An unidentified party has reportedly placed the source code for Dharma ransomware up for sale on at least two Russian hacker forums, adding a formidable new competitor to an already crowded underground market. And while cybercriminals have met the offer with some healthy skepticism, the bargain-basement selling price of $2,000 […]
malware
74 posts
Everyone wants to receive a free $50 Best Buy gift card and USB drive in the mail, but as the saying goes, nothing is ever truly free. A cybercriminal gang has put together a unique attack profile based on this human frailty, but one that has been on the scene […]
Businesses remain closed in many major cities around the world as the coronavirus pandemic rages, but cybercriminals are still open for business, as they continue to use the crisis to serve their nefarious purposes. Today’s latest round-up of coronavirus threats includes a reported hacking attempt against the World Health Organization, […]
A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL […]
Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices [1]. This vulnerability had been known by MediaTek since April 2019 (10 months before being fixed), and allows a local attacker without privileges to read and write system memory, leading to privilege escalation. There is even […]
The FBI’s Internet Crime Complaint Center (IC3) has issued a public service announcement warning citizens to watch out for email-based fraud and malware schemes that take advantage of the coronavirus pandemic. Among the scams to look out for are emails purporting to contain helpful information from the Centers for Disease […]
In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions. Padding malware with fake news is not new but Bleeping Computer has found Trickbot and Emotet now being used […]
Malicious actors have created a new module for the TrickBot banking trojan that allows the malware to perform brute force attacks on Microsoft’s Remote Desktop Protocol, specifically targeting U.S. and Hong Kong IP addresses. The module, called rdpScanDll, primarily focuses on the telecommunications, education, and financial services sectors, according to […]
Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as […]
Another malicious actor has weaponized an otherwise legitimate, interactive coronavirus tracking map created by Johns Hopkins University — this time to deliver Android spyware as part of a campaign that originates out of Libya and seemingly targets individuals within that country. The surveillanceware, known as SpyMax, comes packaged in a […]
Researchers have uncovered a new malware campaign that uses the COVID-19 pandemic as a lure, and also abuses platform-as-a-service web infrastructure tools to apparently thwart attempts at blocking command-and-control communications. Dubbed BlackWater, the backdoor malware specifically takes advantage of Cloudflare Workers — an offering of Cloudflare, a popular provider of […]
Each day, as the novel coronavirus multiplies and spreads, so do cyber scams capitalizing on users’ fears and thirst for knowledge concerning this pandemic. The perpetrators, and their victims, are based all over the world, as evidenced by two recently discovered global APT-style campaigns designed to spread remote access trojans. […]
Members of the IT and cybersecurity communities have successfully obtained a password key for victims of CovidLock Android ransomware, which comes disguised as an app that supposedly helps track cases of the coronavirus, but actually locks users’ phones and demands a ransom in order to restore access. The unlock token […]
The recently discovered weaponized coronavirus map found to infect victims with a variant of the information-stealing AZORult malware has been sold online by Russian language cybercrime forums, according to a new report. Security expert Brian Krebs states in a blog post published this week that the live, interactive map dashboard […]
A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access. Dubbed CovidLock, the newly discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone, explains DNS threat […]