A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda, Daggerfly, and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The threat actors targeted […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unplugging PlugX: Sinkholing the PlugX USB worm botnet Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT Mandrake spyware sneaks onto Google Play again, flying under the radar for two years A Survey of Malware Detection Using […]
A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. Palo Alto researchers reported that a Russia-linked threat actor known as Fighting Ursa (also identified as APT28, Fancy Bear, or Sofacy) used a fake car advertisement to distribute HeadLace backdoor malware, targeting diplomats. The campaign began […]
BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts. The Cleafy TIR team discovered the previously undetected malware at the end of May 2024. BingoMod was […]
OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations. OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy […]
Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla, Formbook, and Remcos RAT. ESET researchers detected nine notable phishing campaigns during May 2024 in Poland, Romania, and Italy. […]
A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. Researchers from Bitdefender […]
Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full […]
Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter) group between July 12 and 18, 2024. Threat actors distributed documents containing macros designed […]
French authorities and Europol are conducting a “disinfection operation” targeting hosts compromised by the PlugX malware. The French authorities, with the help of Europol, have launched on July 18, 2024, a “disinfection operation” to clean hosts infected with the PlugX malware. Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor’s Office launched […]