malware

Pierluigi Paganini May 01, 2019
Crooks exploit Oracle WebLogic flaw to deliver Sodinokibi Ransomware

Threat actors are exploiting a recently patched critical Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware to organizations. Threat actors are delivering a new piece of malware, tracked as Sodinokibi, by exploiting a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation, it […]

Pierluigi Paganini April 30, 2019
ElectrumDoSMiner botnet reached 152,000 hosts

Researchers at Malwarebytes are monitoring the evolution of the ElectrumDoSMiner DDoS botnet that reached 152,000 infected hosts. MalwareBytes researchers are closely monitoring attacks against users of the popular Electrum Bitcoin wallet, in particular, the evolution of the Electrum DDoS botnet. In mid-April, experts at MalwareBytes published a report warning of cyber attacks against users of […]

Pierluigi Paganini April 29, 2019
New Emotet variant uses connected devices as proxy C2 servers

Researchers at Trend Micro have uncovered a malware campaign distributing a new Emotet Trojan variant that compromises devices and uses them as Proxy C2 servers. Trend Micro discovered a new variant of the Emotet Trojan that is able to infect devices and use them as proxy command-and-control servers. The new variant also employs random URI […]

Pierluigi Paganini April 28, 2019
Signed Malspam campaigns hit Europeans with Multi-Stage JasperLoader

Experts observed several malspam campaigns using signed emails to deliver the GootKit banking Trojan (aka talalpek or Xswkit). Threat actors leverage a multi-stage malware loader tracked as JasperLoader in the malspam campaigns over the past few months. The JasperLoader was observed while distributing malware to targets from Central Europe, most of them in Italy and […]

Pierluigi Paganini April 23, 2019
FireEye experts found source code for CARBANAK malware on VirusTotal

Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before. Researchers at FireEye discovered that the Carbanak source code has been available on VirusTotal for two years, but it was not noticed before. The Carbanak gang (aka FIN7, Anunak or Cobalt) stole over […]

Pierluigi Paganini April 21, 2019
INPIVX hidden service, a new way to organize ransomware attacks

A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel. A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and […]

Pierluigi Paganini April 17, 2019
A new variant of HawkEye stealer emerges in the threat landscape

A new variant of the HawkEye data stealer emerges in the threat landscape as part of ongoing malware distribution campaigns. New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. The malware has been under active development since at least 2013 and it is offered for […]

Pierluigi Paganini April 16, 2019
FireEye releases FLASHMINGO tool to analyze Adobe Flash files

Cyber security firm FireEye announced the release of FLASHMINGO, a new open source tool designed to automate the analysis of Adobe Flash files. FireEye released FLASHMINGO, a new open source tool designed to automate the analysis of Adobe Flash files. Adobe Flash is one of the most exploited software components of the last decade, even […]

Pierluigi Paganini April 16, 2019
Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Scranos is a powerful cross-platform rootkit-enabled spyware discovered while investigating malware posing as legitimate software like video players, drivers and even anti-virus products. The Scranos rootkit malware was first discovered late last year when experts at Bitdefender were analyzing a new password- and data-stealing operation leveraging around a rootkit driver digitally signed with a stolen […]

Pierluigi Paganini April 14, 2019
Romanian duo convicted of fraud Scheme infecting 400,000 computers

Two Romanian hackers are convicted of infecting 400,000 computers in the U.S. with malicious code and stole millions of dollars from the victims. Bogdan Nicolescu and Radu Miclaus are convicted of infecting 400,000 computers, most of them in the U.S.. The malware was developed to steal credentials, financial data, personal information, then the crooks offered […]