Experts at Symantec detected Lockdroid a new piece of Android ransomware capable of locking devices and fully wiping user data via factory resets. A new strain of ransomware called Lockdroid (Android.Lockdroid.E) is threatening Android users. The mobile ransomware has been detected by experts at Symantec, it is able to lock the device, change the PINs, […]

VirusTotal presented a new malware scanning engine that allows users to analyze their firmware images searching for malicious codes. VirusTotal has recently announced the launch of a new malware scanning service for firmware images. The intent is to allow users to identify malicious firmware images. Threat actors could exploit vulnerabilities in firmware to hack systems […]

According to a new report from Panda Security more than 84 million new malware samples were detected over the 2015, 27% of all malware of ever. In 2015, security experts have detected the a record number of new malware, according to a report published by Panda Security more than 84 million new malware samples were collected. […]

Experts at Dr Web discovered dozens of Android game apps in the Google Play Store have been infected with the Android.Xiny Trojan. Bad news for Android users, according to the security Doctor Web firm dozens of game apps in the Google Play Store have been infected with the Android.Xiny.19.origin Trojan. The malware could allow attackers to control the victim’s […]

Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache Backdoor ported from Linux to Window. Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache (Backdoor.Linux.Mokes.a), initially affecting Linux systems and now migrated to Windows. The backdoor allows attackers to gain complete control over the victim’s machine, it also […]

Unknowns have pwned the Dridex botnet and are using it to spread a legitimate copy of the Avira Antivirus software instead the malicious payload. This story is very intriguing, someone has hacked a portion of the dreaded Dridex botnet and replaced malicious links with references to installers for the Avira Antivirus. The Antivirus company denies […]

Experts at Trend Micro discovered strains of BlackEnergy malware involved in the recent attacks against Ukrainian Mining and Railway Systems. BlackEnergy was in the headlines when the security industry examined the power outage occurred in Ukraine in December 2015. The BlackEnergy malware is a threat improved to target SCADA systems, the latest variant includes the KillDisk component developed to wipe […]

Cyber criminals demanded $3.6M after a ransomware-based attack takes offline the systems at the Hollywood Presbyterian Medical Center. In the “2016 Cyber Security Predictions: From Extortion to Nation-state Attacks” I published at the end of 2015 I have predicted the criminal practices of the extortion will reach levels never seen before. “Cyber criminals will use […]

Malware researchers at PaloAlto discovered the Fysbis Trojan, a simple and an effective Linux threat used by the Russian cyberspy group Pawn Storm. Do you remember the Pawn Storm hacking crew? Security experts have identified this group of Russian hackers with several names, including APT28, Sofacy or Sednit, it has been active since at least 2007. The name Pawn Storm is used by security […]

In May 2015, the Chinese security firm Qihoo 360 published a report on a Trojan called OceanLotus that was being used since 2012 for APT attacks in the Chinese market. The APT attacks based  on the OceanLotus focused on government organizations, research institutes, maritime agencies, and companies specializing in other activities. At the time were […]

In May 2015, the Chinese security firm Qihoo 360 published a report on a Trojan called OceanLotus that was being used since 2012 for APT attacks in the Chinese market. The APT attacks based  on the OceanLotus focused on government organizations, research institutes, maritime agencies, and companies specializing in other activities. At the time were […]

Comodo Internet Security, in the default configuration, installs an application called GeekBuddy that also installs a VNC server enabled by default. The hackers of the Google Project Zero Team have found another serious security issue in the Comodo’s protection software, it is a VNC server enabled by default with a password easy to guess. It […]

Security researchers discovered a strain of ransomware called Locky that uses AES encryption to encrypt local files and files on network shares. Security researchers have discovered a new piece of ransomware called Locky, which uses AES encryption algorithm to encrypt both local files and files on network shares, even if they are unmapped. Security experts […]

The cybercrime ecosystem is getting ready to exploit the media attention on the Zika virus infections for illegal activities. Be careful! What is the relationship between the Zika virus and a malware? It’s just a matter of opportunity, the cyber crime ecosystem is getting ready to exploit the media attention on current issues for illegal […]

The cybercrime ecosystem is getting ready to exploit the media attention on the Zika virus infections for illegal activities. Be careful! What is the relationship between the Zika virus and a malware? It’s just a matter of opportunity, the cyber crime ecosystem is getting ready to exploit the media attention on current issues for illegal […]

Operators running websites based on the WordPress and Joomla must be aware of a spike in the number of compromised platforms used in Admedia attacks. Not only WordPress CMS, threat actors behind the “Admedia attacks” are now looking with increasing interest to Joomla. This is the discovery made by the experts at the Internet Storm […]

Financially-motivated actors have targeted employees of at least six Russian banks into installing the Ratopak Trojan, experts have found evidence of an extended hacking campaign. According to the Symantec security firm, a cyber criminal gang financially -motivated has targeted employees of Russian banks. The threat actors have been using a Trojan called Ratopak to gain control over the […]

The security researcher Kafeine confirmed that the authors of the Angler EK have integrated the exploit for a recently patched Microsoft Silverlight vulnerability. Ransomware is becoming one of the most dreaded cyber threats for netizens, security experts noticed a surge in the number of cyber attacks aimed to spread malware like Cryptowall and TeslaCrypt. Exploit kits like the Nuclear EK […]

New ransomware infections hit Germany hospitals, at least two structures were infected by the dreaded malware. New ransomware infections hit hospitals in Germany, at least two of them were infected by the dreaded malware. According to local reports, the systems at two German hospitals were infected by a ransomware, in a similar way occurred recently at the US Hollywood […]

The German Interior Ministry has approved the use of a federal Trojan developed by the German Federal Criminal Police. The German Interior Ministry has approved the use a spyware developed by the German Federal Criminal Police, aka the ‘federal Trojan’ or Bundestrojaner, for the investigative purpose. “Soon the state could re-enter the computer of suspicious […]

The threat actors behind the FighterPOS PoS malware have added worm capabilities to their malicious code that is now targeting systems in the United States. PoS malware represents a serious threat to several industries, from retail to the hotel industry. During the last twelve months, security experts have discovered a significant number of payment card frauds involving […]

A new OS X sample of the Hacking Team RCS has been detected in the wild, who is managing it? Is the HackingTeam back? A group of malware researchers has discovered a new strain of Mac malware undetected my most security firm, but more  intriguing is the speculation that the malicious code may have been […]

The DarkHotel APT group is back and it is targeting executives at telecommunications companies in China and North Korea. According to threat intelligence start-up ThreatBook, the DarkHotel APT group is targeting executives at telecommunications companies in China and North Korea. The Darkhotel espionage campaign was first uncovered by security experts at Kaspersky Lab in November 2014. The experts […]

Coder in the Brazilian Cyber Criminal underground are Pioneering Cross-platform malware relying on Java archive (JAR) Files. Recently security experts at PaloAlto Networks uncovered a new family of ransomware dubbed KeRanger that targets Mac OS X users, a circumstance that demonstrates that every OS is potentially at risk. Now researchers at Kaspersky Lab have discovered new families […]

Experts at Trustwave observed a new massive spam campaign that was sending a JavaScript attachment that downloads Locky ransomware. Ransomware continues to be among most insidious threats in this first part of the year, security researcher have recently observed a spike in the number of Locky ransomware infections. The experts from Trustwave security firm highlighted the […]

Hacking mechanic’s workshop to infect cars, this is the concept behind a new attack technique devised by the hacker Craig Smith. It might seem far-fetched, it looks like the hacker Craig Smith was able to design a malicious code that could infect computers used in the mechanic’s workworkshop, and these machines can later start infecting […]

After the source code of the Android banking Trojan GM Bot was leaked online, the new version GM Bot v2 was offered for sale. The availability of the source code of a malware in the criminal underground represents a great opportunity for crooks that can customize the threat allowing its evolution in an unpredictable way. […]

After the source code of the Android banking Trojan GM Bot was leaked online, the new version GM Bot v2 was offered for sale. The availability of the source code of a malware in the criminal underground represents a great opportunity for crooks that can customize the threat allowing its evolution in an unpredictable way. […]

Security expert published an interesting analysis of malware targeting the Steam gaming platform and evolution of threats through the last few years. It is emergency, malware targeting the Steam accounts are increasing as never before over the last months. The popular gaming platform is a privileged target for cyber criminals, Steam is owned by Valve and […]

Security expert published an interesting analysis of malware targeting the Steam gaming platform and evolution of threats through the last few years. It is emergency, malware targeting the Steam accounts are increasing as never before over the last months. The popular gaming platform is a privileged target for cyber criminals, Steam is owned by Valve and […]

Security experts from various firms have discovered a malvertising campaign that has been placing malicious ads on very popular websites like BBC and NYT. As the title says, a number of popular websites, including The New York Times, BBC, The Hill, Newsweek, AOL, MSN, and several others, were victims of a malvertising campaign. The attack […]

Security experts from various firms have discovered a malvertising campaign that has been placing malicious ads on very popular websites like BBC and NYT. As the title says, a number of popular websites, including The New York Times, BBC, The Hill, Newsweek, AOL, MSN, and several others, were victims of a malvertising campaign. The attack […]

The new strain of educational ransomware EDA2 is infecting systems in the wild, but experts discovered that it is quite easy to neutralize. Do you remember the EDA2 ransomware? It is one of the educational ransomware developed by the security expert Utku Sen, now a new variant of the EDA2 educational ransomware appeared in the wild and the […]

The new strain of educational ransomware EDA2 is infecting systems in the wild, but experts discovered that it is quite easy to neutralize. Do you remember the EDA2 ransomware? It is one of the educational ransomware developed by the security expert Utku Sen, now a new variant of the EDA2 educational ransomware appeared in the wild and the […]

According to the experts at Heimdal Security firm, the ransomware Teslacrypt 4 arrived and it is infecting systems in the wild. According to the experts at Heimdal Security, the fourth version of the infamous Teslacrypt ransomware has just been launched. Teslacrypt  4 implements new functionalities and is more stable of previous versions, stability, it also […]

According to the experts at Heimdal Security firm, the ransomware Teslacrypt 4 arrived and it is infecting systems in the wild. According to the experts at Heimdal Security, the fourth version of the infamous Teslacrypt ransomware has just been launched. Teslacrypt  4 implements new functionalities and is more stable of previous versions, stability, it also […]

Trend Micro discovered a Business Email Compromise Campaign leveraging on the Olympic Vision keylogger that targets Middle East and Asia Pacific Companies. A new malware-based campaign is targeting key employees from companies in the US, Middle East and Asia. The attackers are using malware in a classic business email compromise (BEC) attack in order to […]

The FBI is investigating cyber-attack at Methodist Hospital in Henderson, once again a ransomware hit a critical infrastructure. Ransomware is one of the most dangerous cyber threats for businesses and government organizations, the number of infections worldwide is in constant increase. Recently I reported the discovery in the wild of the a new variant of the TeslaCrypt, […]

Researchers at Fox-IT warn that the website of security certification provider EC Council has been compromised to host the malicious Angler Exploit Kit. No one is secure, we are all potential targets, even if you are a skilled expert and the fact that I’m going to tell you demonstrates it. The website of security certification provider […]

The Petya ransomware causes a blue screen of death (BSoD) by overwriting the MBR and leaves a ransom note at system startup. Ransomware is one of the most dangerous threats of this first part of the year, recently experts at TrendMicro has spotted a new malicious code dubbed Petya (RANSOM_PETYA.A) that overwrites MBR to lock users out […]

Experts at Carbon Black spotted in the wild a new threat dubbed PowerWare ransomware that exploits PowerShell, the native Windows framework. Authors of ransomware are implementing new features to make their malware even more dangerous and effective. Yesterday I wrote about the new Petya ransomware, which overwrites MBR causing a blue screen of death, now I […]

USB Thief, the new USB-based data-stealing Trojan discovered by ESET that relies on USB devices in order to spread itself and infect also air-gapped systems Security researchers at ESET have discovered a new insidious data-stealer, dubbed USB Thief (Win32/PSW.Stealer.NAI), that relies on USB devices in order to spread itself. USB Thief is able to infect […]

The prevention is better that the cure, users can immunize their PC against CTB-Locker, Locky and TeslaCrypt using Bitdefender Anti-ransomware vaccine. Security experts from the Romanian security vendor Bitdefender have updated their anti-ransomware vaccine in order to protect machines from the latest versions of the CTB-Locker, Locky and TeslaCrypt ransomware. According data recently published by […]

Security experts at FireEye have spotted the activity of a criminal organization that using the custom PoS malware TreasureHunt to target small retailers. Security experts at FireEye have spotted the activity of a criminal organization that using custom PoS malware family to target retailers. Hackers are using the PoS malware dubbed TreasureHunt or TreasureHunter to steal payment card data and sells […]

Security experts from the MalwareHunterTeam have discovered KimcilWare ransomware, a malware specifically designed to target Magento e-commerce platforms. Security experts from the MalwareHunterTeam have spotted a news train of ransomware, called KimcilWare, specifically designed to target Web servers, and more specifically Magento e-commerce platforms. “A new ransomware called KimcilWare has been discovered that appears to be targeting […]

Experts from the ESET firm have spotted a new threat in the wild dubbed Remaiten that targets embedded systems to recruit them in a botnet. ESET is  actively monitoring malicious codes that target IoT systems such as routers, gateways and wireless access points, rather than computers or smartphones. Security researchers from ESET have discovered a new threat dubbed KTN-RM or Remaiten that targets Internet […]

Kaspersky has analyzed the interaction between the Russian and Brazilian criminal underground communities revealing a dangerous interaction. In the past weeks, we have analyzed the evolution of cyber criminal communities worldwide, focusing on illicit activities in the Deep Web. To simplify the approach we have considered the principal cyber criminal communities (Russia, Brazil, North America, Japan, China, Germany) as separated entities, instead, these ecosystems interact […]

The best way to address a threat is to know it so security experts at F-Secure shared a detailed analysis on the new Petya ransomware. Several days ago, I wrote about a new singular Ransomware dubbed Petya that captured the attention of security experts because it causes a blue screen of death (BSoD) by overwriting the MBR. Now […]

The FBI issued a confidential urgent “Flash” message to the businesses and organizations about the Samsam Ransomware, why it is so dangerous? It is emergency, every week security experts launch an alert on a new ransomware, the extortion practice is becoming a profitable business for criminal gangs worldwide. Recently the US and Canada issued a joint warning about the recent […]

A threat actor named TA530 group, has been targeting executives in an attempt to infect their machine with various malware, including ransomware. Ransomware continues to represent one of the greatest threat for the Internet users, the FBI recently issued a confidential urgent “Flash” message to the businesses and organizations about the Samsam Ransomware. Security firms […]

Cyber criminals are exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier disclosed by Adobe. Cyber criminals are already exploiting the Flash player zero-day vulnerability (CVE-2016-1019) affecting Flash Player 21.0.0.197 and earlier (CVE-2016-1019) disclosed by Adobe this week. Researchers at security firm Proofpoint confirmed that cyber gangs are exploiting it to distribute a ransomware dubbed Cerber. […]

Researchers and law enforcement in a joint effort shut down the Mumblehard botnet composed of more than 4000 Linux machines. Security experts have shut down a spam botnet, known as Mumblehard, composed of more than 4,00o Linux machines. In May 2015, researchers from ESER revealed the sophisticated Mumblehard spamming malware infected thousands of Linux and FreeBSD servers going […]

Beware, even things on Amazon come with embedded malware… this is the disconcerting discovery made by the expert Mark Olsen. The security expert Mike Olsen warned about the presence of malware in products sold through the Amazon service. Olsen was searching for outdoor surveillance cameras on Amazon for a friend’s home. He has found an interesting offer […]

Security Researchers have developed a decryption tool to restore the files encrypted by the Petya ransomware with a key generated in less than 10 seconds. Security researchers have analyzed the code of Petya ransomware in order to devise a method to allow victims to restore encrypted files. The experts have been able to develop a decryption tool […]

Security experts from the Heimdal Security firm are issuing an alert on the Atmos malware which is the successor of the dreaded Citadel Trojan. Months ago, the author of the dreaded Citadel malware was sentenced to prison, but in the same period, a new improved variant resurged in the wild. The new strain of Citadel malware, called […]

Experts at BAE Systems revealed that the Qbot malware is back with new evasion techniques and very effective polymorphic capabilities. Security experts at BAE Systems revealed that the Qbot malware is back, they discovered 54,517 infected machines most of them located in the United States (85%). Qbot first appeared in 2009 when was detected by Symantec, […]

The security experts from the  IBM X-Force Research spotted a new threat dubbed GozNym Trojan that combines Gozi ISFB and Nymaim malware abilities. What happens when two threats join their capabilities? Two dangerous Trojans, the Nymaim and Gozi ISFB malware, have been merged to create a new banking Trojan called GozNym. The GozNym Trojan is […]

FireEye has discovered a new strain of POS malware dubbed Multigrain that steals card data from point-of-sale systems and exfiltrates it over DNS. Security experts at FireEye have spotted a new strain of the NewPosThings PoS malware, dubbed Multigrain, that steals payment card data from point-of-sale (PoS) systems and exfiltrate it via DNS to avoid detection. The technique is […]

FireEye has discovered a new strain of POS malware dubbed Multigrain that steals card data from point-of-sale systems and exfiltrates it over DNS. Security experts at FireEye have spotted a new strain of the NewPosThings PoS malware, dubbed Multigrain, that steals payment card data from point-of-sale (PoS) systems and exfiltrate it via DNS to avoid detection. The technique is […]

The authors of the TeslaCrypt ransomware have improved it by implementing new sophisticated evasion techniques and targeting new file types. The authors of the TeslaCrypt ransomware have introduced a couple of significant improvements, the new variant Version 4.1 has been in circulation for about a week. According to the experts at Endgame Inc., VXers have invested […]

The former NSA expert Patrick Wardle has designed RansomWhere, a free ransomware detection tool for the protection of Mac OS X systems. The number of Ransomware-based attacks has risen in a dramatic way, every week the criminal underground community is presenting new threats with improved features that are causing significant economic losses to every industry. Everyday security experts […]

State-sponsored actors in Asia have been leveraging fileless RAT for their hacking campaigns in order to avoid the detection. Security experts from SentinelOne spotted nation-state actors in Asia running espionage campaigns relying on fileless Remote Access Trojan. The state-sponsored hackers were injecting the RAT payload directly into the memory of the target host in order to […]

A new threat is appeared in the wild it is the JIGSAW ransomware that slowly deletes your files as you shilly-shally to pay the ransom. A new crypto-malware has appeared in the wild, its name is JIGSAW ransomware. The BitcoinBlackmailer.exe explains JIGSAW ransomware will encrypt your files adding ‘.FUN’ extension. The author, in the Saw-movie […]

Experts at Malwarebytes observed a new attack pattern that relies on fake social button plugin that redirects visitors to Angler Exploit Kit. Cyber criminals continue to use compromised websites to serve malware or to redirect visitors to domains hosting exploit kits. Experts at Malwarebytes observed a new attack pattern that relies on a domain name to lure […]

Security Experts at Bleeping Computer have discovered a new adware dubbed Faster Internet that takes a screenshot of victims’ computers. Security Experts at Bleeping Computer have spotted a new strain of adware, known as Faster Internet, that takes a screenshot of victims’ PCs. Lawrence Abrams, a computer security expert at Bleeping Computer, explained in a blog post […]

A report published by the BAE firm reveals that criminals who stole $101 million from Bangladesh bank used a malware and could strike again. In March 2016, unknown hackers have stolen more than $100 million from the Bangladesh Bank account at the US Federal Reserve Bank. The experts confirmed that hackers breached the systems at […]

The cybercriminals behind the GozNym Trojan have started targeting users in European countries with a new singular redirection mechanism. Last week, security experts from the IBM X-Force Research spotted a new threat dubbed GozNym Trojan that combines Gozi ISFB and Nymaim malware abilities. The GozNym Trojan is particularly insidious, according to the researchers at the […]

Security experts at Kaspersky have found a way to decrypt files locked by the CryptXXX ransomware by using the RannohDecryptor utility. Good news for the victims of ransomware, the security experts at Kaspersky Lab have successfully cracked the CryptXXX  ransomware. The CryptXXX ransomware was first spotted by experts from Proofpoint in April when a number of compromised websites hosting the Angler exploit kit were […]

Researchers at Trend Micro have spotted a new strain of the Fareit malware being delivered to victims using Windows PowerShell. Security experts at TrendMicro have discovered a new variant of the Fareit data stealer, also known as Pony Loader, that is being spread exploiting Windows PowerShell. Fareit first appeared in the wild in since 2011 and last variant abuse the […]

A group cyber criminals created Ran$umBin, A Dark web service which operates the one-stop shop for monetizing ransomware. These days Ransomware are quite common and it is widespread and heavily used by cyber criminals as common tools to steal data as well as extort their owners. Few days back we had seen a new type of […]

Microsoft issued a detailed report on the activity of the hacking crew dubbed Platinum APT group that leveraged a Windows patching system in its attacks. The hacker crew discovered by Microsoft and dubbed Platinum APT group conducted cyber espionage against organizations in South and Southeast Asia leveraging a Windows patching system. According to Microsoft, the Platinum has […]

Matt Edman is the security expert and former employee of the Tor Project that helped the FBI to hack and de-anonymize Tor users developing the Torsploit. Matt Edman is the cyber security expert and former employee of the Tor Project that helped the FBI to hack and de-anonymize Tor users in several court cases, including the […]

Security experts from Cisco Talos classified as a backdoor the popular Tuto4PC advertising software installed on a network of 12 Million computers. Security experts from Cisco Talos security intelligence and research team have spotted a malicious software that is installed on 12 million computers around the world. Most of the installations are located in the United […]

The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. Another ransomware attack against a critical infrastructure is in […]

The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. The Lansing Board of Water & Light (BWL) utility has had to shut down systems, phone lines in response to a ransomware-based attack. Another ransomware attack against a critical infrastructure is in […]

Experts at MalwareBytes discovered that Pirate Bay users have been targeted by a malvertising campaign serving the Cerber crypto-ransomware. Recently the visitors of the Pirate Bay website were infected with crypto-ransomware.  Threat actors launched a malvertising attack on Pirate Bay and leveraged on bad ads to serve a ransomware. According to the experts at Malwarebytes attackers used […]

The author of the Gozi Banking Trojan who spent about 3 years in jail has been ordered to pay $7 Million to cover damages he caused to banks. Nikita Kuzmin, a 28-year-old Russian national who created the notorious Gozi banking Trojan, has been sentenced to time served and ordered to pay nearly $7 million. Recently […]

Researchers at Palo Alto Networks have come across a new threat used by alleged Iran-linked Hackers in attacks since 2007. Security experts at Palo Alto Networks discovered a new malware, named Infy, that has been likely used by hackers from Iran in cyber espionage operations at least since 2007. The researchers discovered the Infy malware […]

This is a novelty in the cyber criminal underground, crooks behind the new born CyptMix ransomware promise to donate the fee to charity. No doubts, a very creative idea to extort money to the victims enticing them to pay for a good cause and telling them to think to have the opportunity to help the children. […]

Hackers have disrupted a Locky campaign after they compromised one of the cybercriminal servers used by the threat actors. According to the security expert Sven Carlsen from Avira, hackers have dismantled a Locky campaign by hacking the command and control server. Carlsen explained that threat actors behind the Locky campaign spread the threat via spam […]

Experts at the BAE security firms collected evidence that demonstrates the malware used in the recent cyberheists is linked to 2014 Sony Pictures hack. A second bank was a victim of a malware-based attack, the news was recently confirmed by the SWIFT. The investigation conducted by the security researchers at BAE Systems are making the situation very intriguing because […]

Just in a week several new ransomware variants, services, and updates have been discovered in-the-wild, disclosed publicly, and thoroughly analyzed. Statistical Summary This week, in a span of just five (5) days (Monday, May 9th, 2016 – Friday, May 13th, 2016), through the collaborative efforts of several organizations and individual analysts around the globe, several […]

Security Experts at Kaspersky have updated their decryption tool to adapt to the second version of CryptXXX ransomware in the RannohDecryptor 1.9.1.0. A couple of hours ago I published an interesting post the summarizes the ransomware activities in the last week, and unfortunately, this kind of malware is becoming even more popular in the criminal underground. […]

According to the experts at Bitdefender an HTTPS hijacking click-fraud botnet dubbed Redirector.Paco infected almost 1 million devices since now. Security experts at Bitdefender spotted a new click fraud botnet dubbed Redirector.Paco that has been around at least since September 2014 and has already infected more than 900,000 devices over the years. Crooks behind the Redirector.Paco aimed to create a clickbot that […]

Experts at Kaspersky Lab have detected a new variant of  the Skimer malware used to steal money and payment card data from ATMs. Security experts at Kaspersky Lab have spotted a new strain of the malware dubbed ‘Skimer’ (Backdoor.Win32.Skimer). Skimer is an old threat that has been around since 2009, it is used by criminal organizations to […]

A security researcher from ESET security firm issue a Teslacrypt decryption tool after the author closed the project and released a free master key. The victims of the dreaded TeslaCrypt Ransomware now have the opportunity to restore their files by using a decryptor developed by experts from the ESET security Firm. “Today, ESET® released a […]

Researchers at the Microsoft’s Malware Protection Center are warning of a new wave of attacks leveraging malicious macros using a new sneaky trick. Researchers at Microsoft’s Malware Protection Center are warning of a new technique attackers are using to allow macro malware elude detection solutions. The experts first spotted the technique while analyzing a file […]

The authors of the Magnitude exploit kit are integrating the exploit code for the CVE-2016-411 Adobe Flash Player vulnerability. Recently security experts from FireEye detailed the exploit chain for the  Adobe Flaw Vulnerability CVE-2016-4117 that was first spotted by the company earlier May. The CVE-2016-4117 flaw affects older versions of the Adobe Flash, after the disclosure of […]

Security experts from PaloAlto Networks collected evidence that the Operation Ke3chang discovered by FireEye in 2013 is still ongoing. Back in 2013, the security researchers at FireEye spotted a group of China-Linked hackers that conducted an espionage campaign on foreign affairs ministries in Europe. The campaign was named ‘Operation Ke3chang,’ now threat actors behind the […]

Malware authors behind the DMA Locker ransomware have improved the threat is a significant way, now it is ready for a massive distribution. Ransomware represents one of the most worrying cyber threats in the wild, vxers continue to improve their code making hard for victims to defend their systems. Now experts from Malwarebytes researchers are warning […]

According to security experts at Check Point the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and US. Most people interested working with a cloud business model nowadays, even malware programmers. It is better than just one time selling a security exploit, authors of malware are […]

A fourth Bank in Philippines was a victim of the SWIFT hackers and experts at Symantec confirmed the malware shares code with tools used by the Lazarus group. The list of banks victims of the SWIFT hackers is lengthening, a fourth bank in the Philippines has been a victim of the crew that targeted the SWIFT interbank transfer system. […]

PaloAlto Networks has spotted a new campaign conducted by the Wekby APT that leverages on a malware that uses DNS requests for C2 communications. Security experts at Palo Alto Networks have spotted a China-linked APT group that has been using a strain of malware that leverages DNS requests for command and control (C&C) communications. The group […]

According to a new analysis published by experts at Heimdal Security a new Ransomware campaign targeted millions by spoofing Telco giant Telia. Ransomware continues to represent one of the most insidious and aggressive cyber threats, a new campaign launched by threat actors in the wild is impersonating the telecom giant Telia. According to the experts at the […]

Be careful, Microsoft is alerting all Windows users of a new type of a Self-propagating ransomware that exhibits worm-like behavior to propagate itself. Microsoft is alerting all Windows users of a new type of ransomware that exhibits worm-like behavior. “We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This […]

The Analysis of SWIFT attacks revealed five additional pieces of malware containing portions of code shared by Lazarus Group. While security experts continue to investigate the cyber heists that involved SWIFT systems, new evidence collected by a senior security researcher from Anomali Labs link the malware to the North Korean hacker crew known as Lazarus Group. The expert discovered that five […]

Experts at FireEye spotted IRONGATE a mysterious strain of malware that appears to be designed to target industrial control systems (ICS). Security researchers at FireEye have spotted a new strain of malware IRONGATE has been designed to compromise industrial control systems (ICS). The malicious code was designed to manipulate a specific industrial process in a simulated Siemens control […]

More than 10,000 WordPress installations being exploited in the wild due to a vulnerability in the  WP Mobile Detector plugin. Security experts at Sucuri reported that a growing number of WordPress installations have been compromised by hackers exploiting a security flaw in a widely used plugin called WP Mobile Detector. The worrisome news is that […]

Experts at Flashpoint published an interesting analysis of a ransomware campaign organized by a small gang of cyber criminals. Cybercrime is a profitable business, last week we reported that according to security experts at Check Point, the creators of the Nuclear EK are gaining nearly 100K USD each month, most victims are in Europe and […]

Trend Micro experts discovered a new strain of Point-of-Sale (PoS) malware dubbed FastPOS that implements a quick and efficient exfiltration technique. Security experts at Trend Micro have spotted a new strain of PoS malware dubbed FastPOS that is able to quickly exfiltrate harvested data. The malware was used by threat actors to target both enterprises and SMBs […]

Security experts from FireEye have observed attacks leveraging on Angler EK to deliver exploits capable of evading the Microsoft EMET security Tool. Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a free security tool designed by Microsoft to implement a supplemental security layer of defense against the exploitation of vulnerabilities affecting applications running on Windows Systems. […]

New research conducted by Citrix indicates that some businesses are stockpiling Bitcoins so they can pay cybercriminals fast in case of ransomware attacks. New research conducted by Citrix, a corporate networking company, indicates that some businesses are stockpiling Bitcoins so they can pay cybercriminals fast, if their data is held ransom by malicious software. Ransomware […]

Security experts from the SANS observed that new CryptXXX ransomware campaigns are leveraging on the Neutrino Exploit Kit instead the Angler Exploit Kit. Crooks behind the CryptXXX ransomware have launched a new campaign leveraging on the Neutrino Exploit Kit instead the Angler Exploit Kit. It was a significant change in the attack chain that was discovered by the experts […]

The Necurs Botnet, one of the world’s largest malicious architecture, used to spread the dreaded threats appears to have vanished since June 1. In the last months, we have read a lot of news regarding the activities on one of the largest botnet in the wild that was used by crooks to deliver the Dridex […]

The Bolek banking Trojan is one of the successors of the notorious Carberp Trojan that targets both 32-bit and 64-bit Windows systems. When the source code of the Carberp Trojan was leaked online, numerous threat actors developed their own variants. This process allowed a significant evolution of the malware that increased its sophistication across the time. […]

Experts from Cisco Talos team have improved their decryptor tool to allow the recovery of files encrypted by all the Teslacrypt Ransomware variants In May, criminals behind the TeslaCrypt ransomware leaked online the master encryption key that allowed security experts to develop a decryption tool for the last variant of the threat. “In surprising end to TeslaCrypt, […]

The day has come, Sharp and Philips smart TV running the Android TV OS could be infected by a ransomware dubbed FLocker ransomware. When a journalist asked me which is a possible evolution of ransomware I had no doubt, the Internet of Things. I was thinking of ransomware that infects medical devices and Smart objects in our homes. […]

Security experts from Kaspersky Lab revealed that an APT group dubbed ScarCruft exploited the zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-profile targets against entities in […]

The exploit kit landscape is rapidly changing,the Angler and Nuclear EK disappeared and overall malicious traffic drops by 96% since April. As highlighted by security experts the threat landscape is in continuous evolution, despite the criminal underground was monopolized by Angler and Nuclear exploit kits for several years other EKs represent a serious threat to online […]

Conficker (also known as Downup, Downadup e Kido) is one of the oldest and still active malware, according to Check Point researchers it is  “the most prominent family accounting for 14 percent of recognized attacks.” Conficker is technically a worm that leverages a vulnerability in the Windows Server Service to spread itself, it targets an […]

Locky ransomware starts up again its illegal activity of stealing money from their victims after a temporary inactivity since the end of May. This time, it comes with hard-coded javascript downloader making it harder for traditional protection solutions to spot the incoming threat. A new Locky campaign appears in the wild with, experts observed million […]

Experts are continuing to monitor the PunKeyPos malware in the wild, the threat might have already stolen millions of payment card numbers. Experts are continuing to monitor the PunKeyPos malware in the wild, the threat might have already stolen millions of payment card numbers. Security experts from PandaLabs spotted a new strain of the PoS malware dubbed PunkeyPos which seems […]

Security experts from the firm SentinelOne monitored a recent CryptXXX Ransomware campaign that allowed crooks to make $50,000 in a few weeks. Security experts from security firm SentinelOne have analyzed the activity related to CryptXXX ransomware’s operators. They discovered that the gang made around $49,700 from the payment of ransoms between June 4 and June 21, 2016, the money […]

Cloud security provider Avanan discovered a number of Cerber Ransomware variants targeting corporate Office 365 users with malicious emails. Cloud security provider Avanan spotted a number of Cerber Ransomware variants that are targeting corporate Office 365 users with spam or phishing emails leveraging on malicious file attachments. Threat actors sent an Office document that embedded malicious macros to download […]

Security experts confirm that a growing number of cyber-attacks continue to hit hospitals threatening unpatched medical devices. In late 2015, MaineGeneral Health, a new state of the art hospital located in Augusta, Maine, reported that it had fallen victim to a cyberattack that leaked the names, addresses, and phone numbers for patients of its radiology services […]

The authors responsible for Dridex and Locky malware have recently made another appearance, this time with their latest release – Bart malware. Similar to other ransomware, infected users are notified of the compromise with their desktop backgrounds changed with a warning, confirming that their files have been encrypted and offering a number of URLs accessible […]

Canadian online users appear to be the current target of the latest wave of email-based phishing campaigns used to deliver banking malware. Canadian online banking users appear to be the current target of the latest wave of email-based phishing campaigns. While Canada hasn’t been exempt from banking malware attacks in the past, it appears that […]

Experts from security firm Heimdal Security have detected a malicious spam campaign delivering attachments laced with the Adwind RAT. Experts from cyber security firm Heimdal Security has spotted a spam campaign delivering the Adwind RAT (Remote Access Trojan). The threat is a privileged weapon in the arsenal of criminal organizations, the Adwind RAT is a cross-platform malware that can […]

ESET security firm has uncovered an espionage toolkit dubbed SBDH that was used in espionage campaigns targeting government organizations in Europe. Security experts from ESET security firm have spotted an espionage toolkit dubbed SBDH that was used by threat actors in hacking operations targeting government organizations in Europe. The research observed infections in many countries, including […]

A malicious application named EasyDoc Converter.app delivers a sophisticated malware dubbed Eleanor malware that opens a Tor backdoor on the victim’s machine. Experts from security firm Bitdefender have spotted a new malware, dubbed Eleanor malware (Backdoor.MAC.Eleanor), that once compromised Macs set up a backdoor through Tor network. The malicious application, dubbed EasyDoc Converter.app, pretend to be a […]

New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware. The news was recently reported in a blog post by the Cisco Talos team: “We are watching Zepto very carefully. It’s closely tied to Locky, sharing many of the same attributes,” said Craig Williams, […]

Researchers devised a method to unmask malware’s use of TLS without decrypting the data flow. The technique relies on analysis of observable data features. A team of security experts from Cisco demonstrated that it is possible to detect a malware in TLS connections without decrypting the traffic and block it. The researchers Blake Anderson, Subharthi Paul […]

A newly emerging strain of malware dubbed Satana, which was first spotted last week, appears to be basing itself on crypto-lockers Petya and Mischa. Experts from Malwarebytes Labs have described the malicious software to be in the stage of “malware-in-development” with expected growth and evolution to occur over the coming weeks as its popularity and use […]

Security experts from ProofPoint have spotted a new campaign operated by the APT Group NetTraveler that is targeting Russian and European organizations. NetTraveler is an ATP group first spotted by Kaspersky in 2013, when researchers discovered an espionage activity against over 350 high profile victims from 40 countries. The name of the operation derives from the malicious […]

Threat actors in the wild are behind the Realstatistics campaign are leveraging on out-of-date CMSs to deliver the CryptXXX ransomware. Security experts from Sucuri security firm have spotted a new ransomware-based campaign dubbed ‘Realstatistics’ conducted by threat actors in the past two weeks. “Our Incident Response Team (IRT) has been tracking a mass infection campaign over the […]

Experts from Talos team have found a link between the drop in the Angler Kit usage and the crackdown against the Lurk gang. Security experts believe to have found a link between the drop in the Angler Kit usage and the crackdown against the Lurk gang. Law enforcement arrested suspects in June, authorities accused them […]

If you are one of the victims of the Jigsaw ransomware there is a good news for you, experts from CheckPoint Security have defeated it once again. Let’s start the day with a  good news, the Jigsaw ransomware has been decrypted again. The JIGSAW ransomware was first spotted in April when experts noticed that the threat slowly […]

A group of American boffins have devised a system dubbed Crypto Drop that working with a “save what you can” approach is able to defeat all ransomware. A group of researchers from the University of Florida and Villanova University has devised a technique, dubbed Crypto Drop, to defeat all ransomware. The team published a paper […]

The Stampado ransomware is a new threat available for sale on the Dark Web that was discovered by the experts at Heimdal security. Security experts from the Heimdal security firm have discovered a new strain of ransomware dubbed Stampado that is available for sale on the Dark Web. The Stampado ransomware is offered for sale with a […]

The Labs team at SentinelOne recently discovered a sophisticated malware dubbed Furtim specifically targeting at least one European energy company. In May of this year, security researcher Yotam Gottesam with enSilo, began unraveling a mystery that continues to unravel. First reported by FireF0X, a self-proclaimed “ex-malware analyst” located in the Russian Federation, the Furtim malware […]

Operators behind the Neutrino EK have added the code to exploit an Internet Explorer flaw that  was recently patched with the release of the MS16-053. Operators behind the infamous Neutrino EK have recently added the code to exploit an Internet Explorer vulnerability that was patched with the release of the MS16-053 security bulletin. The MS16-053 bulletin patched […]

The malware dubbed Backdoor.MAC.Eleanor is embedded surreptitiously in the fake app EasyDoc Coverter.app and allows to control your webcam from the dark web Following the first ever instance of mac ransomware, recently reported by Palo Alto Networks. A second piece of malware has been discovered in the wild. The malicious software dubbed Backdoor.MAC.Eleanor or OSX/Eleanor-A comes […]

Taiwanese law enforcement agencies are investigating malware-based attacks against ATMs of a national bank that resulted in a $2 million theft. Law enforcement in Taiwan investigating the attacks against ATMs of a major nations bank, the Taiwan’s First Bank. Crooks used a malware to withdraw more than $2 million from dozens of ATMs in the country, it […]

Security experts from Damballa that analyzed the SFG malware confirmed that it was not designed to target SCADA systems in the energy industry Recently, experts from the SentinelOne security firm spotted a sophisticated malware dubbedSFG, a spawn of Furtim malicious code, targeting at least one European energy company. Media speculated the existence of a powerful SFG […]

Delilah is the first extortion trojan that spies on victims and collects information to force them in doing malicious activities from inside. Delilah is a strain of malware developed to extort victims into stealing insider data, it was first discovered on crime forums by the Israeli intelligence firm Diskin Advanced Technologies. Deliah is not distributed in […]

A large number of business websites have been compromised by the SoakSoak gang to deliver ransomware. Security experts from Invincea firm have discovered that a large number of websites were recruited by the SoakSoak botnet to deliver CryptXXX malware. The list of compromised sites is long and includes the tourism website for Guatemala and the do-it-yourself project […]

