Pierluigi Paganini
July 08, 2022
The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […]
Pierluigi Paganini
July 08, 2022
Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […]
Pierluigi Paganini
July 07, 2022
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […]
Pierluigi Paganini
July 07, 2022
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […]
Pierluigi Paganini
July 06, 2022
Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks Unit 42 discovered that a sample uploaded to the VirusTotal database on May 19, 2022 and considered benign by almost all the antivirus, was containing a payload associated with Brute Ratel C4 (BRc4), a new red-teaming and […]
Pierluigi Paganini
July 06, 2022
Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […]
Pierluigi Paganini
July 06, 2022
Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps and web forms on websites that included the modules. The malicious NPM modules were delivered as part of a […]
Pierluigi Paganini
July 05, 2022
AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […]
Pierluigi Paganini
July 04, 2022
The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […]
Pierluigi Paganini
July 03, 2022
Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […]
