Malware

Pierluigi Paganini August 28, 2024
BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks. Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) is an authentication bypass vulnerability in VMware ESXi. At the end of July, […]

Pierluigi Paganini August 28, 2024
US offers $2.5M reward for Belarusian man involved in mass malware distribution

The US Department of State offers a $2.5 million reward for information leading to the arrest of a Belarusian cybercriminal involved in the mass malware distribution. The US Department of State announced a $2.5 million reward for information leading to the arrest of Volodymyr Kadariya (38), a Belarusian national allegedly involved in a significant malware […]

Pierluigi Paganini August 26, 2024
Linux malware sedexp uses udev rules for persistence and evasion

Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts […]

Pierluigi Paganini August 25, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Meet UULoader: An Emerging and Evasive Malicious Installer BlindEagle flying high in Latin America   Finding Malware: Unveiling NUMOZYLOD with Google Security Operations       New Backdoor Targeting Taiwan Employs Stealthy Communications Unmasking Styx Stealer: How a Hacker’s […]

Pierluigi Paganini August 23, 2024
Qilin ransomware steals credentials stored in Google Chrome

Sophos researchers investigated a Qilin ransomware breach attack that led to the theft of credentials stored in Google Chrome browsers. Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints. The experts pointed out that the credential harvesting activity is usually not […]

Pierluigi Paganini August 23, 2024
Phishing attacks target mobile users via progressive web applications (PWA)

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The threat actors used fake apps almost indistinguishable from real banking apps on both iOS and Android. The technique was first disclosed in Poland in […]

Pierluigi Paganini August 23, 2024
New malware Cthulhu Stealer targets Apple macOS users

Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information. Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer. Cthulhu Stealer targets macOS users via an Apple disk image (DMG) that disguises itself as legitimate software. The researchers spotted […]

Pierluigi Paganini August 23, 2024
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance. Researchers at cybersecurity firm Sygnia reported that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices. In July 2024, Cisco addressed the NX-OS zero-day CVE-2024-20399 […]

Pierluigi Paganini August 21, 2024
North Korea-linked APT used a new RAT called MoonPeak

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, […]

Pierluigi Paganini August 21, 2024
Pro-Russia group Vermin targets Ukraine with a new malware family

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware. Vermin is a pro-Russian hacker group, also tracked as UAC-0020, that operates under […]