Recently, Reuters reported that the FBI sent an urgent confidential ‘Flash’ message to businesses and organizations to warn them about ransomware. Sponsored Content It is that dangerous. This is a new version of the ransom note, a form of malware that interferes with access to user files and data by encrypting it. Those running the […]

The No More Initiative aims to spread information about ransomware and the risk of exposure,providing suggestions to avoid falling victim to the threat. A joint operation conducted by the Europol with police and cyber security firms worldwide aims to tackle the Ransomware threat. It has been estimated that the ransomware victims tripled in the first quarter of […]

A new ransomware campaign relies on a Locky variant that is distributed through JavaScript that includes the binary of the threat itself. Locky is one of the most infamous threats of the ransomware family and according to the experts it is in continuous evolution. The threat has been using JavaScript attachments as a distribution mechanism, but most […]

Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via ‘legitimate’ PayPal accounts by abusing the “money request” feature. The imagination of cyber criminals is a never ending pit, according to the security firm Proofpoint, crooks are abusing PayPal to distribute the Chtonic banking trojan. Chtonic is a strain of the most notorious Zeus Trojan, […]

Operators behind the Afraidgate campaign continue to leverage on Neutrino EK, but switches from CryptXXX to Locky Ransomware. According to the experts from Palo Alto Networks, one of the most long-lived hacking campaigns leveraging on the Neutrino EK switches from CryptXXX to the Locky Ransomware. The campaign dubbed Afraidgate due to the name of the gate domains (using name servers from […]

Experts from Dr Web discovered a new PoS malware dubbed Kasidet that can bypass User Account Control (UAC) by posing as a legitimate Microsoft application. A new strain of PoS malware is in the wild, experts from security firm Doctor Web  named it Trojan.Kasidet.1 and it is able to bypass defense mechanism such as the Microsoft […]

The number of high-profile hacks demonstrates that a silent cyberwar is already ongoing among countries in the cyberspace. The recent hacks of the Democratic National Committee and presidential candidate Hillary Clinton’s campaign and the alleged infections spotted by the Russian FSB inside government networks demonstrate the intense activity in the cyberspace. It is a virtual […]

The experts from the Irish Garda are investigating a malware-based attack that forced it to shut down its data systems. No system was breached. The Garda Síochána, the national police service of Ireland, was forced to shut down its data systems in response to a malware-based attack. The Ireland’s national police put in place the emergency […]

Experts spotted a previously unknown APT group dubbed Strider or ProjectSauron that carried out surgical cyber-espionage attacks against targets worldwide. A previously unknown hacking group variously dubbed ‘Strider’ or ‘ProjectSauron’ has been conducting a surgical cyber espionage campaign against targets in Russia, Belgium, China, Iran, Sweden, and Rwanda. According to experts from Symantec, the Strider crew […]

Russian antivirus company Doctor Web discovered a new Linux Trojan dubbed Linux.Lady that is used by crooks to mine cryptocurrency. According to a new report published by the antivirus company Doctor Web, a Go-Based Linux Trojan, Dubbed Linux.Lady.1, is exploited by cyber criminals for cryptocurrency mining. “Doctor Web analysts have detected and examined a new Linux Trojan which […]

Russian antivirus company Doctor Web discovered a new Linux Trojan dubbed Linux.Lady that is used by crooks to mine cryptocurrency. According to a new report published by the antivirus company Doctor Web, a Go-Based Linux Trojan, Dubbed Linux.Lady.1, is exploited by cyber criminals for cryptocurrency mining. “Doctor Web analysts have detected and examined a new Linux Trojan which […]

Experts from Heimdal security firm discovered a new crimeware kit, the Scylex malware kit, that aims to provide Zeus-grade Capabilities. Security experts from the Heimdal security firm have discovered a new DIY financial crime kit offered for sale on a notorious malicious hacker forum on the dark web called Lampeduza. The new crime kit, dubbed Scylex malware kit, […]

Security experts detected and analyzed a new threat, the Hitler ransomware, that doesn’t encrypt files but simply deletes them. Ransomware is one of the most dreaded threats for Internet users and a profitable business for crooks. In the last months, we have seen a number of malware belonging to this category, one of the most recent is […]

Security experts from Fidelis firm spotted a new version of the Vawtrak banking Trojan that includes significant improvements such as the SSL pinning. Malware researchers from security firm Fidelis have spotted a new strain of the infamous Vawtrak banking Trojan that leverages on a DGA mechanism to generates .ru domains with a pseudorandom number generator (PRNG) […]

Iran ’s cyberspace security authorities are investigating a string of fires in the country oil and gas facilities. Incidents or cyber sabotage? Once again, something of strange is happening in Iran, the Government of Teheran is investigating a recent string of incidents occurred in critical infrastructure in the country. The Iran’s Supreme National Cyberspace Council […]

Malware researchers at FireEye security firm have spotted a new Locky ransomware campaign mainly  targeting the healthcare sector. Security experts from FireEye have spotted a Locky ransomware campaign mainly targeting the healthcare sector, Telecom and Transportation industries. Attackers launched  a massive phishing campaign to deliver the threat. The campaign bit organizations worldwide, mostly in the US, […]

A malware researcher has analyzed the attachments of in the WikiLeaks email dumps and discovered more than 300 pieces of malware. WikiLeaks has published more than 300 pieces of malicious code among its caches of dumped emails. Dr Vesselin Bontchev (@bontchev), a top Bulgarian malware researcher, has analyzed documents published by the organization and detected […]

According to Kaspersky experts Brazilian crooks have made an important addition to their malware leveraging on the PowerShell. Security experts from Kaspersky Lab have discovered a sophisticated banking trojan targeting Brazilian users. The threat, codenamed Trojan-Proxy.PowerShell.Agent.a, leverages on the Microsoft’s PowerShell utility. It is considered one of the most complex Brazilian malware samples discovered since […]

According to Kaspersky experts Brazilian crooks have made an important addition to their malware leveraging on the PowerShell. Security experts from Kaspersky Lab have discovered a sophisticated banking trojan targeting Brazilian users. The threat, codenamed Trojan-Proxy.PowerShell.Agent.a, leverages on the Microsoft’s PowerShell utility. It is considered one of the most complex Brazilian malware samples discovered since […]

Researchers from Buguroo discovered new Gozi campaigns using new techniques that targeted many banks and financial services worldwide. The Gozi malware was first spotted in 2007, its source code has been leaked twice in the criminal underground allowing the creation of new sophisticated version. Recently security experts from the IBM X-Force Research spotted a new threat dubbed GozNym […]

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm Dr. Web have discovered […]

The Linux Trojan Linux.PNScan is back and it is actively targeting routers based on x86 Linux in an attempt to install backdoors on them. Yesterday I wrote about a new Linux Trojan dubbed Linux.Rex.1, a new Linux malware that is capable of self-spreading and creating a peer-to-peer botnet, now experts from Malware Must Die discovered a new strain […]

A new Locky Ransomware variant has been spotted by researchers at Cyren, it uses DLLs for distribution. The Locky Ransomware is one of the most popular threats since its first detection in the wild early 2016. The ransomware has evolved over the time, crooks have improved it adding new evasion detection features and changing the distribution methods. Security experts […]

A new Locky Ransomware variant has been spotted by researchers at Cyren, it uses DLLs for distribution. The Locky Ransomware is one of the most popular threats since its first detection in the wild early 2016. The ransomware has evolved over the time, crooks have improved it adding new evasion detection features and changing the distribution methods. Security experts […]

The head of Iran’s civilian defense confirmed that a malware was found in petrochemical complexes, but it hasn’t caused the fires under investigation. Last week, I reported the news related to a series of fires at Iranian petrochemical plants. The Iran’s Supreme National Cyberspace Council started an investigation to discover if the incidents at oil and petrochemical […]

Experts from FireEye  who analyzed the RIPPER malware believe it was used by crooks in the recent wave of cyber attacks against ATM in Thailand. Earlier this month a malware was used by a criminal organization to steal 12 million baht from ATMs in Thailand. According to FireEye, the malware was uploaded for the first time […]

Experts from Kaspersky Lab confirmed that the Lurk cybercrime Gang developed, maintained and rent the infamous Angler Exploit Kit. Security experts from Kaspersky Lab have confirmed that the Lurk cybercrime group are the author of the infamous Angler exploit kit. The members of the Lurk cybercrime crew were arrested by Russian law enforcement this summer, […]

A joint research conducted by Level 3 Communications and Flashpoint allowed the identification of a million devices infected by the BASHLITE malware. Do you remember the BASHLITE malware? It was a strain of malware (also known as Lizkebab, Torlus and Gafgyt) detected by experts at Trend Micro shortly after the public disclosure of the ShellShock bug. The BASHLITE malware includes the […]

It has happened again, Mac users who were looking for the BitTorrent client Transmission might have been infected by the OSX/Keydnap malware. Security experts from ESET have spotted the popular BitTorrent client called Transmission distributing Mac malware called OSX/Keydnap that is used to steal the content of OS X’s keychain and maintain a permanent backdoor on victims’PC. […]

Experts from MalwareMustDie spotted a new ELF trojan backdoor, dubbed ELF Linux/Mirai,  which is now targeting IoT devices. Experts from MalwareMustDie have analyzed in August samples of a particular ELF trojan backdoor, dubbed ELF Linux/Mirai,  which is now targeting IoT devices. The name of the malware is the same of the binary,”mirai.*,” and according to the […]

Security researchers from TrendMicro have published an interesting analysis on the Linux Umbreon rootkit, a new malware developed by a Pokemon-fan VXer. Malware researchers from TrendMicro have obtained samples of a new strain of Linux rootkit from one of its trusted partners. The new rootkit family was called Umbreon (ELF_UMBREON family), from the name of one of […]

CSTO ransomware it is able to query the Google Maps API to discover the victim’s location and connects to the C&C via UDP. Ransomware is considered by the security experts one of the most dangerous threats to Internet users and organizations across the world. Malware authors are developing new malicious codes that implement new features […]

Malware researchers from Kaspersky Lab confirmed the existence of an OS X variant of the Mokes backdoor discovered in January by Kaspersky. Malware researchers from Kaspersky Lab confirmed the existence of an OS X variant of a recently discovered family of cross-platform backdoors. The backdoors family was named Mokes and a strain of malware was […]

Experts from Dr Web discovered a new Linux Trojan called Linux.BackDoor.Irc.16 that is written in the Rust programming language. It is a prolific period for Vxers working on Linux Trojan, a new strain was recently spotted by experts from Doctor Web. The new Linux Trojan has been named Linux.BackDoor.Irc.16 and is written in the Rust programming language.Rust […]

The researcher MalwareMustDie discovered LuaBot, a trojan completely coded in Lua language that is targeting Linux platforms to recruit them in DDoS botnet. Let’s continue our tour in Linux security, focusing on malicious code specifically designed to target such systems. The popular security researcher MalwareMustDie, who recently reported the new ELF trojan backdoorLinux/Mirai, also discovered a […]

Experts from Sophos discovered Mal/Miner-C, a malware designed to abuse resources of the infected machine to mine Monero (XMR) cryptocurrency. Malware researchers from security firm Sophos have analyzed a new strain of malware detected as Mal/Miner-C that was designed to abuse resources of the infected machine to mine Monero (XMR) cryptocurrency. The experts discovered that the new […]

Surveillance is a profitable business, Motherboard has published a never-before-seen 10-minute video showing a live demo of a surveillance software. Recently, the iPhone hack carried out with the NSO Group‘s Pegasus raised the debate about the use of surveillance software. Who uses them? How? Are we able to defend our machines from a so invasive surveillance? NSO Group is […]

Vxers developed a new version of GovRAT, called GovRAT, that has been used to target government and many other organizations in the US. GovRAT is an old cyberespionage tool, it has been in the wild since 2014 and it was used by various threat actors across the years. Security experts from the threat intelligence company […]

A Brazilian Infosec research group, Morphus Labs, just discovered a new Full Disk Encryption (FDE) Ransomware this week, dubbed Mamba. Mamba, as they named it, uses a disk-level encryption strategy instead of the conventional file-based one. This may be just the beginning of a new era for the Ransomwares. In this article, Renato Marinho (@renato_marinho), […]

Two security researchers have developed an undetectable PLC rootkit that will present at the upcoming Black Hat Europe 2016. The energy industry is under unceasing attack, cyber criminals, and state-sponsored hackers continue to target the systems of the companies in the sector. The Stuxnet case has demonstrated to the IT community the danger of cyber attacks, […]

Security experts from the cyber threat intelligence firm Blueliv have published a report on the banking Trojan Vawtrak v2 its criminal ecosystem. Security experts from the cyber threat intelligence firm Blueliv have conducted a technical investigation on the banking Trojan Vawtrak v2 and activities of the cybercriminal groups behind the threat. Vawtrak is a threat that has been […]

The new variant of the popular iSpy keylogger (version 3.x) was available in the criminal underground with sophisticated features. Security researchers at Zscaler warn of a new sophisticated commercial keylogger dubbed iSpy. The malware is a perfect surveillance tool, it was developed to capture victim’s keystroke and screenshots, access webcam, steal user data and license keys […]

InfoArmor has discovered the RAUM tool in criminal forums, it is a special tool to distribute malware by packaging it with popular torrent files. It is not a novelty, torrent files are a privileged channel for malware diffusion, according to a study conducted by researchers at Digital Citizens Alliance and RiskIQ, almost one-third of the 800 torrent sites […]

The Cyberkov Security Incident Response team spotted a cyber espionage campaign in Lybia conducted by a group named Libyan Scorpions. Thinking of Libya we have in mind a non-stable political country where various forces fight for the control of strategic territories and oil productions. but only a few experts know about cyber malicious activities in the area. Evidently, something […]

Researchers at Palo Alto spotted a new campaign of the Russian Fancy Bear APT using a new Mac OS X Trojan against companies in the aerospace industry. In the last weeks, we have discussed a lot about a string of attacks that targeted the US  Democratic National Committee (DNC), security experts collected evidence of the involvement […]

A Group of the researchers from the Iswatlab team at the University of Sannio demonstrated how is easy to create new malware that eludes antimalware. It’s not easy to ‘write’ a new malware that is able to evade the detection of antimalware and other defensive software, but it is easier to ‘produce’ a new malware that […]

Experts from Carbon Black have spotted a new Adware campaign leveraging on sophisticated obfuscation techniques borrowed from Operation Aurora. Security experts from Carbon Black have spotted a new Adware campaign leveraging on very sophisticated obfuscation techniques. The Adware campaign was used by crooks to spread ransomware and according to the malware researchers using tactics to similarities to the […]

The Talos team published a detailed analysis of the GozNym botnet, it was possible because the experts cracked the DGA algorithm used by the malware. In April 2015, the researchers from the  IBM X-Force Research discovered a new banking Trojan dubbed GozNym Trojan that combines best features of Gozi ISFB and Nymaim malware. The GozNym has been seen targeting […]

Necurs botnet, the monster is resurrected. Banking Trojans and Ransomware propagated via spam is bring backing the high-volume spam campaign Botnets are like monsters that surface back after some period of inactivity, this time, the monster it the dreaded Necurs botnet. The Necurs Botnet is one of the world’s largest malicious architectures, used to spread the dreaded […]

Malware researcher discovered a Reddit user which is warning of the existence of hacked Steam accounts used to spread a Remote Access Trojan (RAT). This week the popular malware researcher Lawrence Abrams from Bleepingcomputer.com has found a worrisome message on Reddit. The Reddit user with the moniker Haydaddict was warning of the existence of compromised Steam accounts spreading […]

Malware researchers from Kaspersky have spotted the TeamXRat gang spreading a new ransomware in Brazil via RDP brute-force attacks. Cyber criminals are using stolen or weak remote desktop credentials to access systems and deliver file-encrypting ransomware. This is not a novelty in the criminal ecosystem, in March experts discovered a ransomware dubbed Surprise that was […]

A hacker released the source code of the Mirai malware that powered the record-breaking DDoS attack against the Brian Krebs Website, but … A couple of weeks ago the unknown hackers launched a massive Distributed Denial of Service (DDoS) attack against the website of the popular cyber security investigator Brian Krebs. Further investigation revealed the involvement of […]

Why Signal is considered the most secure instant messaging app? It stores only a few information about its users, and the events demonstrate it. Despite many of the most popular apps are implementing end-to-end encryption, not all applications are equal. Security experts recommend Signal for secure communications, in the aftermath of the DNC hack the staffers […]

A new variant of the Cerber ransomware kills common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers to encrypt files. According to experts the BleepingComputer.com forum, a new variant of the Cerber ransomware is the wild attempts to shut down database connections to increase the effects of the infection. The principal goal […]

Mac malware could spy on users by piggybacking on webcam sessions started by legitimate applications such as FaceTime, Skype and Google Hangouts. Security experts are worried about the presence of a new Mac malware in the wild that attempt to record video via the built-in webcam. The principal problem for this family of spyware is […]

The author of the FastPoS PoS malware issued an update that profoundly changes its behavior, preferring a quick exfiltration activity even if is noisier. Christmas is approaching, and the experts are already at work, including the authors of PoS malware that at that time maximize their profits. The criminal group behind the FastPoS PoS malware have updated […]

Researchers have been monitoring a campaign dubbed Magecart that compromised many ecommerce websites to steal payment card and other sensitive data. Researchers have been monitoring a campaign in which cybercriminals compromised many e-commerce websites in an effort to steal payment card and other sensitive information provided by their customers. Security experts from cloud-based security solutions provider […]

The users of the free version of the popular Spotify online music service have been served malicious advertisements. Spotify users have been targeted by a malvertising campaign, the malicious advertising served to the victims could automatically open a web browser and redirect victims websites hosting malware. Spotify is a popular online music service that allows its […]

Law enforcement and security experts have dismantled the Encryptor RaaS architecture by localizing one of its servers with Shodan. Shodan is a search engine for internet-connected devices, it is a precious instrument for IT experts and hackers that use it to find assess systems exposed on the Internet. The information gathered via Shodan could allow attackers […]

Kaspersky published a report on cyber espionage activities conducted by StrongPity APT that most targeted Italians and Belgians with watering holes attacks. Experts from Kaspersky Lab have published a detailed report on the cyber espionage activities conducted by the StrongPity APT. The group is very sophisticated, its operations leverage on watering holes attacks and malware to target users […]

The DXXD ransomware specifically targets servers and is able to encrypt files on network shares even if they haven’t been mapped. Malware continues to evolve, the last threat in order of time that implemented a singular feature is the DXXD ransomware.  The peculiarities of this threat is that it encrypts also file on network shares, even […]

Cerber 4.0 is the latest variant of the Cerber ransomware family that is becoming even more common in the malvertising campaign in the wild. Another variant of the notorious Cerber ransomware, the Cerber 4.0, appeared in the wild delivered by several exploit kits, including RIG, Neutrino, and Magnitude EKs. According to the experts from Trend Micro, the Cerber 4.0 first appeared in October […]

Exclusive: interview made by @unixfreaxjp of MalwareMustDie for Security Affairs about the Linux/NyaDrop. The latest details about this new dangerous IoT malware. After the Krebs DDoS attacks the enrollment of new IoT botnets is going to grow and new large “zombie army” made by of web-ip-cam, DVR/NVR, routers/modems are invading the cyberspace. The evidence of […]

Sierra Wireless is warning its customers to change factory credentials of its AireLink gateway communications products due to Mirai attacks. Sierra Wireless is warning its customers to change factory credentials of its AireLink gateway communications product. The company is aware of a significant number of infections caused by the Mirai malware, a threat specifically designed […]

Experts from Kaspersky have spotted a new threat in the wild written in Python, the CryPy ransomware that uses a unique key for each. Researcher newly founded “CryPy “ Ransomware written in python has surprised Israeli server for command and control (C&C) communication. In past, we have other ransomware written in python like Zimbra, HolyCrypt, […]

