Apr 11, 2023Ravie LakshmananSoftware Security / Cryptocurrency Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated … [Read more...] about Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Malware
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Apr 10, 2023Ravie LakshmananWeb Security / Malware Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites. The attacks are known to play … [Read more...] about Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques
Apr 05, 2023Ravie LakshmananCyber Threat / Dark Web The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis. The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 … [Read more...] about Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques
Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service
Apr 03, 2023Ravie LakshmananUnited States A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in … [Read more...] about Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Mar 29, 2023Ravie LakshmananCryptocurrency / Malware Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day … [Read more...] about Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Mar 28, 2023Ravie LakshmananMalware Attack / Hacking A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," … [Read more...] about Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Mar 22, 2023Ravie LakshmananDevOpsSec / Malware The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script … [Read more...] about Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and … [Read more...] about BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
North Korean UNC2970 Hackers Expands Operations with New Malware Families
Mar 10, 2023Ravie LakshmananCyber Attack / Malware A North Korean espionage group tracked as UNC2970 has been observed employing previously undocumented malware families as part of a spear-phishing campaign targeting U.S. and European media and technology organizations since June 2022. Google-owned Mandiant said the threat cluster shares "multiple overlaps" with a … [Read more...] about North Korean UNC2970 Hackers Expands Operations with New Malware Families
SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics
Mar 02, 2023Ravie LakshmananLinux / Cyber Threat The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features designed to evade security software … [Read more...] about SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics