Pierluigi Paganini
January 31, 2019
Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites.. Researchers from Palo Alto Networks discovered a new piece of Mac malware dubbed CookieMiner that steals browser cookies associated with cryptocurrency exchanges and wallet service websites along with other sensitive data. […]
Pierluigi Paganini
January 31, 2019
Cyber security expert Marco Ramilli, founder of Yoroi,discovered a way to spread CSV malware via Google Sheets … but Big G says it is anIntended behavior A .CSV file could be a malware carrier and if interpreted by Microsoft Excel it could become a malware executor ! When I personally saw this technique back in […]
Pierluigi Paganini
January 30, 2019
In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […]
Pierluigi Paganini
January 26, 2019
Security experts at McAfee have discovered a new malware, dubbed Anatova ransomware, that has been spotted infecting computers worldwide The name Anatova is based on a name in the ransom note that is dropped on the infected systems. The Anatova ransomware outstands for its obfuscation capabilities and ability to infect network shares, it has a […]
Pierluigi Paganini
January 25, 2019
Security experts from Cybaze-Yoroi ZLab investigated two malicious spam campaigns delivering Java RAT that show some similarities. Introduction During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. The malicious email messages contained a particular Adwind/JRat variant delivered via several methods tailored to […]
Pierluigi Paganini
January 25, 2019
Security experts observed two distinct campaigns distributing the Ursnif malware, one of them also delivered the GandCrab ransomware. Experts pointed out that the cybercrime gangs behind the two campaigns are different, but they discovered many similarities in them. Attackers spread phishing messages using weaponized Microsoft Word document and leverages Powershell to deliver fileless malware. Ursnif is a banking […]
Pierluigi Paganini
January 24, 2019
Security experts from Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) linked the GreyEnergy malware with and the Zebrocy backdoor. Security researchers from Kaspersky Lab’s ICS CERT have discovered a link between GreyEnergy malware with and the Zebrocy tool. The activity of the GreyEnergy APT group emerged in concurrence with BlackEnergy operations, experts consider […]
Pierluigi Paganini
January 24, 2019
A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. The malware was first observed in the threat landscape in 2015, most of the victims […]
Pierluigi Paganini
January 23, 2019
Security experts participating in the abuse.ch project called URLhaus have identified and shut down roughly 100,000 malware distribution sites The abuse.ch project called URLhaus was launched in March 2018 to track websites used to spread malware, it involved 265 researchers worldwide. In a 10-month period, 265 security researchers around the world have identified in average 300 malware […]
Pierluigi Paganini
January 21, 2019
An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model. An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author of another ransomware called Blackheart. promotes other infections such as a RAT. BlackRouter was first […]
