Malware

Pierluigi Paganini September 02, 2020
Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it […]

Pierluigi Paganini September 01, 2020
Iran-linked APT group Pioneer Kitten sells access to hacked networks

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has […]

Pierluigi Paganini August 31, 2020
Qbot uses a new email collector module in the latest campaign

QBot Trojan operators are using new tactics in their campaign to hijack legitimate email conversations to steal sensitive data from the victims. Researchers from Check Point are warning of a new trend observed in QBot Trojan campaign targeting Microsoft Outlook users, QBot Trojan operators are using new tactics to hijack legitimate email conversations and steal […]

Pierluigi Paganini August 31, 2020
Google removed malicious Terracotta apps from the Play Store

Researchers from White Ops discovers several Android apps in the official Play store which installed on users’ mobile devices the Terracotta ad fraud malware. Researchers from security firm White Ops discovered several Android apps in the official Play Store that installed a hidden browser to load pages containing ad and commit ad fraud. The company […]

Pierluigi Paganini August 30, 2020
Emotet botnet has begun to use a new ‘Red Dawn’ template

In August, the Emotet botnet operators switched to a new template, named ‘Red Dawn,’ for the malicious attachments employed in new campaigns.  The notorious Emotet went into the dark since February 2020, but after months of inactivity, the infamous trojan has surged back in July with a new massive spam campaign targeting users worldwide. The Emotet banking trojan […]

Pierluigi Paganini August 30, 2020
Malicious npm package ‘fallguys’ removed from the official repository

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The npm security team has removed the JavaScript library “fallguys” from the npm portal because it was containing a malicious code used to steal sensitive files from an infected users’ browser and […]

Pierluigi Paganini August 29, 2020
North Korea-linked APT group BeagleBoyz targets banks

North Korea-linked APT group BeagleBoyz intensified its operations since February, US CISA, Department of the Treasury, FBI, and USCYBERCOM warn. According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz […]

Pierluigi Paganini August 28, 2020
Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

The Iran-linked Charming Kitten APT group leveraged on WhatsApp and LinkedIn to carry out phishing attacks, researchers warn. Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying […]

Pierluigi Paganini August 28, 2020
Lemon_Duck cryptomining malware evolves to target Linux devices

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The new variant also exploits SMBGhost bug in Windows systems, and is also able to target servers running Redis […]

Pierluigi Paganini August 27, 2020
Group with numerous faces: chronicle of UltraRank’s deceptive JS-sniffer campaigns

Group-IB security researchers provide evidence linking three campaigns with the use of various JS-sniffer families. Singapore – Group-IB, a global threat hunting and intelligence company headquartered in Singapore, today released its analytical report “UltraRank: the unexpected twist of a JS-sniffer triple threat.” In its report, Group-IB Threat Intelligence experts provide evidence linking three campaigns with the use of various JavaScript-sniffer families […]