malware

Pierluigi Paganini June 05, 2020
Multi-platform Tycoon Ransomware employed in targeted attacks

Experts recently discovered a multi-platform ransomware, dubbed Tycoon Ransomware, that uses a Java image file (JIMAGE) to evade detection. Experts from BlackBerry Threat Intelligence and KPMG recently discovered a new strain of multi-platform ransomware dubbed Tycoon ransomware. The Tycoon ransomware was used in highly targeted attacks, its operators recently targeted small to medium-sized companies and […]

Pierluigi Paganini June 04, 2020
Cycldek APT targets Air-Gapped systems using the USBCulprit Tool

A Chinese threat actor tracked as Cycldek (aka Goblin Panda, or Conimes) has developed new tool to steal information from air-gapped systems. Security experts from Kaspersky Lab reported that the Chinese threat actor tracked as Cycldek (aka Goblin Panda, or Conimes) has developed new tool to steal information from air-gapped systems. The Cycldek group was […]

Pierluigi Paganini May 31, 2020
Coronavirus-themed attacks May 24 – May 30, 2020

This post includes the details of the Coronavirus-themed attacks launched from May 24 to May 30, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. May 26 – Hangzhou could permanently adopt COVID-19 […]

Pierluigi Paganini May 30, 2020
A new COVID-19-themed campaign targets Italian users

Security researchers uncovered a new COVID-19-themed campaign targeting users of the National Institute for Social Security (INPS). Security experts from D3Lab have uncovered a new COVID-19-themed phishing campaign that is targeting the users of the Italian National Institute for Social Security (INPS). Like a previous campaign observed in early April, threat actors set up a fake […]

Pierluigi Paganini May 29, 2020
Steganography in targeted attacks on industrial enterprises in Japan and Europe

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations […]

Pierluigi Paganini May 28, 2020
Valak a sophisticated malware that completely changed in 6 months

Valak malware has rapidly changed over the past six months, it was initially designed as a loader, but now it implemented infostealer capabilities. The Valak malware completely changed over the past six months, it was first developed to act as a loader, but now it implements also infostealer capabilities.  The malicious code fist appeared in […]

Pierluigi Paganini May 28, 2020
Ke3chang hacking group adds new Ketrum malware to its arsenal

The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. The Ke3chang hacking group (aka APT15, Vixen Panda, Playful Dragon, and Royal APT) has developed new malware dubbed Ketrum by borrowing parts of the source code and features from their older Ketrican and […]

Pierluigi Paganini May 27, 2020
Microsoft warns about ongoing PonyFinal ransomware attacks

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. Microsoft’s security team issued a series of tweets warning organizations to deploy protections against a new piece of ransomware dubbed PonyFinal that has been in the wild over the past […]

Pierluigi Paganini May 27, 2020
Researchers dismantled ShuangQiang gang’s botnet that infected thousands of PCs

A joint operations conducted by experts from Chinese firms Qihoo 360 Netlab and Baidu dismantle the ShuangQiang ‘s botnet infecting over hundreds of thousands of systems. A joint operation conducted by Chinese security firm Qihoo 360 Netlab and tech giant Baidu disrupted a botnet operated by a group tracked as ShuangQiang (aka Double Gun) that infected […]

Pierluigi Paganini May 26, 2020
New Turla ComRAT backdoor uses Gmail for Command and Control

Researchers uncovered a new advanced variant of Turla’s ComRAT backdoor that leverages Gmail’s web interface as C2 infrastructure. Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ, which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to […]