Feb 29, 2024NewsroomLinux / Network Security Threat hunters have discovered a new Linux malware called GTPDOOR that's designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to … [Read more...] about GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
Malware
FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
Feb 18, 2024NewsroomMalware / Cybercrime A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was … [Read more...] about FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
MoqHao Android Malware Evolves with Auto-Execution Capability
Feb 09, 2024NewsroomMobile Security / Cyber Threat Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a … [Read more...] about MoqHao Android Malware Evolves with Auto-Execution Capability
Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware
Feb 05, 2024NewsroomCyber Espionage / Cyber Extortion The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play … [Read more...] about Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
Jan 27, 2024NewsroomMalware / Software Update Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign … [Read more...] about AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and … [Read more...] about Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware
Jan 06, 2024NewsroomMalware / Cyber Attack The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been attributed to an Iranian … [Read more...] about Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware
Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
Jan 03, 2024NewsroomMalware / Data Theft Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat … [Read more...] about Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
Dec 29, 2023NewsroomEmail Security / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, … [Read more...] about CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
Dec 26, 2023NewsroomMalware / Cybercrime The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned … [Read more...] about Carbanak Banking Malware Resurfaces with New Ransomware Tactics