Researchers at Fidelis Cybersecurity believe that someone behind the development of the Dyre banking Trojan is now behind the new Trickbot malware. This morning I published a post on the data provided by Group-IB on crime trends, the report published by the security firm reveals a continuous evolution of cybercriminal ecosystem. The story that I’m going to […]

Security experts have spotted an interesting exfiltration technique adopted by crooks to exfiltrate card data from Magento platforms. Security experts from Sucuri and RiskIQ have spotted an interesting exfiltration technique adopted by crooks to exfiltrate payment data from compromised e-commerce websites powered by the Magento platform. Cybercriminals have been using image files to store and exfiltrate […]

Security researchers at the security firm Doctor Web have spotted a new Linux backdoor dubbed Linux.BackDoor.FakeFile.1 in the wild. Security firms continue to observe an increasing number of malware specifically designed to target Linux-based systems. Linux, like any other Operating System, could be infected by malicious codes designed to compromise the hosts and gain the control over […]

Security researchers at the security firm Doctor Web have spotted a new Linux backdoor dubbed Linux.BackDoor.FakeFile.1 in the wild. Security firms continue to observe an increasing number of malware specifically designed to target Linux-based systems. Linux, like any other Operating System, could be infected by malicious codes designed to compromise the hosts and gain the control over […]

Watch out, threat research labs Netskope spotted the CloudFanta Malware Stealing Banking Information Via Cloud Storage Apps. Threat Research Labs, Netskope, published a detailed research on the malware “CloudFanta” campaign, suspect since July 2016 to steal more than 26,000 worth of email credentials. CloudFanta benefits from the ‘SugarSync’ – a cloud storage app – to […]

Exclusive: The security researcher MalwareMustDie has found a new Linux/IRCTelnet malware- made in Italy – that aims IoT botnet connected by IRC and Telnet. It is able to generate an IPv6 DDoS and performing NEW dangerous capabilities that Mirai was unable to cover. In  a brief interview to Security Affairs @unixfreakjp of MalwareMustDie group explains […]

Cisco Talos group analyzed the evolution of the Sundown exploit kit that over the past six months has become responsible for a large number of infections. Over the past months, the threat landscape for exploit kits is rapidly changing. Angler EK, Neutrino EK, and Nuclear EK that for years monopolized the criminal underground disappeared. Now, […]

A malware compromised the NHS network, hundreds of scheduled operations, appointments, and diagnostic procedures have been canceled. The situation is becoming even more worrying and dangerous, healthcare  industry continues to be targeted by hackers and malware. Cyber attacks on hospitals is a disconcerting trend emerged across the years, they represent a serious threat for data […]

Mirai botnet was used to power a massive DDoS attack against Liberia causing the Internet outage in the entire country with financially devastating results. Mirai is the malware that a few weeks ago caused a massive Internet outage in the US. Mirai was first spotted this summer by the security expert MalwareMustDie, now media reported the use of the […]

Switzerland’s attorney general has confirmed to have investigated the presence of spyware in a venue that also hosted talks on Iran’s nuclear negotiations. Swiss officials confirmed to have found an espionage malware in the computer equipment at Geneva venue, a five-star hotel (believed to be Hotel Président Wilson)  that has hosted sensitive talks including Iranian nuclear negotiations. […]

Security researchers at Skycure have discovered a new commodity Android Spyware, dubbed Exaspy, targeting high-level executives. While in many countries the number of Smartphone and Tables is greater of desktop PC, new threats are targeting mobile devices. Researchers at Skycure have discovered a new strain of Android spyware, dubbed Exaspy, that has been used in targeted attacks against […]

Security experts from Cheetah Mobile Security Research Lab published an interesting Technical analysis of the mobile variant of the Locker virus. Blatant malicious behavior of the Locker virus The Locker virus can easily be identified by its blatant malicious behavior. Here are the tell-tail signs: Windows appear on the top of the home screen that […]

The Legendary Blog of MalwareMustDie is closed for protest against NSA hacking trace of educational and public servers of harmless countries. The Shadow Brokers, the hacker group that hacked NSA hackers, who have previously released NSA hacking tools for anyone to download, published more files containing the IP address of 49 countries that have been […]

Telecrypt ransomware is a new malware that abuses the instant messaging service Telegram for command and control (C&C) communications. Security experts from Kaspersky Lab have spotted a new Ransomware, called Telecrypt (Trojan-Ransom.Win32.Telecrypt), that abuses the Telegram instant messaging service for communications with command and control (C&C). The Delphi-written Trojan, which is currently targeting only Russian users, it exploits […]

The decryption keys for the CrySis ransomware were posted online on the BleepingComputer.com forum by a user known as crss7777. Good news for the victims of the CrySis ransomware, on Sunday the master decryption keys were released to the public. Security experts from Kaspersky Lab have already included the decryption keys in the Rakhni decryptor allowing victims […]

CryptoLuck ransomware is a new strain of malware discovered by the researcher Kafeine, that is being distributed via the RIG-E exploit kit. The notorious researcher Kafeine has spotted a new strain of ransomware dubbed CryptoLuck. The malware leverages DLL hijacking and exploits the legitimate GoogleUpdate.exe executable to infect computers. The ransomware appends the .[victim_id]_luck extension to the encrypted […]

Cyber criminals are exploiting the capability of the Mirai botnet to use the STOMP Protocol to launch massive DDoS attacks. The Linux Mirai IoT malware is one of the most popular cyber threats in the moment, its botnet was used to power the massive attacks against the Dyn DNS service, OVH, Brian Krebs’ blog, and likely […]

The popular security expert Robert Graham, CEO of Errata Security, has explained how the Mirai botnet could hack a security camera in a few seconds. The recent string of attacks powered with the Mirai botnet has demonstrated to the security industry the potential effects of DDoS attacks on the global Internet backbone. Experts who investigated […]

A strain of Android spyware recently analyzed by security experts from RedNaga Security team points to an another Italian company. A new strain of Android malware reveals the existence of a new Italian player in the surveillance landscape. The Android spyware was analyzed by researchers from the RedNaga Security team, that is a first time […]

Security experts at Red Canary discovered attackers who were trying to use the Ask.com Toolbar as a vector to spread malware. A just-in-time catch by sharp-eyed analysts at Red Canary has thwarted what looks like early stage development and deployment of malicious software delivered via Ask.com’s toolbar. The PE (Portable Executeable) delivered by Ask.com, which […]

ESET security firm has included master decryption keys into a decryption tool that allows rescuing the encrypted files without paying the ransom. Good news for the victims of the Crysis ransomware, ESET security firm has included master decryption keys into a tool that allows rescuing the encrypted files. The decryption keys for the CrySis ransomware were posted online on […]

Security experts from Checkpoint have discovered a new malware-based campaign through Facebook leveraging an image obfuscation trick dubbed ImageGate. Security experts from Checkpoint have discovered a new malware-based campaign through Facebook. Crooks leverage an image obfuscation trick, dubbed ImageGate, to spread the Locky ransomware via Facebook. Experts highlighted that the image obfuscation trick is able to bypass Facebook’s security checks. “Check […]

The hackers Popopret and BestBuy are offering a DDoS-for-hire service leveraging a Mirai botnet composed of around 400,000 compromised devices. We have written a lot about the Mirai botnet after the clamorous attacks against the Dyn DNS service and the OVH hosting, it is a dangerous threat that was designed to target IoT devices that could be used to power massive DDoS […]

Security experts from the CheckPoint firm discovered two different variants of the new Cerber 5.0 ransomware in a few weeks. Security experts have spotted a new variant of the dreaded Cerber ransomware, the Cerber 5.0. This is the third version of the malware released this week that is able to encrypt files on all accessible network […]

Hackers are targeting Liechtenstein banks with ransomware-based attacks and are threatening to disclose customers sensitive information. Hackers are targeting Liechtenstein banks with ransomware-based attacks. The situation is particularly concerning due to sensitive nature of the data that are stolen by crooks. Cyber criminals, in fact, are allegedly blackmailing customers by threatening to release their account […]

Shamoon wiper is back, security experts from Palo Alto Networks and Symantec spotted it in an attack on a single Saudi company. Do you remember the Shamoon malware? Shamoon, also known as Disttrack, was first spotted in a wave of attacks that targeted companies in Saudi Arabia in 2012. Among the victims, there was the petrol […]

Security experts from CloudFlare observed a new botnet that emerged in the wild and it could be dangerous as its predecessor Mirai. Which is the most dreaded botnet in the current threat landscape? The Mirai botnet of course, it was used by threat actors in the wild to power massive DDoS attack, such as the […]

Stegano campaign – Millions of people visiting major websites may have been infected with malicious code that was embedded in pixels of the ads banners. A single pixel could be used to compromise your PC, millions of people visiting major websites over the past months may have been infected with malicious code that was embedded in […]

Cisco Talos and Flashpoint have teamed up to analyze the Floki Bot, a Zeus-based banking Trojan that is rapidly evolving in the cybercrime underground. Security researchers from Cisco Talos and Flashpoint have conducted an investigation of the Floki Bot in a joint effort. The Floki bot is a banking Trojan based on Zeus that has […]

Malware researchers from the MalwareHunterTeam have discovered a new strain of ransomware dubbed Popcorn Time on the Dark Web. Malware researchers from MalwareHunterTeam have spotted a new ransomware, dubbed Popcorn Time, that appears to be still under development. The researchers at MalwareHunterTeam found the Popcorn Time ransomware code on the Dark Web. This ransomware comes with […]

Zcash (ZEC) is a new cryptocurrency that promises a total anonymity, it is already attracting a great interest from miners and of course cybercriminals. Zcash (ZEC) is the cryptocurrency of the moment, it was presented on October, 2016 and respect the popular Bitcoin it is totally anonymous. With this premise, the Zcash has attracted a great […]

According to a new report published by Kaspersky Lab, the number of ransomware infections suffered by companies threefold from January to September. The number of ransomware infections suffered by companies continues to increase and according to a new report published by the security firm Kaspersky Lab, it increased threefold from January to September. One in every five businesses […]

Akbank, one of the largest Turkish banks seems to be the latest victim of the Odinaff trojan, a threat similar to the Carbanak malware. Odinaff; a malware similar to Carbanak, has been targeting financial institutions around the world since the beginning of the year. “Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number […]

The banker Android ransomware Faketoken that steals financial information and sensitive data now also implements file-encrypting abilities. Security experts from Kaspersky Lab have spotted a strain of known Android malware that now implements also ransomware-like abilities.According to the researchers, Vxers are adding file-encrypting capabilities to traditional mobile banking trojans, the result is a malware that is […]

Security researchers have released a decryption tool for unlocking files encrypted by the notorious CryptXXX v.3 ransomware. CryptXXX v.3 ransomware was defeated, researchers have released a decryption tool for unlocking encrypted files. The decryption tool was included in the RannohDecryptor utility, a free application shared by the No Ransom Project. The utility was already able to unlock […]

A new Linux malware, dubbed Linux/Rakos is threatening devices and servers. The malware searches for victims via SSH scan. A new Linux malware, dubbed Linux/Rakos is threatening devices and servers. The malicious code is written in the Go language and the binary is usually compressed with the standard  UPX tool. Apparently, frustrated users complain more often recently […]

Alice ATM malware is a new threat targeting ATMs discovered by researchers at Trend Micro  as part of a joint research project with Europol EC3. Security experts from Trend Micro have discovered a strain of ATM malware, dubbed Alice, that was designed to target the safes of the self-serve machines. The malware is very essential, […]

Lithuania said found Russian spyware on its government computers, the government blames Moscow for cyber espionage campaigns. Lithuania blames the Russia for cyber attacks that have hit government networks over the last two years. According to the Reuters, the head of cyber security Rimtautas Cerniauskas confirmed the discovery of at least three Russian spyware on […]

Researchers at security firm CyberX have recently discovered a variant of the KillDisk malware that also implements ransomware features. KillDisk is a malware that has been used in attacks against industrial control systems (ICS), it was developed to wipe the hard drives of the infected machine in order to make it inoperable. The new variant is […]

A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit that exploits steganography in order to hide malicious code in harmless-looking image files. The use of steganography was recently observed in the malvertising campaigns conducted […]

The software engineer Darren Cauthon reported his LG Smart TV was infected with ransomware on Christmas day, the malware asked for $500 to unlock the device IoT Ransomware is a scaring reality, the threat will increase in the next months and security firms have been warning IT industry. Routers, smart TV, and CCTVs are all potential victims of […]

The Koolova ransomware will decrypt the encrypted files for free it the victim read two blog posts about how to avoid ransomware infection. Ransomware authors are very creative, in the last here we assisted a rapid evolution of the cyber extortion practice. Ransomware has become one of the fastest growing threats, new malware implements sophisticated […]

Recently experts from MalwareHunterTeam discovered FireCrypt ransomware, a threat that comes as a malware building kit and includes DDoS code. Ransomware has become one of the fastest growing threats, new malware implements sophisticated features to avoid detection and rapidly spread among the greatest number of machines. Recently experts from MalwareHunterTeam discovered a new strain of ransomware dubbed FireCrypt, […]

Forcepoint has detected two new versions of an advanced persistent threat (APT) malware dubbed MM Core APT and first discovered in 2013. The APT MM Core malware has been in the wild since April 2013 when it was spotted for the first time by experts at FireEye. The malware researchers dubbed the first release of the […]

Action Fraud is warning of ‘Department of Education’ ransomware, crooks are posing government officials to trick people into installing ransomware. This is a story of another string of cyber attacks that leverage ransomware to compromise victims’ machines. Cyber criminals are targeting schools in the UK, asking victims to pay up to £8,000 to unlock data […]

The operators behind the Sundown exploit kit have started using two Microsoft Edge flaws just a few days after researchers published a PoC exploit. The Sundown exploit kit is becoming one of the most popular crimeware kits in the hacking underground. The last time we saw it was at the end of 2016 when malware researchers spotted a […]

The Los Angeles Community College District has paid a US$28,000 ransomware after crooks compromised its network. Fortunately, the school retrieved data. A Los Angeles school has paid a US$28,000 ransomware after crooks compromised its network. Cyber criminals encrypted computer services, including email systems, at the Los Angeles Community College District. The ransomware used in the attack encrypted […]

A second variant of the Shamoon 2 malware was discovered by researchers at Palo Alto Networks, this threat also targets virtualization products. A new strain of the Shamoon 2 malware was spotted by the security experts at Palo Alto Networks, this variant targets virtualization products. Shamoon, also known as Disttrack, was first spotted in a wave of attacks that targeted […]

 Security experts from Emsisoft spotted a new strain of malware, the Spora ransomware, that allows potential victims to pay for immunity from future attacks. Security experts from Emsisoft spotted a new strain of ransomware dubbed Spora that implements a singular extortion mechanism, it allows potential victims to pay for immunity from future attacks. According to the experts, […]

Two Italian siblings have been arrested by Italian Police and they were charged with a long-running cyber espionage campaign. This is a very intriguing story, two Italian siblings Giulio and Francesca Maria Occhionero gave been arrested by Italian Police and they were charged with a long-running cyber espionage campaign that targeted Italian politicians, lawyers, entrepreneurs, and masons. The […]

Experts from Heimdal Security warned of a spike in cyber attacks leveraging the popular RIG Exploit kit to deliver the Cerber Ransomware. The RIG exploit kit is even more popular in the criminal ecosystem, a few days ago security experts at Heimdal Security warned of a spike in cyber attacks leveraging the popular Neutrino and […]

A new ransomware campaign has targeted the not-for-profit cancer services organisation “Little Red Door” requesting a US$44,000 ransom. A new ransomware campaign has targeted a not-for-profit cancer services organisation, the Little Red Door. The organization provides a number of cancer support services, including diagnostics and treatment. The system at the agency was infected by a ransomware last Wednesday, […]

The independent malware research @Xylit0l discovered the Satan ransomware, a malware belonging to the Gen:Trojan.Heur2.FU family. Yesterday the independent malware research @Xylit0l discovered the Satan ransomware, a malware belonging to the Gen:Trojan.Heur2.FU family. Satan is provided as a RaaS (Ransomware-as-a-Service). New #RaaS https://t.co/wbqn2GOuvo pic.twitter.com/skTTNCDbod — Xylitol (@Xylit0l) January 18, 2017 The Satan ransomware used RSA-2048 […]

Antivirus firm Dr. Web spotted a new Android malware dubbed BankBot that is based on a source code that was leaked on an underground forum. Bad news for Android users, researchers from the Russian antivirus maker Dr. Web have reported that the source code for another Android banking malware has been leaked on an underground hacking […]

Security researchers at the iSwatlab have conducted an analysis of a few methods for the creation of some malicious payloads or shellcodes. This work compares some infamous methods for the creation of malicious payloads or shellcodes. These payloads must be used to create a remote connection between the victim’s machine and the attacker’s machine that […]

A newly observed spam campaign is spreading a ransomware variant known as Sage 2.0 that is demanding a $2,000 ransom for the decryption key. Sage 2.0 is a new ransomware recently spotted by security experts, it was first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, […]

Last year, the HummingBad Android malware infected as many as 85 million devices, now it has returned under the new name of HummingWhale. CERT-EU and other sources corroborated Check Point researchers’ findings which recently confirmed a new variant of the ad-fraud-big-money-making, HummingBad, is spreading rapidly on the Android marketplace Google Play.  HummingBad was first seen […]

According to the security firm Dr. Web , thousands of Linux-based devices have already been infected with the Linux.Proxy.10 Trojan. A new Trojan dubbed Linux.Proxy.10 is targeting Linux-based devices transforming them into proxy servers that are used by attackers to protect their anonymity while launching cyber attacks from the hacked systems. Linux.Proxy.10 was first discovered by […]

The dreaded Shamoon has resurrected, which are possible political and technological scenarios behind the recent wave of attacks? The dreaded Shamoon has resurrected, a new version called Shamoon 2 was spotted by the security experts at Palo Alto Networks. Saudi Arabia Computer Emergency Response Team (CERT)’s Abdulrahman al-Friah confirmed to Al Arabiya that at least 22 […]

A new variant of the Dridex Trojan recently observed is leveraging a new tactic to bypass the UAC (User Account Control). Researchers at the security firm Flashpoint have discovered a new campaign leveraging on a new variant of the Dridex Trojan that uses a new tactic to bypass the UAC (User Account Control). The Dridex Trojan […]

A Ransomware attack compromised 70% of Washington DC CCTV ahead of inauguration of President Trump, technical staff wiped and rebooted the devices. A ransomware infected 70 percent of storage devices used by the Washington DC CCTV systems just eight days before the inauguration of President Donald Trump. The attack occurred between 12 and 15 January, the […]

The SQL Slammer worm, one of the most long-lived malware, now seems to be back online to compromise ancient SQL servers worldwide. SQL Slammer is probably one of the most long-lived threats, it first appeared  14 years ago and now it is back to compromise ancient SQL servers. SQL Slammer exploits an ancient flaw in Microsoft SQL […]

PhishMe security researchers discovered that the Locky and Sage ransomware were recently observed being distributed by the same delivery infrastructure. It’s a common habit of cyber criminals to share delivery infrastructure to maximize the use of their resource and minimize the cost, Recently the Locky ransomware was observed being distributed through the delivery infrastructure used […]

Researchers at the antivirus firm Dr.Web discovered a new strain of the Mirai bot, a Windows variant, targeting more ports. Security experts at the antivirus firm Dr.Web discovered a new strain of the Mirai bot targeting more ports, and it is a Windows version of the popular IoT malware. The Windows version of the Mirai bot […]

A few days ago experts at antivirus firm ESET spotted a new MacOS ransomware, a rarity in the threat landscape, but it has a serious problem. Malware experts from antivirus vendor ESET have discovered a new file-encrypting ransomware, dubbed OSX/Filecoder.E, targeting MacOS that is being distributed through bittorrent websites.“Early last week, we have seen a new ransomware campaign for […]

The prosecutor’s office in Cologne and the Federal Criminal Police Office have arrested the alleged mastermind of the MIRAI attack on Deutsche Telekom The agents at the UK National Crime Agency (NCA) have a man that is suspected to be involved with the massive attack on Deutsche Telekom that affected more than 900k routers in […]

Apple’s design lab internal development servers was infected by a malware so the company ended its relationship with Supermicro server supplier. It was mid-2016 when Apple’s design lab internal development servers was infected by a malware that was masquerading as a fake firmware patch. In response to the security incident, Apple purged its data centers of […]

The analysis conducted by Arbor Networks on the Shamoon 2 malware has shed light on the control infrastructure and the infection process. Security researchers from Arbor Networks’ Security Engineering and Response Team (ASERT) have conducted a new analysis of the Shamoon 2 malware discovering further details on the tools and techniques used by the threat […]

The Necurs botnet is evolving and recently the experts at BitSight’s Anubis Labs discovered that it was improved to launch DDoS attacks. The Necurs botnet continues to evolve and recently it was used by crooks not only to spread the dreaded Locky ransomware but he was improved to launch DDoS attacks. According to the researchers BitSight’s […]

The Russian state-actor dubbed Gamaredon is back and has been using a custom-developed malware in a new cyber espionage campaign. According to the experts from Palo Alto Networks, a Russian state-actor dubbed Gamaredon has been using a custom-developed malware in cyber espionage campaign on the Ukrainian government, military and law enforcement officials. The Gamaredon APT was first spotted in […]

Malware author are using Dridex v4 in the wild, an improved version of the Trojan that includes a new injection method known as AtomBombing. According to researchers with IBM X-Force, vxers have improved the Dridex banking Trojan adding a new injection method for evading detection, the technique is known as AtomBombing. The researchers have spotted […]

Good news for the victims of the Dharma Ransomware, someone has released the alleged Master Keys on the BleepingComputer.com forums. The alleged Master Keys for the Dharma Ransomware has been released by someone on BleepingComputer.com forums. A member using the online moniker ‘gektar‘ published a post containing a Pastebin link to a header file in C programming […]

Researchers from Cisco Talos team spotted a new strain of malware that leverages PowerShell scripts to fetch commands from DNS TXT records. Malware researchers at Cisco Talos have published a detailed analysis on a targeted attack leveraging a weaponized Microsoft Word document that is spread in spam emails as an attachment. The malicious code used in the […]

In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Hackers exploited a zero-day vulnerability. In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Barts Health Trust runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals. The hackers used […]

The experts spotted a new sophisticated strain of malware dubbed StoneDrill that is linked to Shamoon 2 and Charming Kitten. Researchers at Kaspersky Lab have discovered further information about the dreaded Shamoon 2 malware. The experts spotted a new sophisticated strain of malware dubbed StoneDrill that is linked to Shamoon 2 and Charming Kitten (aka Newscaster and […]

The manufacture Dahua Technology has started releasing firmware updates fix a serious flaw in some models of its video recorders and IP cameras. Security experts believe the flaw is a true backdoor that could be used to remotely access the user database containing usernames and hashed passwords. The backdoor was discovered by a researcher that is known online as “bashis.â€� Once the attacker […]

Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East. “Recently, Unit 42 has observed […]

Danish-speaking users were infected by malware spread through Dropbox, but the company quickly adopted the countermeasures to stop the attack. According to the experts from security firm AppRiver, Danish-speaking users were hit by an unusual malware-based attack. The attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning. Danish-speaking users were infected by malware spread through […]

Security experts from Trend Micro discovered a new family of Linux malware, tracked as ELF_IMEIJ, targeting AVTech surveillance devices. Security experts from Trend Micro discovered a new family of Linux malware that is targeting products from surveillance technology company AVTech exploiting a CGI vulnerability that was disclosed in 2016. According to Trend Micro, the flaw was […]

Threat actors in the wild have found the way to hijack the Petya ransomware on the fly and use it in targeted attacks, say welcome to PetrWrap ransomware. The Petya ransomware was first spotted by experts at TrendMicro one year ago, it overwrites MBR to lock users out of the infected machines. The Petya ransomware causes a blue […]

Great news for macOS users who were infected by the FindZip macOS ransomware, Avast released a decryption tool for free. Good news for macOS users who were infected by the FindZip ransomware, now a decryption tool was released online for free. The FindZip macOS ransomware was spotted last month by researchers at ESET, it is […]

New APT Campaign based on Poison Ivy RAT with C&C in China has been reversed by MalwareMustDie who shared a lot of interesting details about the attack vectors and reverse techniques. Our travel along the great analysis of a fresh, new insidious APT China campaign. An ordinary case of phishing? At the beginning, it seemed […]

Security experts at Arbor Networks linked a new Acronym malware to the malicious code used by threat actors behind the Operation Potao Express. Security experts at Arbor Networks have spotted a new strain of malware that could be linked to the malicious code used by threat actors behind the Operation Potao Express. The researchers started […]

Security experts at Arbor Networks linked a new Acronym malware to the malicious code used by threat actors behind the Operation Potao Express. Security experts at Arbor Networks have spotted a new strain of malware that could be linked to the malicious code used by threat actors behind the Operation Potao Express. The researchers started […]

The researchers have discovered a new piece of ransomware featuring a Star Trek theme, dubbed Kirk ransomware, the first one accepting Monero payments. Ransomware continues to be one of the most profitable cyber threats, for this reason, every week we see new strains of malware in the wild. The researchers have discovered a new piece […]

Security researchers at MalwareBytes have uncovered a spearphishing campaign that targeted Saudi Arabia Government organizations. Security experts at MalwareBytes have spotted a new spear phishing campaign that is targeting Saudi Arabia governmental organizations. According to the experts, the campaign already targeted about a dozen Saudi agencies. Attackers used weaponized Word document and tricked victims into opening them […]

The recently patched CVE-2017-0022 Windows Zero-Day vulnerability has been exploited by threat actors behind the AdGholas malvertising campaign and Neutrino EK since July 2016. Microsoft has fixed several security flaws with the March 2017 Patch Tuesday updates. According to security experts at Trend Micro, the list of fixed vulnerabilities includes three flaws that had been exploited […]

Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]

The source code for a new banking Trojan dubbed Nuclear Bot was leaked online, experts speculate a rapid diffusion of the threat in the wild. The source code for a new banking Trojan, dubbed Nuclear Bot, is available for sale in the cyber criminal underground.The Nuclear Bot banking Trojan first appeared in the cybercrime forums […]

Since mid-January, attackers have targeted owners of GitHub repositories with the Dimnie data-stealer malware. It is a relatively unknown threat actor. Attackers have targeted developers having Github repositories with a data-stealing malware called Dimnie. The malicious code includes keylogging features and modules that capture screenshots. The Dimnie malware was spotted by researchers at Palo Alto Networks in mid-January when an […]

Malware researchers at Forcepoint have discovered a new modular malicious code, dubbed Felismus RAT, that appears the work of skilled professionals. Malware researchers at Forcepoint have discovered a new modular malicious code dubbed Felismus RAT. The malware has been used in highly targeted campaigns, experts believe the Felismus RAT is the work of skilled professionals. Forcepoint […]

Malware researchers at Forcepoint have discovered a new modular malicious code, dubbed Felismus RAT, that appears the work of skilled professionals. Malware researchers at Forcepoint have discovered a new modular malicious code dubbed Felismus RAT. The malware has been used in highly targeted campaigns, experts believe the Felismus RAT is the work of skilled professionals. Forcepoint […]

Chrysaor spyware is an Android surveillance malware that remained undetected for at least three years, NSO Group Technology is suspected to be the author. Security experts at Google and Lookout spotted an Android version of one of the most sophisticated mobile spyware known as Chrysaor that remained undetected for at least three years. due to its […]

Chrysaor spyware is an Android surveillance malware that remained undetected for at least three years, NSO Group Technology is suspected to be the author. Security experts at Google and Lookout spotted an Android version of one of the most sophisticated mobile spyware known as Chrysaor that remained undetected for at least three years. due to its […]

Security experts at CISCO Talos have spotted a new insidious remote access tool dubbed ROKRAT that implements sophisticated anti-detection measures. Security experts at CISCO Talos have spotted a new insidious remote access tool dubbed ROKRAT that implements sophisticated anti-detection measures. The ROKRAT RAT targets Korean users, people using the popular Korean Microsoft Word alternative Hangul Word […]

Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware. Researchers at CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group have demonstrated this week a new strain of ransomware attack aiming to erase (clear) the ladder logic diagram in Programmable Logic Controllers (PLCs). The ransomware a.k.a ClearEnergy affects a massive range […]

Cyber criminals exploited the recently patched Apache Struts 2 vulnerability CVE-2017-5638 in the wild to deliver the Cerber ransomware. A recently patched Apache Struts 2 vulnerability, tracked as CVE-2017-5638, has been exploited by crooks in the wild to deliver the Cerber ransomware. The remote code execution vulnerability affected the Jakarta-based file upload Multipart parser under Apache […]

Security experts at Palo Alto Networks have discovered a new Linux/IoT botnet dubbed Amnesia botnet that has been targeting digital video recorders (DVRs). Amnesia exploited an unpatched remote code execution vulnerability that was disclosed more than one year ago by security researcher Rotem Kerner. “fraudsters are adopting new tactics in order to attack retailers. This new […]

Security experts at Palo Alto Networks have discovered a new Linux/IoT botnet dubbed Amnesia botnet that has been targeting digital video recorders (DVRs). Amnesia exploited an unpatched remote code execution vulnerability that was disclosed more than one year ago by security researcher Rotem Kerner. “fraudsters are adopting new tactics in order to attack retailers. This new […]

Security researchers have spotted a new threat dubbed Brickerbot botnet that causes permanent damage to Internet of Things (IoT) devices. Months ago we anticipated the possible spike in the number of IoT botnets, at the beginning it was Mirai, but later other dangerous thingbot appeared in the wild such as the Leet Botnet and the Amnesia botnet. Now a […]

Security researchers from firms McAfee and FireEye are warning of a Windows zero-day attack in the wild that put Microsoft users at risk of hack. Security researchers from security firms McAfee and FireEye are warning of hackers exploiting an Just opening an MS Word document could put you at risk, the exploitation of the flaw […]

Experts at IBM X-Force security firm warn of a new Mirai Botnet implementing Bitcoin crypto-currency mining capabilities. The Mirai botnet was first spotted in august 2016 by the security researcher MalwareMustDie, it was specifically designed to compromise vulnerable or poorly protected IoT. Once Mirai malware compromises an IoT device it recruits it into a botnet primarily used for […]

CradleCore ransomware is a malware offered in the underground as a source code, instead of the classic ransomware-as-a-service (RaaS) model. According to the experts at Forcepoint, the author is offering the malware in many Tor-based crime forums as source code allowing crooks to request a customized version of the code. The CradleCore ransomware is offered by the author as a […]

Security researchers who analyzed the documents and hacking tools included in the last Shadow Brokers dump found a link to the Stuxnet virus. On Friday, the Shadow Brokers leaked a new bunch of files belonging to the alleged NSA arsenal. Security researchers who analyzed the documents and hacking tools included in the last dump have […]

Experts at Recorded Future have discovered a cheap RaaS, the Karmen Ransomware that deletes decryptor if detects a sandbox. Security experts from threat intelligence firm Recorded Future have spotted a new ransomware as a service (RaaS) called Karmen. The service allows customers to easy create their ransomware campaign in a few steps and without specific skills. Wannabe-crooks […]

Symantec observed the Hajime IoT malware leaving a message on the devices it infects, is it the work of a cyber vigilante? The Mirai botnet is the most popular thingbot, it is targeting poorly configured and flawed ‘Internet of Things’ devices since August 2016, when the threat was first discovered by the researcher MalwareMustDie. Many other bots threaten […]

The Europol coordinated an international operation that dismantled a cybercrime ring that was offering services and tools to conceal malware. The Europol dismantled a cybercrime ring as the result of a joint investigation conducted by Spanish and British law enforcement authorities (The Spanish National Police, the UK’s Regional Cyber Crime Unit for Tackling North West […]

The Russian hacker Petr Levashov has been indicted in connection with the infamous Kelihos Botnet that was recently dismantled. It isn’t a good period for Russian cyber criminals, last week Roman Valeryevich Seleznev, aka “Track2â€�, was sentenced to 27 years in prison, he was convicted of causing $170 million in damage by hacking into point-of-sale systems. Today the […]

The Russian hacker Petr Levashov has been indicted in connection with the infamous Kelihos Botnet that was recently dismantled. It isn’t a good period for Russian cyber criminals, last week Roman Valeryevich Seleznev, aka “Track2â€�, was sentenced to 27 years in prison, he was convicted of causing $170 million in damage by hacking into point-of-sale systems. Today the […]

Malware researchers from security firm ESET have discovered a new Linux threat dubbed Shishiga malware targeting systems in the wild. Malware researchers from ESET have discovered a new Linux malware dubbed Linux/Shishiga targeting systems in the wild. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) implements a modular architecture by using Lua scripts. […]

Malware researchers from security firm ESET have discovered a new Linux threat dubbed Shishiga malware targeting systems in the wild. Malware researchers from ESET have discovered a new Linux malware dubbed Linux/Shishiga targeting systems in the wild. The Linux/Shishiga malware uses four different protocols (SSH, Telnet, HTTP and BitTorrent) implements a modular architecture by using Lua scripts. […]

The mysterious Hajime Botnet continues to grow and reached 300,000 IoT Devices, the author also implemented a new attack method. Recently experts from Symantec spotted a new IoT botnet dubbed Hajime that is spreading quickly in the last months, mostly in Brazil and Iran. The Hajime malware was first spotted in October 2016, it implements the same mechanism […]

The mysterious Hajime Botnet continues to grow and reached 300,000 IoT Devices, the author also implemented a new attack method. Recently experts from Symantec spotted a new IoT botnet dubbed Hajime that is spreading quickly in the last months, mostly in Brazil and Iran. The Hajime malware was first spotted in October 2016, it implements the same mechanism […]

Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate Emmanuel Macron’s campaign. Incident response to this Advanced […]

Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate Emmanuel Macron’s campaign. Incident response to this Advanced […]

DOK Malware is a stealthy malicious code recently discovered by researchers at security firm CheckPoint, it affects almost ant Mac OS X version. Malware researchers at CheckPoint firm have discovered a new stealth Mac malware dubbed DOK that affects almost ant Mac OS X version. At the time of its discovery, the DOK malware has zero […]

DOK Malware is a stealthy malicious code recently discovered by researchers at security firm CheckPoint, it affects almost ant Mac OS X version. Malware researchers at CheckPoint firm have discovered a new stealth Mac malware dubbed DOK that affects almost ant Mac OS X version. At the time of its discovery, the DOK malware has zero […]

Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo contain a malicious file. Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code. The Initialization Tool […]

Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo contain a malicious file. Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code. The Initialization Tool […]

According to a new analysis conducted by the IBM’s X-Force security team, a new wave of attacks powered by the TrickBot banking Trojan have been targeting private banks in the UK, Australia, and Germany. The researchers observed new redirection attacks focused on new brands, including private banks, private wealth management firms, investment banking, and a retirement insurance and […]

According to a new analysis conducted by the IBM’s X-Force security team, a new wave of attacks powered by the TrickBot banking Trojan have been targeting private banks in the UK, Australia, and Germany. The researchers observed new redirection attacks focused on new brands, including private banks, private wealth management firms, investment banking, and a retirement insurance and […]

Shodan and security firm Recorded Future launched Malware Hunter, a service that allows scanning the Internet to identify botnet C&C servers. Malware researchers have a new powerful weapon in their arsenal, a joint project from Shodan and security firm Recorded Future dubbed Malware Hunter allow them to scan the Internet to identify botnet C&C servers. The malware […]

Shodan and security firm Recorded Future launched Malware Hunter, a service that allows scanning the Internet to identify botnet C&C servers. Malware researchers have a new powerful weapon in their arsenal, a joint project from Shodan and security firm Recorded Future dubbed Malware Hunter allow them to scan the Internet to identify botnet C&C servers. The malware […]

Bad news for Mac users, a new variant of the OSX.Dok dropper was discovered by researchers at Malwarebytes, it was spotted installing a new payload dubbed Bella backdoor. Once the DOK malware infects a macOS system, it gains administrative privileges and installs a new root certificate. The root certificate allows the malicious code to intercept all victim’s […]

Bad news for Mac users, a new variant of the OSX.Dok dropper was discovered by researchers at Malwarebytes, it was spotted installing a new payload dubbed Bella backdoor. Once the DOK malware infects a macOS system, it gains administrative privileges and installs a new root certificate. The root certificate allows the malicious code to intercept all victim’s […]

Bad news for Mac users, a new variant of the OSX.Dok dropper was discovered by researchers at Malwarebytes, it was spotted installing a new payload dubbed Bella backdoor. Once the DOK malware infects a macOS system, it gains administrative privileges and installs a new root certificate. The root certificate allows the malicious code to intercept all victim’s […]

Malware researchers at security firm ProofPoint reported the Chinese TA459 APT has exploited the CVE-2017-0199 vulnerability to target Financial firms. The notorious cyber espionage group tracked as TA459 APT has targeted analysts working at major financial firms using the recently patched  CVE-2017-0199 Microsoft Office vulnerability. Experts at Proofpoint published a detailed analysis of the espionage campaign conducted […]

Malware researchers at security firm ProofPoint reported the Chinese TA459 APT has exploited the CVE-2017-0199 vulnerability to target Financial firms. The notorious cyber espionage group tracked as TA459 APT has targeted analysts working at major financial firms using the recently patched  CVE-2017-0199 Microsoft Office vulnerability. Experts at Proofpoint published a detailed analysis of the espionage campaign conducted […]

The notorious cyber crime gang Carbanak is back and it is continuing to refine its techniques and tactics and developed new tools for its attacks. The cyber crime gang Carbanak continues to refine its techniques and tactics. According to a new analysis conducted by the security firm Trustwave,  the group has refined its intrusion strategy and […]

The notorious cyber crime gang Carbanak is back and it is continuing to refine its techniques and tactics and developed new tools for its attacks. The cyber crime gang Carbanak continues to refine its techniques and tactics. According to a new analysis conducted by the security firm Trustwave,  the group has refined its intrusion strategy and […]

Cisco Talos team discovered a RAT dubbed KONNI malware that target organizations linked to North Korea. Here you are an analysis of its evolution. Security researchers at Cisco Talos team have discovered a remote access Trojan (RAT) that target organizations linked to North Korea. The malware, dubbed by researchers “KONNI,â€� was undetected for more than 3 years and […]

According to experts from the Fox-IT firm, the notorious Russian Snake APT group is ready to target also Mac users with a new variant of its malicious code. The sophisticated Russian Snake APT group is back and is leveraging on new malware to target Mac users.The Snake APT group, also known as Turla or Uroburos, has ported its Windows […]

Experts from Bitdefender have uncovered the Netrepser Cyber espionage campaign that compromised more than 500 Government organizations worldwide. Security experts at Bitdefender uncovered a cyber espionage campaign that leverages a strain of malware dubbed Netrepser to target government organizations. Netrepser Trojan samples were first discovered by the Bitdefender in May 2016, according to experts the analysis […]

The new Bondnet botnet “Bond007.01” recently discovered coming out of China and it has infected an estimated 15,000 Windows server computers world-wide. There’s a new botnet in town and it’s named after the spy with a license to kill – James Bond. The new Bondnet botnet “Bond007.01” was discovered coming out of China by researchers […]

Recently discovered Fatboy ransomware implements a dynamic method of setting the ransom amount based on the geographic location of the victims. Ransomware continues to monopolize the threat landscape, recently security experts have observed numerous evolution of this specific family of malware. A newly discovered ransomware-as-a-service (RaaS), dubbed Fatboy, implements a dynamic method of setting the […]

Researchers at Technische Universitat Braunschweig published a study on 200+ Android mobile apps that are listening to your life through ultrasonic beacons. Researchers at Technische Universitat Braunschweig in Germany recently published a finding that over 200 Android mobile applications are listening to your life through ultrasonic beacons. Like digital electronic vampire bats, these apps are checking […]

