Malware

Pierluigi Paganini May 07, 2020
Poulight Stealer, a new Comprehensive Stealer from Russia

Researchers from Cybaze-Yoroi ZLab monitored the evolution and the diffusion of an infostealer dubbed Poulight that most likely has a Russian origin. Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered […]

Pierluigi Paganini May 07, 2020
Naikon APT is flying under the radar since 2015

Chinese-speaking Naikon APT group leverages a new backdoor called Aria-body to target organizations in South Asia and Australia. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar over the past five years while targeting entities in Asia-Pacific (APAC) region. The […]

Pierluigi Paganini May 07, 2020
Snake Ransomware hits Europe’s largest private hospital operator Fresenius during COVID-19 outbreak

Snake Ransomware operators launched a new campaign that has infected numerous companies worldwide including an health care organization. The operators behind the Snake Ransomware have launched a new campaign that targeted companies worldwide and that infected at least one organization in the healthcare industry over the last few days. In January experts observed a new […]

Pierluigi Paganini May 07, 2020
Brazilian trojan banker is targeting Portuguese users using browser overlay

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details […]

Pierluigi Paganini May 06, 2020
Shipping Giant Toll suffered a second ransomware attack in a few months

Australian shipping giant Toll informed its customers that it has shut down some IT systems due to a new ransomware attack. The Australian transportation and logistics giant Toll Group informed its customers that it has shut down some IT systems after a new ransomware attack, it is the second infection disclosed by the company this […]

Pierluigi Paganini May 05, 2020
Kaiji, a new Linux malware targets IoT devices in the wild

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target […]

Pierluigi Paganini May 04, 2020
Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Last week experts from Microsoft detected a COVID-19-themed spam campaign, the messages are crafted to trick users into downloading and mounting […]

Pierluigi Paganini May 04, 2020
Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. Experts warn of hacking campaign that is targeting organization using the Salt platform for the management of their infrastructure, the last victim is the Ghost blogging platform. The attackers […]

Pierluigi Paganini May 03, 2020
Coronavirus-themed attacks April 26 – May 02, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 26 to May 02, 2020. Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERShttps://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below […]

Pierluigi Paganini May 03, 2020
Cyber Threats Observatory Gets Improvements

Today I am so happy to announce a big improvement in the cyber threats observatory (available for here). The main improvement sees the introduction of clustering stereotypes for each tracked malware family in three different behaviors: Domains, Files and Processes. Every malware does specific actions on domains, files and processes realms by meaning that every sample contacts several domain names, spawns specific processes and […]