Malware

Pierluigi Paganini June 27, 2018
Recently discovered RANCOR cyber espionage group behind attacks in South East Asia

Security researchers at Palo Alto Networks have uncovered a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia. According to the experts, the RANCOR APT group has been targeting political entities in Singapore, Cambodia, and Thailand, and likely in other countries, using two previously unknown strain of malware. The two […]

Pierluigi Paganini June 26, 2018
Recent spam campaigns powered by Necurs uses Internet Query File attachments

Trend Micro experts reported the Necurs botnet has been using Internet Query (IQY) files in recent spam campaigns to bypass security protections. The Necurs botnet is currently the largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, […]

Pierluigi Paganini June 26, 2018
Lazarus APT hackers leverages HWP Documents in a recent string of attacks

Security researchers at AlienVault uncovered a series of cyber attacks on cryptocurrency exchanges leveraging weaponized Hangul Word Processor HWP documents (Hangul Word Processor documents). The string of attacks involving the HWP documents has been attributed to the North Korea-linked Lazarus APT group, and includes the hack of the South Korean virtual currency exchange Bithumb. The hackers […]

Pierluigi Paganini June 25, 2018
CSE Malware ZLab – A new variant of Ursnif Banking Trojan served by the Necurs botnet hits Italy

Malware researchers from CSE Cybsec ZLab discovered a missed link between the Necurs Botnet and a variant of the Ursnif trojan that recently hit Italy. Starting from 6th June, a new version of the infamous banking trojan Ursnif hit Italian companies. This malware is well known to the cyber-security community, the Ursnif banking Trojan was […]

Pierluigi Paganini June 22, 2018
Crooks exploit CVE-2018-7602 Drupal flaw, aka Drupalgeddon3 to deliver Monero miner

Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems. The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in April with the release of versions 7.59, 8.4.8 and 8.5.3. The security patch for the […]

Pierluigi Paganini June 22, 2018
GZipDe Downloader spotted serving a Metasploit backdoor

Security experts from AlienVault have spotted a new piece of malware named GZipDe that was used in a cyber-espionage campaign. GZipDe is downloader that is used by threat actors to fetch other payloads from a server controlled by attackers. The malware was detected after user from Afghanistan has uploaded a weaponized Word document on VirusTotal service, the […]

Pierluigi Paganini June 22, 2018
Red Alert 2.0 Android Trojan available for rent in the underground at $500 per Month

According to researchers at Trustwave, the source code of the Red Alert 2.0 Android Trojan is now available for rent on cybercrime underground forums at $500 per month. The experts discovered the latest variant because received a malicious apk via mail and analyzed it. “It all started with a spam message, which curiously had an Android App attachment. […]

Pierluigi Paganini June 21, 2018
Magento credit card stealer Reinfector allows reinfect sites with malicious code

Cybercriminals used the ‘credit card stealer reinfector’ to reinfect the websites and continue to steal personal and financial data. Researchers at Sucuri reported crooks are using a very simple evasion technique to reinfect Magento websites after their malicious code has been removed. Cybercriminals have devised a method to hide the malicious code, the ‘credit card stealer reinfector’, used to […]

Pierluigi Paganini June 21, 2018
Building a malware distribution network is too easy with Kardon Loader

Researchers at Netscout Arbor have discovered a malware downloader advertised on underground forums as a paid open beta product, its name is Kardon Loader. Researchers from Netscout Arbor have discovered a downloader advertised on underground forums dubbed Kardon Loader, it allows customers to build a malware distribution network or a botshop. Advs for Kardon Loader were first discovered on April 21, 2018, the author […]

Pierluigi Paganini June 21, 2018
Chronicle launches VirusTotal Monitor to reduce false positives

Alphabet owned cybersecurity firm Chronicle announced the launch of a new VirusTotal service that promises to reduce false positives.  VirusTotal Monitor service allows developers to upload their application files to a private cloud store where they are scanned every day using anti-malware solutions from antivirus vendors in VirusTotal. Every time the service flags the file as malicious, […]