Malware

Pierluigi Paganini September 01, 2019
Security Affairs newsletter Round 229 – News of the week

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 80 defendants charged with participating in […]

Pierluigi Paganini September 01, 2019
Malspam campaign bypasses secure email gateway using Google Docs

Attackers are using Google Docs to deliver the TrickBot banking Trojan to unsuspecting victims via camouflaged as PDF documents. Security experts at Cofense uncovered a malspam campaign the leverages Google Docs to deliver the TrickBot banking Trojan to unsuspecting victims via executables camouflaged as PDF documents. TrickBot is a popular banking Trojan that has been around […]

Pierluigi Paganini August 31, 2019
ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Researchers from WootCloud Labs have uncovered a new IoT botnet named Ares that is targeting Android-based devices. Experts from WootCloud Labs have spotted a new IoT botnet tracked as Ares that is targeting Android-based devices that have a debug port exposed online. Experts noticed that most of the devices targeted by the bot are Android […]

Pierluigi Paganini August 31, 2019
FIN6 recently expanded operations to target eCommerce sites

The financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), the financially-motivated hacking group FIN6 is switching tactics, passing from PoS attacks to the hack of e-commerce websites. FIN6 group has been active since 2015, […]

Pierluigi Paganini August 30, 2019
Ransomware attack hits DDS Safe backup service used by hundreds of dental offices

The company behind DDS Safe solution used by hundreds of dental offices was hit by a ransomware attack and it is working to restore access to client data. PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental […]

Pierluigi Paganini August 30, 2019
Google revealed how watering hole attacks compromised iPhone devices earlier this year

Google researchers discovered that iPhone devices could be hacked by tricking owners into visiting specially crafted websites. Researchers at Google Project Zero discovered that it was possible to hack iPhone devices by visiting specially crafted websites. Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited […]

Pierluigi Paganini August 30, 2019
BRATA, the Android RAT that infected only Brazilian users

Security experts at Kaspersky have spotted a new Android remote access tool (RAT) dubbed BRATA used to spy on Brazilian users. Security experts at Kaspersky have discovered a new Android remote access tool (RAT), tracked as BRATA (the name comes from ‘Brazilian RAT Android’), that was used to spy on Brazilian users. The BRATA RAT […]

Pierluigi Paganini August 29, 2019
A new variant of Trickbot banking Trojan targets Verizon, T-Mobile, and Sprint users

A new Trickbot Trojan variant is targeting Verizon Wireless, T-Mobile, and Sprint users, confirming the evolution of the threat. TrickBot is a popular banking Trojan that has been around since October 2016, its authors has continuously upgraded it by implementing new features. For example, in February Trend Micro detected a variant that includes a new module […]

Pierluigi Paganini August 28, 2019
French Police remotely disinfected 850,000 PCs from RETADUP bot

The French police force, National Gendarmerie, announced to have neutralized the Retadup malware on over 850,000 computers taking over its C2 server. The French police force, National Gendarmerie, announced the successful takedown of a huge RETADUP botnet after it has taken the control of its command and control (C2) server. The operation allowed the France law enforcement […]

Pierluigi Paganini August 28, 2019
TA505 group updates tactics and expands the list of targets

Recent campaigns show threat actors behind the Dridex and Locky malware families, the TA505 group, have updated tactics and expanded its target list. Trend Micro revealed that the TA505 group that is behind the Dridex and Locky malware families continue to make small changes to its operations. TA505 hacking group has been active since 2014 […]