Malware

Pierluigi Paganini March 03, 2025
Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

The Qilin ransomware group claims responsibility for attacking the newspaper Lee Enterprises, stealing 350GB of data. The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than […]

Pierluigi Paganini March 02, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. DragonForce Ransomware Group is Targeting Saudi Arabia   Massive Botnet Targets M365 with Stealthy Password Spraying Attacks   Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2   #StopRansomware: Ghost (Cring) Ransomware   […]

Pierluigi Paganini February 28, 2025
Enhanced capabilities sustain the rapid growth of Vo1d botnet

Operators behind the Vo1d botnet have enhanced its capabilities, enabling rapid growth in recent months. In September 2024, Doctor Web researchers uncovered a malware, tracked as Vo1d, that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries. The malicious code acts as a backdoor allowing attackers to download and install third-party software […]

Pierluigi Paganini February 27, 2025
Criminal group UAC-0173 targets the Notary Office of Ukraine

CERT-UA warns of UAC-0173 using DCRat malware to target Ukrainian notaries in a new attack wave since mid-January 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new campaign by criminal group UAC-0173 targeting Ukrainian notaries with a remote access trojan DCRat (aka DarkCrystal RAT). The campaign started in mid-January 2025, the attack […]

Pierluigi Paganini February 27, 2025
DragonForce Ransomware group is targeting Saudi Arabia

Resecurity researchers reported that DragonForce ransomware targets Saudi organizations rising cyber threats in the region. DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA). A significant incident identified by Resecurity involved a data leak from a prominent real estate and construction company in Riyadh, which has projects with […]

Pierluigi Paganini February 26, 2025
New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader. The campaign has been active since late 2024, threat actors used weaponized Microsoft […]

Pierluigi Paganini February 26, 2025
New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. Cybersecurity researchers at Hunt.io have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram. ThreatFabric researchers first discovered a […]

Pierluigi Paganini February 26, 2025
GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects

GitVenom malware campaign targets gamers and crypto investors by posing as open-source projects on GitHub. Kaspersky researchers warn of a malware campaign, dubbed GitVenom, targeting GitHub users. The threat actors behind this campaign created hundreds of fake GitHub repositories with malicious code, disguising them as automation tools, crypto bots, and hacking utilities. The attackers used […]

Pierluigi Paganini February 24, 2025
A large botnet targets M365 accounts with password spraying attacks

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. The attackers targeted accounts protected with basic authentication bypassing multi-factor authentication. The experts pointed out that organizations […]

Pierluigi Paganini February 24, 2025
SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play. CYFIRMA researchers discovered an Android malware, named SpyLend, which was distributed through Google Play as Finance Simplified. The malware targets Indian users with unauthorized loan apps, enabling predatory lending, blackmail, and extortion. The Finance Simplified app […]