Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity … [Read more...] about Experts Uncover Several C&C Servers Linked to WellMess Malware
Malware
Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an "unusual" campaign. The backdoor is distributed via a decoy document named … [Read more...] about Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs
UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the … [Read more...] about UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers … [Read more...] about Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
Trickbot Malware Returns with a new VNC Module to Spy on its Victims
Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement. "The new capabilities discovered are used to monitor and gather intelligence … [Read more...] about Trickbot Malware Returns with a new VNC Module to Spy on its Victims
WildPressure APT Emerges With New Malware Targeting Windows and macOS
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent threat … [Read more...] about WildPressure APT Emerges With New Malware Targeting Windows and macOS
Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories
Cisco Secure Endpoint (AMP for Endpoints) with Malware Analytics (ThreatGrid) offers Prevention, Detection, Threat Hunting and Response capabilities in a single solution. It protects Endpoints (Windows, Mac, Linux, Android, and iOS) and prevents breaches, blocks malware at the point of entry and continuously monitors and analyses files and processes to quickly detect, contain, … [Read more...] about Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories
Malware disguised as Minecraft mods on Google Play, continued
Although we recently reported finding 20 apps in Google Play posing as Minecraft modpacks — the most popular with more than a million downloads — Minecraft-themed malware continues to pop up in Google Play. Instead of doing anything they claimed, the apps turned users’ smartphones and tablets into extremely intrusive advertising tools. To be clear, the apps were totally useless … [Read more...] about Malware disguised as Minecraft mods on Google Play, continued
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of … [Read more...] about Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent … [Read more...] about Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal