Malware

Pierluigi Paganini July 27, 2020
Source code of Cerberus Android Trojan offered for sale for $100,000

The authors of the Android Cerberus banking trojan are auctioning the project for a price starting at $50,000, with $100K the deal could be immediately closed. The authors of the notorious Cerberus Android banking trojan are auctioning their project for a price starting at $50,000, but buyers could close the deal for $100,000. The overall […]

Pierluigi Paganini July 26, 2020
REMnux 7, a Linux toolkit for malware analysts released

A new version of the REMnux Linux toolkit for malware analysts is available for download, it includes a huge set of tools for professionals. REMnux is a Linux toolkit for reverse-engineering and dissecting software, it includes a collection of free tools created by the community that allows researchers to investigate malware. The toolkit was first […]

Pierluigi Paganini July 25, 2020
Threat actors are hijacking the infamous Emotet botnet

A sort of vigilante is attempting to disrupt the operations of the Emotet botnet by hacking the supply chain of the malware. Someone is attempting to sabotage the operations of the Emotet botnet by replacing the Emotet payloads with animated GIFs, in this way the victims will not be infected with the bot. The mysterious activity […]

Pierluigi Paganini July 24, 2020
Spanish state-owned railway infrastructure manager ADIF infected with ransomware

ADIF, a Spanish state-owned railway infrastructure manager under the responsibility of the Ministry of Development, was hit by REVil ransomware operators. Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager was hit by REVil ransomware operators. ADIF (Administrador de Infraestructuras Ferroviarias) is charged with the management of most of Spain’s railway infrastructure, that is the track, signaling and stations. It was formed in 2005 […]

Pierluigi Paganini July 23, 2020
New MATA Multi-platform malware framework linked to NK Lazarus APT

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD […]

Pierluigi Paganini July 23, 2020
Prometei, a new modular crypto-mining botnet exploits Windows SMB

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.move laterally across systems while covertly mining for cryptocurrency.  The Prometei […]

Pierluigi Paganini July 21, 2020
Cloud computing provider Blackbaud paid a ransom after data breach

Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020. Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents. Its products focus on fundraising, website management, CRM, analytics, financial […]

Pierluigi Paganini July 20, 2020
REVil ransomware infected 18,000 computers at Telecom Argentina

Another telco company was hit by a ransomware, roughly 18,000 computers belonging to Telecom Argentina were infected over the weekend. Telecom Argentina, one of the largest internet service providers in Argentina, was hit by a ransomware attack. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5 million ransom. […]

Pierluigi Paganini July 20, 2020
Tedrade banking malware families target users worldwide

The Tetrade term coined by Kaspersky experts to refer four large banking trojan families developed and spread by Brazilian crooks worldwide. Cybersecurity researchers from Kaspersky Lab have detailed four different families of Brazilian banking trojans, tracked as Tetrade, that have targeted financial institutions in Brazil, Latin America, and Europe. The four malware families are named Guildma, Javali, […]

Pierluigi Paganini July 18, 2020
Emotet botnet surges back after months of absence

After months of inactivity, the infamous Emotet trojan has surged back with a new massive spam campaign targeting users worldwide. The notorious Emotet went into the dark since February 2020, but now has surged back with a new massive spam campaign targeting users worldwide. The Emotet banking trojan has been active at least since 2014, […]