windows Trojan

An e-mail with the subject “See Office 2010 Beta in action” uses an alleged Office 2010 Beta version used as bait. Read the full article. Help Net Security...

Portal of Doom Backdoor Detection

Portal of Doom is installed. This backdoor allows anyone to partially take the control of the remote system. An attacker may use it to steal your password or prevent your from working properly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...