Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading … [Read more...] about Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Malicious
OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
Oct 10, 2024Ravie LakshmananCybercrime / Disinformation OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and … [Read more...] about OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation
New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Aug 23, 2024Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant … [Read more...] about New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads
Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro
On July 24, 2024, an unattributed threat actor distributed a password-protected installer masquerading as an inauthentic Falcon Crash Reporter Installer to a German entity in an unattributed spear-phishing attempt. Subsequent analysis revealed that executing the installer with the threat actor-provided password leads to a novel execution chain in which an agent written to the … [Read more...] about Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
Summary On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic CrowdStrike Crash Reporter installer via a website impersonating a German entity. The website was registered with a sub-domain registrar. Website artifacts indicate the domain was likely created on July 20, 2024, one day after an issue present in a … [Read more...] about Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Jul 27, 2024NewsroomCybersecurity / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It … [Read more...] about Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered … [Read more...] about This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
Jul 18, 2024NewsroomMalware / Windows Security Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous … [Read more...] about HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Jul 16, 2024NewsroomMobile Security / Online Security Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a … [Read more...] about ‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
Prevent Breaches by Spotting Malicious Browser Extensions
As workforce productivity increasingly depends on web-based applications, browsers have become essential gateways to the “connectivity economy.” According to recent data, 93% of desktop internet traffic in 2023 traversed through four popular web browsers. With their diverse functionalities and use cases, browsers are the most used desktop applications. To further expand their … [Read more...] about Prevent Breaches by Spotting Malicious Browser Extensions