Malwaresearch is a command line tool to find malware on Openmalware.org, it was developed to facilitate and speed up the process of finding and downloading malware samples. The tool was developed to facilitate and speed up the process of finding and downloading malware samples via the command line interface. We’ve made use of the API provided by […]

Malwaresearch is a command line tool to find malware on Openmalware.org, it was developed to facilitate and speed up the process of finding and downloading malware samples. The tool was developed to facilitate and speed up the process of finding and downloading malware samples via the command line interface. We’ve made use of the API provided by […]

The Rakos botnet – Exploring a P2P Transient Botnet From Discovery to Enumeration. 1. Introduction We recently deployed a high interaction honeypots expecting it to be compromised by a specific malware. But in the first few days, instead of getting infected by the expected malware, it received a variety of attacks ranging from SSH port forwarding […]

Trend Micro has discovered a new attack on internet-based IP cameras and recorders powered by a new Internet of Things (IOT) bot dubbed PERSIRAI. Trend Micro has discovered a new attack on internet-based IP cameras and recorders.  The new Internet of Things (IOT) attack called ELF_PERSIRAI has also been back-tracked to an Iranian research institute […]

Trend Micro has discovered a new attack on internet-based IP cameras and recorders powered by a new Internet of Things (IOT) bot dubbed PERSIRAI. Trend Micro has discovered a new attack on internet-based IP cameras and recorders.  The new Internet of Things (IOT) attack called ELF_PERSIRAI has also been back-tracked to an Iranian research institute […]

WannaCrypt ransomware attack is infecting systems in dozen countries leveraging NSA exploit codes leaked by the hacker group Shadow Brokers. A Massive ransomware attack targets UK hospitals and Spanish banks, the news was confirmed by Telefónica that was one of the numerous victims of the malicious campaign. The newspaper El Pais reported the massive attack, experts at Telefónica […]

WannaCry ransomware attack is infecting systems in dozen countries leveraging NSA exploit codes leaked by the hacker group Shadow Brokers. A Massive ransomware attack targets UK hospitals and Spanish banks, the news was confirmed by Telefónica that was one of the numerous victims of the malicious campaign. The newspaper El Pais reported the massive attack, experts at Telefónica […]

The WannaCry ransomware worm infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits. Experts discovered a Kill Switch for the threat. It was a Black Friday for cyber security, organizations and critical infrastructure across at least 74 countries have been infected by the WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry. […]

Microsoft issued security patches for Windows XP and Server 2003 in response to the WannaCry ransomware attacks. On Friday, the WannaCry ransomware infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits, at least 120,000 computers worldwide have been hit in a few hours. The WannaCry exploits the NSA EternalBlue / […]

Currently we are seeing a large scale WannaCry ransomware outbreak. This ransomware outbreak is more devastating than others because it spreads laterally. Enjoy the RedSocks ‘s analysis. Who does it affect: Any Windows computer without Windows Patch MS17-010. What to do: Apply patch MS17-010 immediately. MS17-010 The key factor in the ‘success’ of this malware strain called […]

WannaCry made the headlines with the massive Ransomware attack that hit systems worldwide, what about an improved version? WannaCry made the headlines with the massive Ransomware attack that hit systems worldwide. The malware targeted organizations across 99 countries worldwide, it leverages a Windows SMB exploit to compromise unpatched OS or computers running unsupported versions of […]

The number of victims would rise on Monday when a large number of users will be back at work, then how to protect your systems from the WannaCry ransomware. The massive WannaCry attack targeted systems worldwide, according to the Europol the number of cyber attack hits 200,000 in at least 150 countries. The number of […]

Massive WannaCry Ransomware hits almost 150 countries around the world. How to avoid it? What’s happened? How to beat ransomware? Something rare but extremely dangerous is currently rotating around the web. Named after the feeling it inflicts on users when they find their PCs infected with it, WannaCry is a ransomware which encrypts all files […]

Massive WannaCry Ransomware hits almost 150 countries around the world. How to avoid it? What’s happened? How to beat ransomware? Something rare but extremely dangerous is currently rotating around the web. Named after the feeling it inflicts on users when they find their PCs infected with it, WannaCry is a ransomware which encrypts all files […]

Security experts at ProofPoint security discovered that many machines can’t be infected by WannaCry because they have been already infected by Adylkuzz. The recent WannaCry ransomware attack wasn’t the first to use the NSA-linked EternalBlue and DoublePulsar hacking tools. Proofpoint researchers have discovered that the cryptocurrency miner Adylkuzz, was the first threat that used the EternalBlue exploit to trigger […]

Security experts at ProofPoint security discovered that many machines can’t be infected by WannaCry because they have been already infected by Adylkuzz. The recent WannaCry ransomware attack wasn’t the first to use the NSA-linked EternalBlue and DoublePulsar hacking tools. Proofpoint researchers have discovered that the cryptocurrency miner Adylkuzz, was the first threat that used the EternalBlue exploit to trigger […]

The tech giant Cisco announced an investigating on the potential impact of WannaCry malware on its products. Recent massive WannaCry ransomware attack highlighted the importance of patch management for any organization and Internet users. Another Tech giant, Cisco announced it is investigating the potential impact of WannaCry malware on its products, especially on its solutions that […]

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware. The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend. The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows […]

At least 3 different groups have been leveraging the NSA EternalBlue exploit weeks before the WannaCry attacks, here’s the evidence. In the last days, security experts discovered numerous attacks that have been leveraging the same EternalBlue exploit used by the notorious WannaCry ransomware. The Shadow Brokers hacker group revealed the exploit for the SMB vulnerability in April, but […]

A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware. The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular WannaCry ransomware. […]

Researchers at ESET security firm have discovered that someone has released 200 master keys for the latest variants of the prominent Crysis ransomware. While security experts continue to investigate the WannaCry attack, someone has released 200 master keys for the latest variants of the prominent Crysis ransomware. The file encrypted by this version have the .wallet and […]

Security experts at Recorded Future tracked a German hacker for the propagation of the Houdini worm through Pastebin sites. A German hacker that goes online with the moniker Vicswors Baghdad is the responsible for the propagation of the Houdini malware on Pastebin sites. According to the expert at Recorded Future, the same threat actor appears to be […]

Check Point have discovered a massive malware campaign spreading the Fireball malware, it has already infected more than 250 million computers worldwide Security researchers at Check Point have discovered a massive malware campaign spreading the Fireball malware. The malicious code has already infected more than 250 million computers worldwide running both Windows and Mac OS. […]

Security experts at IBM noticed that hundreds to thousands of Active Directory users were locked out of their company’s domain by the QakBot Banking malware Malware researchers at IBM noticed that hundreds to thousands of Active Directory users were locked out of their organization’s domain, the incident is caused by the Qbot banking malware. The […]

Security experts at IBM noticed that hundreds to thousands of Active Directory users were locked out of their company’s domain by the QakBot Banking malware Malware researchers at IBM noticed that hundreds to thousands of Active Directory users were locked out of their organization’s domain, the incident is caused by the Qbot banking malware. The […]

Experts killed tens of thousands of subdomains used by crooks to host the RIG Exploit Kit that were set up with a domain shadowing campaign. GoDaddy and RSA Security, with the support of other security companies and researchers, have shut down tens of thousands of illegally established subdomains used by crooks to host the RIG Exploit […]

A malicious code used by Turla APT in a recent campaign leverages comments posted to Instagram to obtain the address of the command and control servers. Malware researchers at security firm ESET have spotted a new piece of malware used by Turla APT  in cyber attacks. The malicious code leverages comments posted to Instagram to obtain […]

Security researchers at Dr. Web discovered two new Linux Malware, one of them mines for cryptocurrency using Raspberry Pi Devices. Malware researchers at the Russian antivirus maker Dr.Web have discovered a new Linux trojan, tracked as Kinux.MulDrop.14, that is infecting Raspberry Pi devices with the purpose of mining cryptocurrency. According to the Russian antivirus maker Dr.Web, the […]

Thousands of IP cameras have been hijacked by the Persirai IoT botnet that targets more than 1,000 IP camera models, but it isn’t the only one. Thousands of IP cameras have been hijacked by the Persirai IoT botnet that targets more than 1,000 IP camera models. Early May, the researchers at Trend Micro discovered a […]

Experts at Trend Micro observed a spam campaign leveraging the PowerPoint ‘Mouseover’ attack to deliver the Gootkit banking Trojan. Earlier this week, the security expert Ruben Daniel Dodge published an interesting post on a new technique to deliver malware through PowerPoint files leveraging on mouseover events. Now experts at Trend Micro revealed details of a spam campaign they detected in […]

France’s cyber-crime investigation unit OCLCTIC seized one server running two Tor Relays Investigating the WannaCry attack. A few days after the massive WannaCry attack the French authorities seized a server running two Tor relays in connection to the ransomware campaign, both relays were also working as Tor entry guard nodes, key components of Tor routing when […]

Malware researchers at security firm Fortinet have spotted MacRansom, it is the first Mac ransomware offered as a RaaS Service. Malware researchers at security firm Fortinet have spotted a new strain of ransomware dubbed MacRansom that targets Mac machines. The malware is available with Ransomware-as-a-service (RaaS) model through a hidden service in the TOR network. Experts believe […]

Researchers at antivirus firm ESET have discovered a new strain of malware, dubbed Industroyer, that appears to have been designed to target power grids. The experts published a detailed analysis of the malware, they speculated the malicious code has been involved in the December 2016 attack on an electrical substation in Ukraine. “Win32/Industroyer is a sophisticated piece […]

Security Experts at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America. Malware researchers at Arbor Networks have spotted a new banking trojan, initially called ‘Matrix Banker’, that is targeting Latin America. The malicious code seems to be still under development, most of the victims were located […]

Victims of the Jaff ransomware can use an updated version of the Kaspersky Labs’s RakhniDecryptor tool to decrypt their encrypted files. Security researchers at Kaspersky Lab have discovered a weakness in the Jaff ransomware that allowed the researchers creating of decryption keys to unlock files encrypted by the malware. Once the victims were infected by the Jaff […]

Researchers at the security firm Yoroi have discovered a False Flag Attack on Multi-Stage Delivery of Malware to Italian Organisations. Everything started from a well edited Italian language email (given to me from a colleague of mine, thank you Luca!) reaching out many Italian companies. The Italian language email had a weird attachment: ordine_065.js (it […]

Indian authorities are facing with the Rufus malware, a malicious code used to clean out ATMs running outdated Windows XP software across states. Many security firms and law enforcement agencies are warning of malware-based attacks against ATM. Recently 27 people have been arrested by the Europol for jackpotting attacks on ATM across many countries in Europe. […]

Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot) that leverages UPnP to open ports, allowing incoming connections from anyone on the Internet to communicate with the infected […]

Threat actors behind the financial trojan TrickBot have been updating its campaigns targeting Payment Processors and CRM Providers. Threat actors behind Banking Trojan TrickBot switched from financial institutions to Payment processors and CRM providers. TrickBot was initially observed in September 2016 by the researchers at security firm Fidelis Cybersecurity, that linked it to the Dyre banking […]

For the second time in a month, Google removed malicious apps infected with the Ztorg Trojans that could allow attackers to root targeted devices. Most software developers update their apps to patch vulnerabilities and add new features. But when the software is malware, an update could be the worst thing to do. The Google Play […]

Cisco Talos intelligence group released an open source framework named BASS that is designed for automatically generating antivirus signatures from malware. BASS is an automated signature synthesizer, it is able to automatically create signatures from the analysis of a malicious code that belongs to previously generated clusters. The BASS tool aims to simplify malware analysis […]

South Korean web hosting company NAYANA was hit by the Erebus ransomware that infected 153 Linux servers and over 3,400 business websites the company hosts. The South Korean web hosting provider NAYANA has paid $1 million in bitcoins to crooks after a Linux ransomware infected its systems. its 153 servers, encrypting 3,400 business websites and […]

The Honda company shuts down a factory in Japan after finding the WannaCry ransomware in its networks after 5 weeks its massive attack. The WannaCry ransomware makes the headlines once again, The Honda Company to stopped the production in one of its plant in Japan after discovering the malware in its computer networks, The Honda automaker […]

Researchers at AlienVault observed a significant increase in the number of SamSam ransomware attacks, crooks are demanding $33,000 to the victims. Security experts at AlienVault have observed a new string of attacks leveraging the SamSam ransomware, and this time crooks are demanding a $33,000 ransom to decrypt the files. According to the researchers, crooks demand: 1.7 Bitcoin […]

A new strain of the infamous Petya ransomware dubbed Petwrap, is infecting computers in different states, mostly in Ukraine and Russia. This is the second massive ransomware-based attack in a few weeks, like WannaCry, the Petwrap ransomware exploits the MS17-010 SMB Remote Code Execution, so-called Eternal Blue, that Microsoft patched in March 2017. Banks, financial institutions, businesses, […]

WikiLeaks published the manual of the ELSA malware, a tool allegedly used by the U.S. CIA to track people’s locations via their WiFi-enabled devices. WikiLeaks has published a document detailing a tool allegedly used by the U.S. CIA to track people’s locations via their WiFi-enabled devices. The malware code-named Elsa implements geolocation feature, it scans visible WiFi […]

Ukraine secret service announces joint investigation with Europol, FBI, and NCA to attribute the recent Notpetya massive attack. While security experts are investigating real motivation behind the massive NotPetya attack, Ukrainian authorities called for support in the investigation from European and US intelligence and law enforcement agencies. The country’s security service SBU announced the international co-operation […]

The recent global outbreak of the “NotPetya” malware has some very curious features that have left security officials puzzled. Despite the press coverage, NotPetya is not really a ransomware attack to hold your data hostage. It’s a killbot. Several information security specialists have pointed a finger directly at Moscow; citing circumstantial evidence the source of […]

As was anticipated by Minister Pier Carlo Padoan, the Taormina G7, he would have to face, inter alia, the overwhelming problem of Web security and the protection of sensitive data. The issue is much more urgent in the light of cyber attacks on computer systems of some key service providers in several EU Member States […]

The author of the original variant of the Petya ransomware has made the master key available online, all the victims can decrypt their files for free. Janus, the author of the original variant of Petya ransomware (that isn’t the NotPetya variant used in the recent massive attack) has made the master key available online. All the victims of the […]

Security experts at Palo Alto Networks have discovered a new Android Trojan dubbed SpyDealer that can steal data from more than 40 applications. Malware researchers at Palo Alto Networks have spotted a new  Android Trojan, dubbed SpyDealer that can exfiltrate data from more than 40 applications, including WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, […]

Security experts at TrendMicro discovered that the notorious Adwind RAT has resurfaced targeting enterprises in the Aerospace industries worldwide. Crooks are even more opportunists, they continually innovate their TTPs to maximize their profits to target the largest number of victims. Security experts at TrendMicro have discovered that the notorious Adwind RAT has resurfaced and cyber criminals are using it […]

The progression in Artificial Intelligence have incited intense debate worldwide, some experts are calling AI to counter malware attacks In a short span of six weeks, the world was hit twice by major ransomware attacks — malicious software that seizes the data stored on your computer systems and would only release it to you upon […]

A newly discovered Point of Sale (PoS) malware dubbed LockPoS appeared in the wild and it is being delivered through the Flokibot botnet. A newly discovered Point of Sale (PoS) malware is being delivered via a dropper that is manually loaded and executed on the targeted systems, Arbor Networks Security researchers warn. Arbor Networks researchers discovered a new Point […]

Security experts at the SANS Institute discovered that that NemucodAES ransomware and Kovter trojan are being delivered together in spam campaigns. Security experts at the SANS Institute Internet Storm Center, discovered that that two malware families, NemucodAES and Kovter are being delivered together in .zip attachments delivered via active spam campaigns. Security Researcher Brad Duncan […]

Two CryptoMix Ransomware variants emerged in a few days, a circumstance that suggests the operators behind the threat are very active. Malwarebytes’ researcher Marcelo Rivero has spotted a new variant of the CryptoMix ransomware. #CryptoMix #Ransomware adds ext “.EXTE” to encrypted files, and the note “_HELP_INSTRUCTION.TXT” – md5: 1059676fbb9d811e88af96716cc1ffb5 pic.twitter.com/Ha4jeRMPEv — Marcelo Rivero (@MarceloRivero) July 13, […]

The seven-year-old remote code execution vulnerability SambaCry was exploited by the SHELLBIND IoT malware to target NAS devices. A new strain of malware dubbed SHELLBIND exploits the recently patched CVE-2017-7494 Samba vulnerability in attacks against Internet of Things devices. SHELLBIND has infected most network-attached storage (NAS) appliances, it exploits the Samba vulnerability (also known as SambaCry and EternalRed) […]

Wikileaks revealed that CIA contractor Raytheon Blackbird Technologies was tasked to analyze advanced malware and TTPs used by threat actors in the wild. Wikileaks continues to publish documents from Vault 7 leaks, today the organization has shed light on the collaboration between the US Intelligence agency and tech firms for malware development. The last batch […]

Apparently, different cyber gangs are using modified versions of the Nukebot in wild after code Leak occurred in March 2017. Crooks are adapting the leaked source code for the Nukebot banking Trojan to target banks in the United States and France and to steal mail client and browser passwords. Apparently, different cyber gangs are using modified versions of […]

Microsoft used the lawsuit to disrupt a large number of cyber espionage campaigns conducted by infamous Fancy Bear APT hacking group We have discussed several times about hacking back and the case we are going to analyze is a good example of an alternative approach to hit back an APT group. Microsoft used the lawsuit […]

A huge botnet dubbed Stantinko was undetected for at least 5 years, the disconcerting discovery was made by researchers from security firm ESET. According to ESET, the Stantinko botnet has infected around half a million computers worldwide. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia and Ukraine […]

The Russian hacker Mark Vartanyan was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel botnets. It’s a terrific moment for cyber criminals, law enforcement worldwide continues their fight against illegal activities online and the recent shut down of AlphaBay and Hansa black markets demonstrate it. The news of […]

The SLocker source code leaked online, it is one of the oldest mobile lock screen and file-encrypting ransomware. The source code of the SLocker Android malware, one of the most popular Android ransomware families, has been leaked online for free, allowing crooks to develop their own variant of the threat. SLocker was first spotted in 2015, it is […]

The threat actor behind Spring Dragon APT has been developing and updating its wide range of tools throughout the years, new attacks reported in South Asia. According to a new report published by Kaspersky Lab, the China-linked APT group Spring Dragon (aka Lotus Blossom, Elise, and Esile) has used more than 600 malware samples in […]

A new mysterious strain of macOS and OS X malware dubbed Fruitfly went undetected by malware researchers and security software for at least five years. Fruitfly is a backdoor that could be used by attackers to gain full control over the infected systems by implementing many spying features. Fruitfly has the ability to capture screenshots, keystrokes, […]

Malware researchers at Kaspersky Lab have found a new Windows Backdoor dubbed CowerSnail linked to the recently discovered SHELLBIND SambaCry Linux malware. Security experts at Kaspersky Lab have spotted a new Windows Backdoor dubbed CowerSnail linked to the recently discovered SHELLBIND SambaCry Linux malware. SHELLBIND has infected most network-attached storage (NAS) appliances, it exploits the Samba vulnerability (also known as SambaCry and EternalRed) to upload a shared […]

Google has identified a new strain of Android malware, the Lipizzan spyware, that could be used as a powerful surveillance tool. Malware researchers at Google have spotted a new strain of Android spyware dubbed Lipizzan that could exfiltrate any kind of data from mobile devices and use them as surveillance tools. The Lipizzan spyware is a project developed […]

Google has identified a new strain of Android malware, the Lipizzan spyware, that could be used as a powerful surveillance tool. Malware researchers at Google have spotted a new strain of Android spyware dubbed Lipizzan that could exfiltrate any kind of data from mobile devices and use them as surveillance tools. The Lipizzan spyware is a project developed […]

Wikileaks published another batch of classified documents from the CIA Vault 7 leak, it includes details of the Imperial project. Today another batch of classified documents from the CIA Vault 7 leak was published by Wikileaks. The documents are related to a CIA project codenamed ‘Imperial,’ they include details of three CIA hacking tools and implants that […]

Security experts from ESET that spotted the Industroyer malware used against Ukraine’s power grid released a free tool for ICS Malware analysis ESET researchers Robert Lipovsky and Anton Cherepanov have released a free tool for the analysis of ICS malware. The security duo is the same that discovered the CrashOverride/Industroyer malware that targeted the Ukraine’s power […]

The US pharmaceutical company Merck revealed that the massive NotPetya cyberattack has disrupted its worldwide operations. The US pharmaceutical company Merck revealed that the massive NotPetya cyberattack has disrupted its worldwide operations. The news was part of the Merck’s financial results announcement for the second quarter of 2017, according to the pharmaceutical giant the ransomware destructed operations […]

Experts at Proofpoint noticed the infamous cyber crime gang Carbanak has added a new JScript backdoor dubbed Bateleur Backdoor to its arsenal. According to researchers at security firm Proofpoint, the infamous cyber crime gang Carbanak has added a new JScript backdoor dubbed Bateleur Backdoor to its arsenal. Carbanak, aka FIN7, has also used updated macros. The Carbanak gang was first […]

Marcus Hutchins, the expert who discovered the “kill switch” that halted the outbreak of the WannaCry ransomware was detained in Las Vegas after Def Con. Marcus Hutchins, also known as MalwareTech, is the 22-year-old security expert who made the headlines after discovering the “kill switch” that halted the outbreak of the WannaCry ransomware. Marcus Hutchins has been arrested […]

On Wednesday some very interesting and seemly unrelated events happened in regards to Wannacry. First Marcus Hutchins (AKA @Malwaretech), the security researcher who discovered the kill switch and stopped the spread of Wannacry was arrested whilst returning to the UK from Las Vegas- on suspicion of creating malware (covered here). But the second event which […]

Yesterday the judge approved to release the researcher Marcus Hutchins on bail for a bond of $30,000 under certain conditions. Marcus Hutchins, also known as MalwareTech, is the 22-year-old security expert who made the headlines after discovering the “kill switchâ€� that halted the outbreak of the WannaCry ransomware. Marcus Hutchins has been arrested in in Las Vegas after attending […]

Researchers at Kaspersky Lab discovered a new wave of attack leveraging the Mamba ransomware that hit organizations in Brazil and Saudi Arabia. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. A […]

Experts at Cylance noticed that the decoy document used in KONNI attacks is similar to the one used in recent campaigns of the DarkHotel APT. In May, Cisco Talos team discovered a RAT dubbed KONNI malware that targets organizations linked to North Korea. The malware, dubbed by researchers “KONNI,â€� was undetected for more than 3 years and was used […]

Trend Micro spotted a new espionage campaign that has been active for at least 2 months and that is targeting Russian-speaking firms with a new backdoor Security experts at Trend Micro have spotted a new cyber espionage campaign that has been active for at least two months and that is targeting Russian-speaking enterprises delivering a new Windows-based backdoor, […]

The Cyber Police of Ukraine arrested a Ukraine man that allegedly distributed the NotPetya/ExPetr malware resulting in the infection of 400 computers. Sergey Neverov, a 51-year-old man, has been arrested, on Saturday 5 August, by Ukrainian Cyber Police on accusations of distributing a version of the NotPetya(Petya.A) ransomware after the initial attack event of late […]

Experts spotted a new signed Mac adware dubbed MUGHTHESEC that hijacks victim’s browser for profit and can be removed only reinstalling the OS. According to the expert Patrick Wardle, Director of Research at Synack, a new strain of Mac adware is threatening Mac users, once infected a machine the only way to remove it is to reinstall […]

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively. The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny. Disdain Exploit Kit – […]

According to Trend Micro, cyber criminals abuse the CVE-2017-0199 vulnerability to deliver malware via PowerPoint Slide Show. In April Microsoft fixed the CVE-2017-0199  vulnerability in Office after threat actors had been exploiting it in the wild. Hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such […]

Kaspersky Lab discovered attackers were able to modify the NetSarang software update process to include a malware tracked as ShadowPad backdoor. Software update mechanism could be an efficient attack vector, news of the day is that hackers compromised the update process for a popular server management software package developed by NetSarang. Attackers were able to […]

Researchers at Cybereason have discovered a new strain of the Cerber ransomware that implements a new feature to avoid triggering canary files. The canary files are a security measure for the early detection of threat like ransomware. These files are located in specific positions of systems and an anti-ransomware application watches for any modification. If the […]

The transportation giant Maersk announced that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. A.P. Moller-Maersk, the transportation and logistics firm, announced Tuesday that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. According to the second quarter earnings report, there were expecting losses between […]

The Ukrainian central bank warned state-owned and private lenders of the appearance of new the NotPetya-like attack that would target national businesses. On Friday, the Ukrainian central bank warned of new malware-based attack risk. According to the Reuters, the Ukrainian central bank warned state-owned and private lenders of the spreading of new infections like the […]

A new strain of ransomware distributed through spam emails, dubbed SyncCrypt, hides its components inside harmless-looking images. A new strain of ransomware recently discovered, dubbed SyncCrypt, hides its components inside harmless-looking images. The SyncCrypt ransomware is distributed through spam emails that use attachments containing WSF files pretending to be court orders. Once the victims execute the attachment, an embedded JScript fetches seemingly innocuous images from specific locations and […]

A new fileless miner dubbed CoinMiner appeared in the wild, it uses NSA EternalBlue exploit and WMI tool to spread. A new strain of Cryptocurrency Miner dubbed CoinMiner appeared in the wild and according to the experts it is hard to detect and infects Windows PCs via EternalBlue NSA exploit. CoinMiner is a fileless malware that leverages the WMI […]

According to a new report published by FireEye, crooks have been using the Neptune exploit kit to deliver cryptocurrency miners via malvertising campaigns. According to experts at FireEye, crooks are exploiting the Neptune exploit kit (aka Terror EK, Eris, and Blaze) to delivery cryptocurrency miners via malvertising campaigns. The Neptune exploit kit was first spotted in January and was […]

Security experts from Kaspersky Lab have spotted an ongoing cross-platform malware campaign that leverages Facebook Messenger. Security experts from Kaspersky Lab have spotted an ongoing cross-platform malware campaign on Facebook Messenger, spammers are actually infecting users of all platform with adware. Users receive a video link that redirects them to a bogus website set up to lure them to […]

Researchers at Proofpoint spotted Defray Ransomware, a new ransomware used in a targeted campaign against education and healthcare organizations. Earlier this month, researchers at Proofpoint spotted a targeted ransomware campaign against education and healthcare organizations. The ransomware used in the campaign was dubbed Defray, based on the command and control (C&C) server hostname used for the […]

Researchers at Proofpoint spotted a cyber espionage campaign leveraging recent Game of Thrones episode leaks and attribute it to Chinese APT17 group. Security researchers at Proofpoint have uncovered a cyber espionage campaign leveraging recent Game of Thrones episode leaks to trick victims into opening malicious documents sent via email. Experts have observed during the past week, the […]

The security firm Symantec has discovered another cyber espionage campaign against India and Pakistan which is likely to be state-sponsored. Security experts at Symantec have uncovered a sustained cyber spying campaign against Indian and Pakistani entities involved in regional security issues. The nature of the targets and the threat actors’ techniques suggest it is a […]

Malware writer is offering for free a malware dubbed Cobian RAT in the underground, but the malicious code hides an ugly surprise. In the dark web, it is quite easy to find alone vxers and hacking forums that offer malware and customize them according to buyers’ needs. Recently researchers from Zscaler have spotted a remote access […]

Experts spotted a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware Security expert Brad Duncan with both the SANS Internet Storm Center and Palo Alto Networks’ Unit 42, has spotted a malware campaign leveraging bogus popups that alert users to a missing web-font. The crooks are targeting Google […]

Security experts discovered last week that a US government website was hosting a JavaScript downloader used to deliver the Cerber ransomware. The security researcher at NewSky Security Ankit Anubhav discovered last week that a US government website was hosting a malicious JavaScript downloader that was delivering the dreaded Cerber ransomware. #Javascript #malware using #powershell hosted […]

Security researchers from Kaspersky Lab have discovered a new strain of ATM malware dubbed ATMii that could be used to empty an ATM. Security researchers from Kaspersky Lab have discovered a new strain of ATM malware dubbed ATMii. The ATMii malware was discovered in April this year, it implements an injector module (exe.exe) and the module to be injected (dll.dll). Crooks can […]

Equifax service set up for obtaining free and discounted credit reports had been redirecting users to websites offering a fake Flash Player installer. The independent security analyst Randy Abrams discovered an Equifax service set up for obtaining free and discounted credit reports had been redirecting users to websites offering a fake Flash Player installer. “As I […]

Experts at Akamai have identified a running Fast Flux botnet composed of over 14,000 compromised systems used to spread malware. Experts at Akamai have identified a running botnet of over 14,000 compromised systems used to spread malware. The botmasters implemented a technique dubbed Fast Flux to make the infrastructure hard to take down. Treat actors […]

The Necurs botnet is spreading a new downloader that takes screenshots of the victims’ desktops and Runtime Errors back to the operators. The Necurs botnet is back once again, the dreaded botnet was spreading a downloader that takes screenshots of the victims’ desktops and Runtime Errors back to the attackers. “Recently we have seen a resurgence of […]

Trend Micro recently observed a new campaign leveraging the Ursnif banking Trojan using new malicious macro tactics payload delivery and evade detection. Researchers at Trend Micro have recently spotted a new campaign leveraging the Ursnif banking Trojan featuring new malicious macro tactics for payload delivery. Malicious macros are widely adopted by crooks for malware distribution, usually, they […]

Canada’s Communications Security Establishment (CSE) intel agency has released the source code for one of its malware analysis tools dubbed Assemblyline. The Canada’s Communications Security Establishment (CSE) intelligence agency has released the source code for one of its malware detection and analysis tools dubbed Assemblyline. The Assemblyline tool is written in Python and was developed under the […]

The dreaded Proton malware was spreading through a new supply-chain attack that involved the Elmedia apps, victims should wipe their Macs Bad news for Mac users, a new malware is threatening them of a complete system wipe and reinstall. Crooks are distributing the malware in legitimate applications, the popular Elmedia Player and download manager Folx developed by […]

Russian cyber espionage group APT28 targeted individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Researchers with Cisco Talos have spotted a Russian cyber espionage group targeting individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Experts attributed the attack to the dreaded Russian APT28 group, aka Pawn Storm, Fancy Bear, Sofacy, Group 74, Sednit, […]

A new strain of malware dubbed Bad Rabbit ransomware has been found rapidly spreading in Russia, Ukraine and elsewhere. A new massive ransomware campaign is rapidly spreading around Europe, the malware dubbed Bad Rabbit has already affected over 200 major organizations mainly in Russia, Ukraine, Germany, Japan, and Turkey in a few hours. The Bad Rabbit ransomware has infected […]

We at the CSE Cybsec ZLab have conducted a preliminary analysis of the Bad Rabbit ransomware discovering an interesting aspect of the attack. This is just the beginning of a complete report that we will release in the net days, but we believe our findings can be useful for the security community. This malware remembers the notorious NotPetya […]

Malware researchers at Cisco Talos team discovered the Bad Rabbit Ransomware leverages EternalRomance to propagate in the network. New precious details emerge from the analysis of malware researchers at Cisco Talos and F-Secure who respectively discovered and confirmed the presence an NSA exploit in the Bad Rabbit ransomware. On October 24, hundreds of organizations worldwide were hit by the Bad Rabbit […]

UK Government blamed North Korea for the WannaCry attack that affected a third of English hospitals. “This attack, we believe quite strongly that it came from a foreign state,” Ben Wallace, a junior minister for security, told BBC Radio 4’s Today programme. “North Korea was the state that we believe was involved in this worldwide attack,” […]

Crooks continues to target Japanese users, now the hackers leverage the Ursnif banking Trojan, aka Gozi, to hit the country. According to researchers at IBM X-Force group, cyber criminals are delivering the infamous malware via spam campaigns that began last month. The Ursnif banking Trojan was the most active malware code in the financial sector in […]

Security expert Jérôme Segura from Malwarebytes has spotted that Matrix Ransomware has risen again, it is now being distributed through malvertising. Malware researcher Jérôme Segura from Malwarebytes has discovered that Matrix Ransomware is now being distributed through malvertising campaign. #RIGEK drops Matrix ransomware. Payload https://t.co/PruaiZRuw9 SAZ https://t.co/KFwap516h4 pic.twitter.com/tSpl2PCGCA — EKFiddle (@EKFiddle) October 26, 2017 The Matrix Ransomware was first spotted in […]

Gaza Cybergang threat actor it is back again, this time it is targeting organizations in the Middle East and North Africa (MENA) region. Gaza Cybergang is a threat actor that is believed to be linked to the Palestinian organization Hamas, it is back again targeting organizations in the Middle East and North Africa (MENA) region. According to the […]

Security experts from Fortinet spotted a new strain of the Sage ransomware that included new functionalities, such as anti-analysis capabilities. Sage 2.0 is a new ransomware first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit kits. The […]

MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, experts speculate it was used to cover larger hacking campaigns. MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, it is a bootkit ransomware that uses a modified version of the legitimate open-source disk encryption utility DiskCryptor to […]

A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the Carbanak group. A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the dreaded Carbanak hacker group that stole as much as $1 billion from banks worldwide. […]

Experts at Cisco Talos observed crooks exploiting black Search Engine Optimization (SEO) to spread the Zeus Panda banking Trojan. Threat actors behind the Zeus Panda banking Trojan leveraged black Search Engine Optimization (SEO) to propose malicious links in the search results. Crooks were focused on financial-related keyword queries. The campaign was first spotted by experts at Cisco Talos, attackers […]

Security experts spotted a new malware dubbed Ordinypt, it is a wiper disguised as ransomware that currently only targets German users The malware researcher Michael Gillespie first reported a new strain of malware called Ordinypt that is currently targeting German users, but unfortunately instead of encrypting users’ files, the malware intentionally destroy them. Tweets by demonslay335 Early this […]

Researchers at IBM have spotted a new banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. Malware researchers at IBM X-Force have spotted a new strain of banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and Dridex. IcedID does not borrow code from other banking malware, but it […]

Researchers from security firm ESET, discovered a multi-stage Malware dubbed Android/TrojanDropper.Agent.BKY that evaded Google Play detection. Security experts at ESET have discovered a multi-stage Android malware, tracked as Android/TrojanDropper.Agent.BKY, that was available for download in the official Google Play store. The researchers have found eight malicious applications in the official application store (MEX Tools, Clear Android, Cleaner for […]

The Terdot banking Trojan isn’t a novelty in the threat landscape, it has been around since mid-2016, and now it is reappearing on the scenes. According to Bitdefender experts, vxers have improved the threat across the years, implementing credential harvesting features as well as social media account monitoring functionality. The Terdot banking Trojan is based on the Zeus […]

Kaspersky Lab publishes a full technical report related to hack of its antivirus software to steal NSA hacking code. In October, anonymous source claimed that in 2015 the Russian intelligence stole NSA cyber weapons from the PC of one of its employees that was running the Kaspersky antivirus. Kaspersky denies any direct involvement and provided further details […]

In early November, the City of Spring Hill, Tenn, suffered a ransomware attack, but it still hasn’t recovered from attack attack. In early November, the City of Spring Hill, Tenn, suffered a ransomware attack, but government officials refused to pay a $250,000 ransom demanded by the crooks and attempted to restore the database recovering the content […]

Security experts at Trend Micro had recently observed a new variant of the EMOTET banking Trojan that implements new evasion features. EMOTET, aka Geodo, is linked to the dreaded Dridex and Feodo (Cridex, Bugat)  malware families. In past campaigns, EMOTET was used by crooks to steal banking credentials and as a malicious payload downloader. The experts observed […]

Malware researchers at MalwareHunterTeam discovered a new variant of the CryptoMix ransomware, the second one in just a few days. A new variant of the CryptoMix ransomware was recently discovered by the experts at the MalwareHunterTeam, it is the second release of new variants this week. The latest variant appends the. 0000 extension to encrypted files and uses new contact emails, for example, […]

Experts from several security firms has spotted two new malware campaigns targeting Google Play Store users, once of them spreads the BankBot Trojan. Once again crooks succeeded in publishing a malware in the official Google Play Store deceiving the anti-malware protections implemented by the tech giant. A team composed of security experts from several security […]

A new strain of the notorious macOS Proton malware is spreading through a blog spoofing the legitimate blog of the security firm Symantec. The attackers used the same domain registration information of the original site, except for the email address. The SSL digital certificate for the site is a legitimate certificate issued by Comodo instead of the […]

A new Mirai variant is rapidly spreading, experts observed around 100K IPs running the scans in the past 60 hours searching for flawed ZyXEL PK5001Z routers. According to Li Fengpei, a security researcher with Qihoo 360 Netlab, the publication of the proof-of-concept (PoC) exploit code in a public vulnerabilities database is the root cause of the […]

NTT Security, a company of the tech giant NTT Group focused on cyber security, has released its 2017 Global Threat Intelligence Center (GTIC) Quarterly Threat Intelligence Report. The research includes data collected over the last three months from global NTT Security managed security service (MSS) platforms and a variety of open-source intelligence tools and honeypots. The report […]

The Halloware ransomware is a new malware offered for sale in the dark web, the author that goes online with the moniker Luc1F3R is selling it for just $40. According to the experts at Bleeping Computer, Luc1F3R started selling the Halloware this week through a dedicated portal on the Dark web. Luc1F3R claims to be a 17-year-old college […]

The CSE CybSec Z-Lab Malware Lab analyzed a new strain of malware apparently developed to target the customers of the Italian telco operator “Tre”. The malware researchers from ZLab analyzed a new strain of Android malware that appears as a fake 3MobileUpdater. The malware looks like a legitimate app used to retrieve the mobile system update, but it […]

The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems. The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, […]

The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems. The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, […]

A joint international operation conducted by the FBI, law enforcement agencies in Europe and private partners managed to dismantle the Andromeda botnet. A joint international operation conducted by the FBI and law enforcement agencies in Europe managed to dismantle the dreaded Andromeda botnet (aka Gamarue and Wauchos) last week. The Andromeda botnet has been around since 2011, it was […]

StorageCrypt Ransomware is the last malware in order of time exploiting the SambaCry vulnerability, it was developed to target NAS Devices. Experts discovered a new strain of malware exploiting the SambaCry vulnerability (CVE-2017-7494), it has been called StorageCrypt Ransomware because it targets NAS Devices via SambaCry Exploit. The StorageCrypt ransomware demands between 0.4 and 2 Bitcoins ($5,000 […]

Nearly 5,500 WordPress websites are infected with a malicious script that logs keystrokes and in some loads a cryptocurrency miner in the visitors’ browsers. The experts from security firm Sucuri observed that that malicious script is being loaded from the “cloudflare.solutions” domain, that anyway is not linked with Cloudflare. According to PublicWWW, this malicious script […]

According to Fortinet, the authors of the Orcus RAT have started targeting Bitcoin investors with their malicious software. Crooks always follow money trying to catch any opportunity, such as the recent spike in the value of Bitcoin. According to the experts from Fortinet, the authors of the Orcus RAT have started targeting Bitcoin investors with […]

A new IoT botnet leveraging the Linux.ProxyM malware is currently being used by crooks in a campaign attempting to hack websites. Security experts at Doctor Web discovered a new IoT botnet leveraging the Linux.ProxyM malware that is currently being used in a campaign attempting to hack websites. Experts first analyzed the Linux.ProxyM in July, it was used to create a proxy […]

