Pierluigi Paganini
October 08, 2016
OilRig campaign – An Iran-linked hacker group which previously targeted organizations in Saudi Arabia has now set its sights on other countries. Iranian hackers which previously targeted organizations in Saudi Arabia are now targeting organizations in other countries, including the US, as part of a campaign identified as OilRig campaign. In addition to expanding its reach, the group has been enhancing its malware tools. Researchers at Palo Alto Networks have been monitoring the group for some time and have reported observing attacks launched by a threat actor against financial institutions and technology companies in Saudi Arabia and on the Saudi defense industry. This campaign referred to as “OilRig,” by Palo Alto Networks, entails weaponized Microsoft Excel spreadsheets tracked as “Clayslide” and a backdoor called “Helminth.” Bank attacks by the Iran-linked group were analyzed and documented by FireEye in May. Security Week reports that Palo Alto Networks, “discovered that it has also targeted a company in Qatar and government organizations in the United States, Israel and Turkey.” Helminth is delivered, by the threat actors behind OilRig, by way of spear-phishing emails and malicious macro-enabled Excel documents. For instance, in the caseof a Turkish government organization, the Excel file was designed to replicate a login portal for an airline. There are four variants of the Helminth malware and the threat, capable of communicating with its command and control (C&C) server over both HTTP and DNS, can gain information on the infected device and download additional files via a remote server. One type of Helminth malware relies on VBScript and PowerShell scripts. Another is deployed as an executable file. Delivered by […]
Pierluigi Paganini
October 01, 2016
If you have a D-Link DWR-932 B LTE Wireless router you need to know that it is affected by more that 20 security issues, including backdoor accounts. D-Link ‘s DWR-932B LTE router and access point has been found vulnerable to a number of backdoors as well as a default WPS (Wi-Fi Protected Setup) PIN. Security […]
Pierluigi Paganini
September 26, 2016
Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites on the web. The […]
Pierluigi Paganini
September 15, 2016
A Dutch Computer Science student discovered the presence of a backdoor that could allow an attacker to silently install any app on Xiaomi phones. A Dutch Computer Science student, Thijs Broenink, who analyzed his Xiaomi mobile device discovered the presence of a backdoor that could allow an attacker to silently install any app on the phone. The […]
Pierluigi Paganini
September 10, 2016
Experts from Dr Web discovered a new Linux Trojan called Linux.BackDoor.Irc.16 that is written in the Rust programming language. It is a prolific period for Vxers working on Linux Trojan, a new strain was recently spotted by experts from Doctor Web. The new Linux Trojan has been named Linux.BackDoor.Irc.16 and is written in the Rust programming language.Rust […]
Pierluigi Paganini
September 08, 2016
Malware researchers from Kaspersky Lab confirmed the existence of an OS X variant of the Mokes backdoor discovered in January by Kaspersky. Malware researchers from Kaspersky Lab confirmed the existence of an OS X variant of a recently discovered family of cross-platform backdoors. The backdoors family was named Mokes and a strain of malware was […]
Pierluigi Paganini
August 25, 2016
The Linux Trojan Linux.PNScan is back and it is actively targeting routers based on x86 Linux in an attempt to install backdoors on them. Yesterday I wrote about a new Linux Trojan dubbed Linux.Rex.1, a new Linux malware that is capable of self-spreading and creating a peer-to-peer botnet, now experts from Malware Must Die discovered a new strain […]
Pierluigi Paganini
July 27, 2016
Security experts at Symantec revealed that the Patchwork hacker crew is now expanding espionage activities on companies in a wide range of industries. Security experts from Symantec have spotted a new cyber espionage campaign managed by the Patchwork group targeting organizations in multiple industries. The hacker crew is a well-known group, its activities are focused on diplomatic […]
Pierluigi Paganini
July 11, 2016
ProofPoint have found in the wild a backdoored version of the popular Pokemon GO Android App that could allow attackers to gain control over victim’s device The gamers are going crazy for the last Nintendo game Pokemon GO which uses augmented reality , the mobile app is used by players to walk around and collect […]
Pierluigi Paganini
July 05, 2016
Experts from security firm Heimdal Security have detected a malicious spam campaign delivering attachments laced with the Adwind RAT. Experts from cyber security firm Heimdal Security has spotted a spam campaign delivering the Adwind RAT (Remote Access Trojan). The threat is a privileged weapon in the arsenal of criminal organizations, the Adwind RAT is a cross-platform malware that can […]
