Kiron: Rust Adoption and Browser Extensions Community Identifiers: Grandoreiro Type: Banking Trojan and Information Stealer July 2024: NestoLoader Integration Kiron was distributed via NestoLoader, which is a loader written in JPHP — a PHP implementation that runs in the Java virtual machine (VM). JPHP is not commonly used to develop eCrime malware because … [Read more...] about Latin American eCrime Malware Evolution in 2024
Malware
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
Dec 14, 2024Ravie LakshmananBotnet / Ad Fraud Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country. In a statement published earlier this week, authorities said they severed the communications between the devices and … [Read more...] about Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
Nov 23, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties … [Read more...] about North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Nov 22, 2024Ravie LakshmananCyber Attack / Malware The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an … [Read more...] about APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
Nov 18, 2024Ravie LakshmananThreat Intelligence / Ransomware Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass … [Read more...] about New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the … [Read more...] about DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
Nov 15, 2024Ravie LakshmananCyber Espionage / Malware Cybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands. Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the … [Read more...] about Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware … [Read more...] about North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
Nov 06, 2024Ravie LakshmananSaaS Security / Threat Detection An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. "Leveraging Microsoft SaaS services — including Teams, SharePoint, Quick Assist, and OneDrive — the attacker … [Read more...] about VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking … [Read more...] about New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection