Malware Archives - Page 120 of 490

Pierluigi Paganini August 28, 2022

New Agenda Ransomware appears in the threat landscape

Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […]

Pierluigi Paganini August 27, 2022

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

Threat actors abused a vulnerable anti-cheat driver for the Genshin Impact video game to disable antivirus software. Threat actors abused a vulnerable anti-cheat driver, named mhyprot2.sys, for the Genshin Impact video game to disable antivirus software. According to Trend Micro, a cybercrime gang abused the driver to deploy ransomware. The driver provides anti-cheat functions, but […]

Pierluigi Paganini August 26, 2022

GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique

The North Korea-linked Kimsuky APT is behind a new campaign, tracked as GoldDragon, targeting political and diplomatic entities in South Korea in early 2022. Researchers from Kaspersky attribute a series of attacks, tracked as GoldDragon, against political and diplomatic entities located in South Korea in early 2022 to the North Korea-linked group Kimsuky. Kimsuky cyberespiona group […]

Pierluigi Paganini August 25, 2022

Nobelium APT uses new Post-Compromise malware MagicWeb

Russia-linked APT group Nobelium is behind a new sophisticated post-exploitation malware tracked by Microsoft as MagicWeb. Microsoft security researchers discovered a post-compromise malware, tracked as MagicWeb, which is used by the Russia-linked NOBELIUM APT group to maintain persistent access to compromised environments. The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that […]

Pierluigi Paganini August 25, 2022

Threat actors are using the Tox P2P messenger as C2 server

Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported. Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. Uptycs researchers reported that threat actors have started using the Tox peer-to-peer instant messaging service as a command-and-control server. Tox has been used in […]

Pierluigi Paganini August 24, 2022

France hospital Center Hospitalier Sud Francilien suffered ransomware attack

A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients […]

Pierluigi Paganini August 23, 2022

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Experts found backdoors in budget Android device models designed to target WhatsApp and WhatsApp Business messaging apps. Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct […]

Pierluigi Paganini August 23, 2022

Lockbit leak sites hit by mysterious DDoS attack after Entrust hack

LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The Lockbit ransomware […]

Pierluigi Paganini August 22, 2022

Escanor Malware delivered in Weaponized Microsoft Office Documents

Researchers spotted a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module […]

Pierluigi Paganini August 22, 2022

Donot Team cyberespionage group updates its Windows malware framework

The Donot Team threat actor, aka APT-C-35, has added new capabilities to its Jaca Windows malware framework. The Donot Team has been active since 2016, it focuses on government and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries. In October 2021, a report released by Amnesty International revealed that the Donot […]

Malware

New Agenda Ransomware appears in the threat landscape

Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique

Nobelium APT uses new Post-Compromise malware MagicWeb

Threat actors are using the Tox P2P messenger as C2 server

France hospital Center Hospitalier Sud Francilien suffered ransomware attack

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Lockbit leak sites hit by mysterious DDoS attack after Entrust hack

Escanor Malware delivered in Weaponized Microsoft Office Documents

Donot Team cyberespionage group updates its Windows malware framework

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

IT Worker arrested for selling access in $100M PIX cyber heist

New Batavia spyware targets Russian industrial enterprises

Taiwan flags security risks in popular Chinese apps after official probe

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

QUICK LINKS

Malware

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!