Feb 05, 2024NewsroomCyber Espionage / Cyber Extortion The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play … [Read more...] about Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware
Infect
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Mar 22, 2023Ravie LakshmananDevOpsSec / Malware The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script … [Read more...] about Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
As many as three disparate but related campaigns between March and Jun 2022 have been found to deliver a variety of malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners onto compromised systems. "The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the … [Read more...] about Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers
Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets
LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions. "The affiliates that use LockBit's services conduct their attacks according to their preference and use different tools and techniques to achieve their goal," Cybereason security analysts Loïc Castel and … [Read more...] about Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets
North Korean Hackers Using Windows Update Service to Infect PCs with Malware
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned … [Read more...] about North Korean Hackers Using Windows Update Service to Infect PCs with Malware
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to download an additional payload, a … [Read more...] about Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware
Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
Magecart strikes again!Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings.Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals … [Read more...] about Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide.Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode … [Read more...] about Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware