Malware Archives - Page 12 of 490

Pierluigi Paganini March 25, 2025

Android malware campaigns use .NET MAUI to evade detection

Researchers warn of a new Android malware that uses .NET MAUI to mimic legit services and evade detection. McAfee researchers warn of Android malware campaigns using .NET MAUI to evade detection. These threats disguise themselves as legitimate services to steal sensitive information from users. .NET MAUI (Multi-platform App UI) is a cross-platform framework by Microsoft […]

Pierluigi Paganini March 24, 2025

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]

Pierluigi Paganini March 24, 2025

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a […]

Pierluigi Paganini March 24, 2025

Cloak ransomware group hacked the Virginia Attorney General’s Office

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, […]

Pierluigi Paganini March 23, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes ClearFake’s New Widespread Variant: Increased Web3 […]

Pierluigi Paganini March 21, 2025

RansomHub affiliate uses custom backdoor Betruger

Symantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture, […]

Pierluigi Paganini March 20, 2025

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT. […]

Pierluigi Paganini March 20, 2025

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen […]

Pierluigi Paganini March 18, 2025

New StilachiRAT uses sophisticated techniques to avoid detection

Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. Analysis of its WWStartupCtrl64.dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital […]

Pierluigi Paganini March 17, 2025

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]

Malware

Android malware campaigns use .NET MAUI to evade detection

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Cloak ransomware group hacked the Virginia Attorney General’s Office

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

RansomHub affiliate uses custom backdoor Betruger

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

New StilachiRAT uses sophisticated techniques to avoid detection

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical Sudo bugs expose major Linux distros to local Root exploits

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

QUICK LINKS

Malware

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!