Recherche : [malware]

Hunting Russian Intelligence “Snake” Malware https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

10/05/2023 09:59:47

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.

The malware threat landscape: NodeStealer, DuckTail, and more https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/

05/05/2023 10:43:38

We’re sharing our latest research and analysis into malware campaigns that are targeting online businesses — including newer malware posing as AI tools.

Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/

04/05/2023 21:16:28

A macOS infostealer being sold on Telegram, Atomic Stealer has a second variant that appears primed to target users directly on YouTube.

'RustBucket' malware targets macOS https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

21/04/2023 17:30:05

Learn how APT group, BlueNoroff, targets Apple with malware variant to compromise macOS devices.

Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch https://techcrunch.com/2023/04/18/apple-lockdown-mode-iphone-nso-pegasus/

19/04/2023 08:42:58

Apple has fixed the three exploits used to deploy the Pegasus spyware, which did not require any interaction from the target.

QBot banker delivered through business correspondence https://securelist.com/qbot-banker-business-correspondence/109535/

17/04/2023 22:18:33

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family. The malware would be delivered through e-mails that were based on real business letters the attackers had gotten access to.

The (Not so) Secret War on Discord https://www.cyberark.com/resources/threat-research-blog/the-not-so-secret-war-on-discord

16/04/2023 11:44:17

CyberArk Labs discovered a new malware called Vare that is distributed over the popular chatting service, Discord. Vare has been used to target new malware operators by using social engineering tactics on them. Additionally, we have found that Vare uses Discord’s infrastructure as a backbone for its operations. This malware is linked to a new group called “Kurdistan 4455” based out of southern Turkey and is still early in its forming stage.

Mac Malware MacStealer Spreads as Fake P2E Apps https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html

05/04/2023 21:03:16

We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.

New OpcJacker Malware Distributed via Fake VPN Malvertising https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html

29/03/2023 21:26:28

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security? https://www.sentinelone.com/blog/blackmamba-chatgpt-polymorphic-malware-a-case-of-scareware-or-a-wake-up-call-for-cyber-security/

20/03/2023 20:54:34

The rise of publicly-accessible Al models like ChatGPT has produced some interesting attempts to create malware. How seriously should defenders take them?

Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem

17/03/2023 21:06:14

A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.

Ransomware Attacks Have Entered a ‘Heinous’ New Phase https://www.wired.com/story/ransomware-tactics-cancer-photos-student-records/

14/03/2023 22:58:12

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html

01/03/2023 21:10:36

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay https://www.computerworld.com/article/3689149/hard-to-spot-mac-crypto-mining-threat-xmrig-hits-pirate-bay.html

27/02/2023 21:14:56

Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.

When Low-Tech Hacks Cause High-Impact Breaches https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/

27/02/2023 11:52:55

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's…

Beware of macOS cryptojacking malware. https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/

24/02/2023 23:10:33

You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/

14/02/2023 21:38:22

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

HTML Smuggling: The Hidden Threat in Your Inbox https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-smuggling-the-hidden-threat-in-your-inbox/

09/02/2023 18:21:15

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials.

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html

09/02/2023 18:11:58

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.

Onenote Malware: Classification and Personal Notes https://marcoramilli.com/2023/02/04/onenote-malware-classification-and-personal-notes/

06/02/2023 18:59:12

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side - so nothing really relevant to write on - the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it…

Liens par page

Filtres