backdoor Archives - Page 9 of 23

Pierluigi Paganini May 26, 2020

New Turla ComRAT backdoor uses Gmail for Command and Control

Researchers uncovered a new advanced variant of Turla’s ComRAT backdoor that leverages Gmail’s web interface as C2 infrastructure. Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ, which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to […]

Pierluigi Paganini April 05, 2020

Experts uncovered hidden behavior in thousands of Android Apps

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security analyzed thousands of mobile applications for Android and discovered dangerous behavior, including backdoors and blacklists. “While these apps have rich and useful functionality […]

Pierluigi Paganini March 05, 2020

Malware campaign employs fake security certificate updates

Crooks are using a new phishing technique to trick victims into accepting the installation of a security certificate update and deliver malware. Security experts from Kaspersky Lab discovered spotted a new attack technique used by crooks to distribute malware by tricking victims into installing a malicious “security certificate update” when they visit compromised websites. We […]

Pierluigi Paganini February 01, 2020

Winnti APT Group targeted Hong Kong Universities

Winnti Group has compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. Hackers from the China-linked Winnti group have compromised computer systems at two Hong Kong universities during the Hong Kong protests that started in March 2019. Researchers from ESET discovered the attacks in November 2019 […]

Pierluigi Paganini January 28, 2020

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

The vendor Fortinet has finally released security patches to remove the hardcoded SSH keys in Fortinet SIEM appliances. Fortinet has finally released security updates to remove the hardcoded SSH keys in Fortinet SIEM appliances. Recently Andrew Klaus, a security specialist from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that […]

Pierluigi Paganini October 21, 2019

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security experts have a new malware, dubbed skip-2.0 used by the China-linked APT group to establish a backdoor in Microsoft SQL Server systems. Security experts at ESET have discovered a new malware, dubbed skip-2.0, used by the Chinese Winnti cyberespionage group to gain persistence on Microsoft SQL Server systems. The Winnti group was first spotted by […]

Pierluigi Paganini October 20, 2019

Fake UpdraftPlus WordPress Plugins used to backdoor sites

Threat actors leverage malicious plugins that hide in plain sight to backdoor WordPress websites and to use them for brute-forcing other sites. The use of fake WordPress plugins installed by hackers is not a novelty, recently at Sucuri observed multiple infections aimed at installing fake plugins with backdoor capabilities. Attackers use automated tools to create malicious WordPress […]

Pierluigi Paganini September 24, 2019

A new Fancy Bear backdoor used to target political targets

Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28, Sednit, Sofacy, Zebrocy, and Strontium) aimed at political targets. In the recent attacks, the hackers […]

Pierluigi Paganini September 23, 2019

TortoiseShell Group targets IT Providers in supply chain attacks

Symantec spotted a new threat actor, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. Symantec researchers spotted a new threat group, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. The group was first spotted in 2018, but experts speculate that it has been active for […]

Pierluigi Paganini September 09, 2019

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy data. Stealth Falcon is a nation-state actor active since at […]

backdoor

New Turla ComRAT backdoor uses Gmail for Command and Control

Experts uncovered hidden behavior in thousands of Android Apps

Malware campaign employs fake security certificate updates

Winnti APT Group targeted Hong Kong Universities

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Fake UpdraftPlus WordPress Plugins used to backdoor sites

A new Fancy Bear backdoor used to target political targets

TortoiseShell Group targets IT Providers in supply chain attacks

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Spain awarded €12.3 million in contracts to Huawei

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

QUICK LINKS

backdoor

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!