Malware

Pierluigi Paganini May 03, 2024
ZLoader Malware adds Zeus’s anti-analysis feature

Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan. Zloader (aka Terdot, DELoader, or Silent Night) is a modular trojan based on the leaked ZeuS source code. After a hiatus of almost two years, Zloader reappeared with new obfuscation techniques, domain generation algorithm (DGA), and […]

Pierluigi Paganini May 02, 2024
Ukrainian REvil gang member sentenced to 13 years in prison

A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities. The Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks […]

Pierluigi Paganini May 01, 2024
Cuttlefish malware targets enterprise-grade SOHO routers

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. Researchers at Lumen’s Black Lotus Labs discovered a new malware family, named Cuttlefish, which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. The malware creates a proxy […]

Pierluigi Paganini April 29, 2024
Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Google announced they have prevented 2.28 million policy-violating apps from being published in the official Google Play. Google announced that in 2023, they have prevented 2.28 million policy-violating apps from being published on Google Play. This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and […]

Pierluigi Paganini April 28, 2024
Targeted operation against Ukraine exploited 7-year-old MS Office bug

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow […]

Pierluigi Paganini April 27, 2024
Brokewell Android malware supports an extensive set of Device Takeover capabilities

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. The experts pointed out that this malware is actively evolving and poses a severe risk to the banking sector. The […]

Pierluigi Paganini April 26, 2024
Sweden’s liquor supply severely impacted by ransomware attack on logistics company

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply.  Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible […]

Pierluigi Paganini April 24, 2024
Hackers hijacked the eScan Antivirus update mechanism in malware campaign

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. Threat actors employed two different types of backdoors and targeted large corporate networks […]

Pierluigi Paganini April 23, 2024
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting […]

Pierluigi Paganini April 22, 2024
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, “Fancybear” or “Strontium” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage […]