Malware

Pierluigi Paganini March 24, 2025
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years.  The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]

Pierluigi Paganini March 24, 2025
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a […]

Pierluigi Paganini March 24, 2025
Cloak ransomware group hacked the Virginia Attorney General’s Office

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, […]

Pierluigi Paganini March 23, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs  Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes  ClearFake’s New Widespread Variant: Increased Web3 […]

Pierluigi Paganini March 21, 2025
RansomHub affiliate uses custom backdoor Betruger

Symantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture, […]

Pierluigi Paganini March 20, 2025
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT. […]

Pierluigi Paganini March 20, 2025
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen […]

Pierluigi Paganini March 18, 2025
New StilachiRAT uses sophisticated techniques to avoid detection

Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. Analysis of its WWStartupCtrl64.dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital […]

Pierluigi Paganini March 17, 2025
Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]

Pierluigi Paganini March 16, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool   Ragnar Loader   Desert Dexter. Attacks on Middle Eastern countries   Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers Microsoft patches […]