malware

Follow me on twitter Follow @RedPacketSec and join the Telegram channel The United States ran a full-court press against Iranian hackers last week, including indictments from the Department of Justice, the FBI identifying malware used in attacks, and the addition of government-aligned hackers to the sanctions list by Treasury. In […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost user confidence that the Developer ID-signed software they distribute has the innovative tech giant’s seal of approval. “While it […]

Follow me on twitter Follow @RedPacketSec and join the Telegram channel String of ATMs seen at Hartsfield-Jackson Atlanta International Airport. A trojan infected NCR Corporation, potentially posing a supply chain risk to customers of the popular point-of-sale and ATM software developer.(Photo by: Jeffrey Greenberg/Universal Images Group via Getty Images) A […]

Join the Telegram channel The hacker collective known as DeathStalker has recently widened its footprint to include small to medium-sized business (SMB) targets in the financial sector throughout Europe, Middle East, Asia and Latin America. Deathstalker’s tactics, techniques and procedures aren’t different from when it first emerged as a hacker-for-hire, […]

Join the Telegram channel Pictured: The Forbidden City, in Beijing. Experts say Chinese APT operations use a mix of proprietary and publicly available tools to spy on institutions around the world. (Frédéric Soltan/Corbis via Getty Images) Chinese APT operations have an army of coders at their disposal, and an array […]

Join the Telegram channel In an attack described as a “clever” supply-chain threat, XCSSET malware is being injected undetected into programs created by unwitting Xcode Apple developers who share their projects on the GitHub repository. The “unusual infection” can pilfer infected users’ credentials, accounts and other vital data, according to […]

Join the Telegram channel The Department of Homeland Security and Federal Bureau of Investigation published an alert Wednesday about malware it claims North Korea has been using to hack defense contractors. The alert, which provides a detailed technical analysis of the “BLINDINGCAN” trojan, appears to be tied to several reported […]

Join the Telegram channel The FBI and NSA jointly issued an advisory on Drovorub – a newly disclosed malware program targeting Linux systems. (Jan Woitas/picture alliance via Getty Images) Linux users should not assume they are safe from the ambitions and reach of reputed Russian hacking group Fancy Bear, which […]

Join the Telegram channel Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer credentials through social engineering trickery. Hackers hijacked the graphic design site, owned by the fast-growing company whose valuation recently grew from $3.2 billion to $6 billion, […]

Join the Telegram channel The proliferation of Shadow Code – third-party scripts and open source libraries used in web applications – may help organizations accelerate their digital transformations but it also puts them at higher risk of cyberattack. Security teams are finding the Shadow Code, the code equivalent to rogue […]

Join the Telegram channel It may be unsophisticated but the Agent Tesla RAT is “street-wise,” adapting and evolving just enough to wreak havoc on organizations’ security efforts. Recent improvements to the malware include more robust spreading and injection methods, as well as discovery and theft of wireless network details and […]

Join the Telegram channel As user organizations move more of their business infrastructure off premises, cybercriminals become increasingly motivated to target Linux-based cloud environments, including Docker servers with misconfigured API ports. And while cryptojacking schemes comprise some of the more conventional varieties of these Linux-based malware attacks, researchers have just […]

Join the Telegram channel The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers. Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog […]

Join the Telegram channel In what researchers say is a first, attackers are performing a new container attack technique in the wild, whereby they build their own malicious images on a targeted host instead of pulling preexisting ones from a public registry. This maneuver allows the adversaries to avoid static […]

Join the Telegram channel A second tax software program associated with the Chinese banking industry has now been found to contain an embedded backdoor that secretly grants attackers SYSTEM-level privileges. In late June, researchers from Trustwave SpiderLabs reported that accounting software called Intelligence Tax, developed by Chinese information security company […]

Join the Telegram channel Federal prosecutors have indicted Andrey Turchin, a 37-year-old citizen of Kazakhstan, on five criminal counts related to his alleged involvement in a financially motivated cybercriminal hacking collective known as Fxmsp that the Department of Justice says cost victims tens of millions of dollars. Turchin — who […]

Join the Telegram channel Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several analysts now concur that EvilQuest’s malicious encryption may be more of a decoy, while the program’s true purpose appears to be data exfiltration. In a new […]

Join the Telegram channel A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four […]

Join the Telegram channel The actors behind a campaign to spread GoldenSpy malware via tax accounting software used by customers of a Chinese bank have recently attempted to distribute an uninstaller that deletes the backdoor in an apparent attempt to cover up their illicit activities. In a previous company blog post and […]