Group-IB spotted the operations of a Russian-speaking cyber gang tracked as MoneyTaker group that stole as much as $10 million from US and Russian banks. Researchers from security firm Group-IB has spotted the operations of a Russian-speaking cyber gang tracked as MoneyTaker that has stolen as much as $10 million from U.S. and Russian banks […]

Experts at Malwarebytes warns of a new variant of the macOS OceanLotus backdoor is using an innovative technique to avoid detection, A few years ago the bad actors realized they could use UNICODE characters that looked like English characters to lead unsuspecting victims to malicious websites. Now, they have figured out how to use a […]

It has happened again, several banking Trojan samples have been found on Google Play, this time the malicious code targeted a number of Polish banks. The malware was disguised as seemingly legitimate apps “Crypto Monitorâ€�, a cryptocurrency price tracking app, and “StorySaverâ€�, a third-party tool for downloading stories from Instagram. The malicious code is able to display […]

The US DoJ announced plea agreements for Paras Jha, Josiah White, and Dalton Norman, 21 for creating and operating the dreaded Mirai botnet. US authorities charge three men with developing and running the dreaded Mirai botnet that was involved in several massive DDoS attacks. According to documents released by the US Department of Justice (DOJ), the […]

CyberX who analyzed samples of the Triton malware believes it was likely developed by Iran and used to target an organization in Saudi Arabia. Security experts from security firms FireEye and Dragos reported this week the discovery of a new strain of malware dubbed Triton (aka Trisis) specifically designed to target industrial control systems (ICS). Both FireEye and Dragos […]

Security researchers spotted a sophisticated malware campaign, tracked as Zealot campaign targeting Linux and Windows servers to install Monero miners. Security researchers from F5 Networks spotted a sophisticated malware campaign, tracked as Zealot campaign (after the name zealot.zip, one of the files dropped on targeted servers), targeting Linux and Windows servers to install Monero cryptocurrency miners. The campaign was detected […]

Experts from McAfee Labs collected evidence that links DragonFly malware to other hacking campaigns, like BlackEnergy and TeamSpy attacks. On September 6, Symantec published a detailed analysis of the Dragonfly 2.0 campaign that targeted dozens of energy companies this year. Threat actor is the same behind the Dragonfly campaign observed in 2014. Further analysis conducted […]

It’s official, according to Tom Bossert, homeland security adviser, the US Government attributes the massive ransomware attack Wannacry to North Korea. It’s official, the US Government attributes the massive attack Wannacry to North Korea. The news of the attribution was first reported by The Wall Street Journal,  according to the US Government, the WannaCry attack […]

Experts from Kaspersky have spotted an Android malware dubbed Loapi that includes a so aggressive mining component that it can destroy your battery. Researchers from security firm Kaspersky Lab have spotted a new strain of Android malware dubbed Loapi lurking in fake anti-virus and porn applications, that implements many features, including cryptocurrency mining. Loapi can be used to perform a […]

The CSE CybSec Z-Lab Malware Lab analyzed a couple of new malware samples, belonging to the Bladabindi family, that were discovered on a looking-good website. ZLab team detected two new threats hosted on a looking-good website www[.]camplace[.]com/live-cams. Both malware looks like a legitimate app that users have to install in order to access the media file hosted on the website. […]

  Security researchers discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The researchers from the security firm GuardiCore Labs Security have discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers targeted systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The experts […]

Researchers from security firm Trend Micro observed crooks spreading a new cryptocurrency mining bot dubbed Digmine via Facebook Messenger. Watch out for video file (packed in zip archive) sent by your friends via Facebook messenger, according to the researchers from security firm Trend Micro crooks are using this technique to spread a new cryptocurrency mining bot dubbed Digmine. The bot […]

Satori botnet, Mirai variant, is responsible for hundreds of thousands of attempts to exploit a recently discovered vulnerability in Huawei HG532 home routers. The Mirai botnet makes the headlines once again, a new variant dubbed Satori is responsible for hundreds of thousands of attempts to exploit a recently discovered vulnerability in Huawei HG532 home routers. The activity […]

Fancy Bear APT group refactored its backdoor and improved encryption to make it stealthier and harder to stop. The operations conducted by Russian Fancy Bear APT group (aka Sednit, APT28, and Sofacy,  Pawn Storm, and Strontium) are even more sophisticated and hard to detect due to. According to a new report published by experts from security firm ESET, the […]

Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies, the group’s arsenal of tools, implants, and exploits is extensive and under constant development. Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies. The North Korea-Linked hackers launched several multistage attacks that […]

The cybersecurity expert Willem de Groot reported cyber attacks against Magento websites running the popular helpdesk extension ‘Mirasvit Helpdesk.’ de Groot observed attackers sending a message like this to Magento merchants: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! – knockers@yahoo.com The message contains a specially crafted sender that […]

Two Romanian people have been arrested and charged with hacking into US Capital Police cameras ahead of the inauguration of President Trump. Two Romanian people have been arrested and charged with hacking into control systems of the surveillance cameras for the Metropolitan Police Department in the US. The two suspects, Mihai Alexandru Isvanca, 25, and Eveline […]

The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code  makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution […]

The exploit code used to trigger the CVE-2017-17215 vulnerability in Huawei routers over the past several weeks is now publicly available. Before Christmas, the Mirai botnet made the headlines once again, a new variant dubbed Satori was responsible for hundreds of thousands of attempts to exploit a recently discovered vulnerability in Huawei HG532 home routers. The activity of the Satori […]

A hacker belonging to the Lurk cybercrime gang admits the creation of WannaCry ransomware and DNC hack on request of intelligence agencies. In an interview to Dozhd TV channel, one of the members of the Lurk crime group arrested in the Russian city of Ekaterinburg, Konstantin Kozlovsky, told that he was one of the authors of the dreaded WannaCry ransomware and that […]

Security experts at F5 discovered a new Linux Monero crypto-miner botnet dubbed PyCryptoMiner spreading over the SSH protocol. F5 researchers discovered a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over the SSH protocol. The Monero miner botnet is based on the Python scripting language, it leverages Pastebin as command and control server infrastructure when the original C&C isn’t available. If all C&C servers […]

Researchers from Trend Micro have discovered 36 malicious apps on Google Play that are posing as security tools of major firms. Once again crooks bypassed security checks implemented by Google, researchers from Trend Micro have discovered 36 malicious apps on Google Play that are posing as security tools. Crooks advertised the apps as security tools as applications […]

VirusTotal announced the availability of a visualization tool, dubbed VirusTotal Graph, designed to help with malware analysis. The VirusTotal Graph should allow investigators working with multiple reports at the same time, to try to pivot between multiple data points (files, URLs, domains and IP addresses). The observation of the connections across different samples of malware could allow investigators to collect more […]

Security Researchers from Cyberbit have discovered a new malware injection technique being used by a variant of Flokibot malware named LockPoS. A Point of Sale (PoS) malware is a malicious application that steals credit card data from the memory of computers connected to credit card equipment. Once infected the system, the LockPoS malware tries to gain access […]

Researcher @unixfreaxjp spotted the first time ever in the history of computer engineering a Linux malware designed to infect ARC CPU, this new Linux ELF malware was dubbed MIRAI OKIRU. In August 2016 the researcher @unixfreaxjp from @MalwareMustDie team first spotted the dreaded Mirai botnet, now the same researcher is announcing a new big earthquake in the malware […]

A new variant of the infamous disk-wiper malware KillDisk has been spotted by malware researchers at Trend Micro while targeting financial organizations in Latin America. A new variant of the infamous disk-wiper malware KillDisk has been spotted by malware researchers at Trend Micro. This variant of KillDisk, tracked as TROJ_KILLDISK.IUB, was involved in cyber attacks against financial […]

Four malicious Chrome extensions may have impacted more than half million users likely to conduct click fraud or black search engine optimization. More than half million users may have been infected by four malicious Chrome extensions that were likely used to conduct click fraud or black search engine optimization. According to ICEBRG, the malicious extensions […]

The Briton Goncalo Esteves (24), also known as KillaMuvz, has pleaded guilty to charges related to creating and running malware services. The Briton Goncalo Esteves (24) has pleaded guilty to charges related to creating and running malware services. Such kind of platforms allows crooks to improve the development of their malicious codes. The malware created with […]

Security experts from FireEye have spotted a new strain of the Zyklon malware that has been delivered by using new vulnerabilities in Microsoft Office. Researchers at FireEye reported the malware was used in attacks against organizations in the telecommunications, financial, and insurance sectors. Zyklon has been spotted for the first time in 2016, it is a publicly available […]

Threat actors with a deep knowledge of the Fiscal Italian ecosystem are using a huge botnet to target Italian companies and Ministry of the Interior. On February 18 a colleague of mine (Luca) called me telling a malicious email was targeting Italian companies. This is the beginning of our new analysis adventure that Luca and […]

The Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including a hospital that paid a $55,000 ransom. The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry. […]

Authorities discovered a fraudulent scheme involving dozens of gas-station employees who installed malicious programs on electronic gas pumps to cheat customers Russian law enforcement investigated fraudulent activities involving gas-station payment systems. Authorities discovered a fraudulent scheme involving dozens of gas-station employees who installed malicious programs on electronic gas pumps to trick customers into paying for more […]

Masuta botnet targets routers using default credentials, one of the versions analyzed dubbed “PureMasuta” relies on the old network administration EDB 38722 D-Link exploit. Security experts at NewSky’s believe the operators of the recently discovered Satori botnet are launching a new massive hacking campaign against routers to infect and recruit them in the botnet. “We analyzed two variants of an IoT botnet […]

A new botnet called Hide ‘N Seek (HNS botnet) appeared in the threat landscape, the malware is rapidly spreading infecting unsecured IoT devices, mainly IP cameras. The HNS botnet was first spotted on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and it has risen over the weekend. The number of infected systems […]

A new botnet called Hide ‘N Seek (HNS botnet) appeared in the threat landscape, the malware is rapidly spreading infecting unsecured IoT devices, mainly IP cameras. The HNS botnet was first spotted on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and it has risen over the weekend. The number of infected systems […]

Fortinet discovered a strain of ransomware dubbed Spritecoin ransomware that only allows victims Monero payments and pretends to be a cryptocurrency-related password store. Researchers from Fortinet FortiGuard Labs has discovered a strain of ransomware that only allows victims Monero payments and pretends to be a cryptocurrency-related password store. The ransomware poses itself as a “spritecoin” wallet, it asks […]

The shipping giant Maersk chair Jim Hagemann Snabe revealed its company reinstalled 45,000 PCs and 4,000 Servers after NotPetya the attack. The shipping giant Maersk was one of the companies that suffered the NotPetya massive attack, in August 2017 the company announced that it would incur hundreds of millions in U.S. dollar losses due to the ransomware massive […]

The popular former NSA hacker Patrick Wardle published a detailed analysis of the CrossRAT malware used by Dark Caracal for surveillance. Last week a joint report published by security firm Lookout and digital civil rights group the Electronic Frontier Foundation detailed the activity of a long-running hacking group linked to the Beirut Government and tracked as Dark […]

Security experts from PaloAlto Networks uncovered a large-scale crypto-currency mining operation that involved around 30 million systems worldwide. Security experts from PaloAlto Networks have uncovered a large-scale crypto-currency mining operation active for over 4 months. Experts believe the activity involved around 30 million systems worldwide to mine the Monero cryptocurrency using the open-source XMRig utility. The threat […]

More than 2,000 WordPress sites have been infected with a malicious script that can deliver both a keylogger and the cryptocurrency miner CoinHive. More than 2,000 sites running the WordPress CMS have been infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive. This new hacking campaign was […]

The Iran-linked cyber-espionage group tracked as OilRig started using a backdoor subbed RGDoor to target Internet Information Services (IIS) Web servers. The Iran-linked cyber-espionage group tracked as OilRig started using a backdoor subbed RGDoor to target Internet Information Services (IIS) Web servers. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015, when targeted mainly organizations in the financial and […]

Security researchers from ESET have tied another family of ransomware, dubbed FriedEx (aka BitPaymer), to the authors of the Dridex Trojan. The Dridex banking Trojan that has been around since 2014, it was involved in numerous campaigns against financial institutions over the years and crooks have continuously improved it. In April 2017, millions of people were targeted […]

Malware Exploiting Spectre, Meltdown Flaws Emerges Researchers at the antivirus testing firm AV-TEST have discovered more than 130 samples of malware that were specifically developed to exploit the Spectre and Meltdown CPU vulnerabilities. The good news is that these samples appear to be the result of testing activities, but experts fear that we could soon […]

Researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that is using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. The number of cyber attacks against the cryptocurrency sector continues, vxers are focusing their efforts on the development of cryptocurrency/miner malware. Recently security experts observed cryptocurrency miners leveraging the NSA EternalBlue SMB exploit […]

Researchers at Qihoo 360’s Netlab analyzed a new campaign powered by the DDG botnet, the second largest mining botnet of ever, that targets Redis and OrientDB servers. A new Monero-mining botnet dubbed DDG was spotted in the wild, the malware targets Redis and OrientDB servers. According to the researchers at Qihoo 360’s Netlab, the DDG botnet […]

Chinese Iron Tiger APT is back, the new campaign, dubbed by Operation PZChao is targeting government, technology, education, and telecommunications organizations in Asia and the US. Malware researchers from Bitdefender have discovered and monitored for several months the activity of a custom-built backdoor capable of password-stealing, bitcoin-mining, and of course to gain full control of the […]

Researchers at security firm Radware have spotted a new IoT botnet, dubbed JenX, the leverages the Grand Theft Auto videogame community to infect devices. Researchers at security firm Radware have spotted a new IoT botnet, dubbed JenX, that exploits vulnerabilities triggered by the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect devices. […]

Experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. Experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service in the dark web dubbed GandCrab. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the malware. “Over […]

According to security researchers at Cisco and FireEye a North Korea Hacking Group is behind the attacks that exploited the recently discovered Adobe Flash 0-Day vulnerability. There have been over 1,000 Adobe Flash vulnerabilities since it was released. Designed to make website development easier and providing additional features not supported by standard web browsers, it also adds […]

The Europol’s European Cybercrime Centre along with the UK NSA disclosed the details of an international law enforcement operation that dismantled a crime ring linked to Luminosity RAT. The Europol’s European Cybercrime Centre (EC3) along with the UK National Crime Agency (NCA) disclosed the details of an international law enforcement operation that targeted the criminal ecosystem around the Luminosity […]

A new PoS malware dubbed UDPoS appeared in the threat landscape and implements a novel and hard to detect technique to steal credit card data from infected systems. The UDPoS malware was spotted by researchers from ForcePoint Labs, it relies upon User Datagram Protocol (UDP) DNS traffic for data exfiltration instead of HTTP that is the protocol used by […]

Russian authorities have arrested some employees at the Russian Federation Nuclear Center facility because they are suspected for trying to using a supercomputer at the plant to mine Bitcoin. The peaks reached by the values of principal cryptocurrencies is attracting criminal organizations, the number of cyber-attacks against the sector continues to increase, and VXers are […]

The number of crypto mining scripts discovered by security experts continues to increase, especially those ones illegally deployed by hacking servers online. The experts from Qihoo 360’s Netlab analyzed crypto mining scripts online by analyzing DNS traffic with its DNSMon system. The experts were able to determine which sites load the scripts from domains associated with in-browser mining services. […]

Free decryption keys for the Cryakl ransomware were added to the free Rakhni Decryptor that could be downloaded on the NoMoreRansom website. The Belgian Federal Police has located the command and control server used by a criminal organization behind the Cryakl ransomware. The server was located in an unspecified neighboring country, law enforcement seized it and shared the decryption […]

Necurs botnet made headline again, the experts at IBM X-Force research team observed a spike in seasonal campaigns of Valentine’s Day-themed spam emails. Necurs botnet made headline again, the experts at IBM X-Force research team observed a spike in the activity of the infamous botnet. Necurs was not active for a long period at the beginning of 2017 and resumed it activity in April 2017. The Necurs botnet was used […]

Security researchers spotted a new IoT botnet dubbed DoubleDoor that is able to bypass firewall as well as modem security using two backdoor exploits. IoT devices continue to be a privileged target of cyber criminals, cyber attackers against so-called smart objects has seen a rapid evolution. Security researchers at NewSky Security (NewSky Security) have detected a new IoT botnet […]

Security researchers spotted a new IoT botnet dubbed DoubleDoor that is able to bypass firewall as well as modem security using two backdoor exploits. IoT devices continue to be a privileged target of cyber criminals, cyber attackers against so-called smart objects has seen a rapid evolution. Security researchers at NewSky Security (NewSky Security) have detected a new IoT botnet […]

The United Kingdon’s Foreign and Commonwealth Office formally accuses the Russian cyber army of launching the massive NotPetya ransomware attack. The UK Government formally accuses the Russian cyber army of launching the massive NotPetya ransomware attack. The United Kingdon’s Foreign and Commonwealth Office “attributed the NotPetya cyber-attack to the Russian Government.” According to the UK, […]

Researchers at the MalwareHunterTeam spotted a new strain of ransomware called Saturn Ransomware, the name derives from the .saturn extension it appends to the name of the encrypted files. Currently, the malware requests victims of $300 USD payment that doubles after 7 days. Once infected a system, the Saturn Ransomware checks if it is running in a […]

Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner. “The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth […]

The former NSA hacker and malware researcher Patrick Wardle is back, this time he spotted a new remote access Trojan dubbed Coldroot RAT. The Coldroot RAT is a cross-platform that is targeting MacOS systems and the bad news is that AV software is not able to detect it. The malware acts as a keylogger on MacOS systems prior to […]

Researchers at Fortinet have discovered the OMG botnet, the first Mirai variant that sets up proxy servers on the compromised IoT devices. A new variant of the infamous Mirai botnet appeared in the threat landscape, it was discovered by researchers at Fortinet that referred it as OMG because of strings containing “OOMGA” in the configuration table. […]

Security experts from GoSecure, hackers are launching SSH brute-force attacks on poorly secured Linux servers to deploy a backdoor dubbed Chaos backdoor. “This post describes a backdoor that spawns a fully encrypted and integrity checked reverse shell that was found in our SSH honeypot,” states the report published by GoSecure. “We named the backdoor ‘Chaos’, following the name […]

According to malware researchers at Palo alto Networks, the Iran-linked OilRig APT group is now using a new Trojan called OopsIE. The Iran-linked OilRig APT group is now using a new Trojan called OopsIE, experts at Palo Alto Networks observed the new malware being used in recent attacks against an insurance agency and a financial institution in the Middle East. […]

SamSam Ransomware hit the Colorado DOT, The Department of Transportation Agency Shuts Down 2,000 Computers after the infection. SamSam ransomware made the headlines again, this time it infected over 2,000 computers at the Colorado Department of Transportation (DOT). The DOT has shut down the infected workstations and is currently working with security firm McAfee to restore the ordinary […]

The Data Keeper Ransomware that infected systems in the wild was generated by a new Ransomware-as-a-Service (RaaS) service that appeared in the underground recently. A few days ago a new Ransomware-as-a-Service (RaaS) service appeared in the underground, now samples of the malware, dubbed Data Keeper Ransomware, generated with the platforms are have already been spotted in […]

Evrial is a cryptocoin malware stealer discovered by the researchers at ElevenPaths which takes control of the clipboard to get “easy money”. Evrial is a cryptocoin malware stealer which takes control of the clipboard to get “easy money”. ElevenPaths has taken a deep technical dive into the malware itself, to show how it technically works, […]

Security researchers at Morphisec have uncovered a massive hacking campaign that is exploiting the recently patched CVE-2018-4878 Adobe Flash Player vulnerability. Threat actors are exploiting the use-after-free flaw to deliver malware. The CVE-2018-4878 vulnerability was fixed by Adobe on February 6, after security experts discovered it was used by North Korea-linked APT37 group in targeted […]

Malware researchers at CSE Cybsec – ZLab have analyzed a new variant of Mobef ransomware, a malware that in the past mainly targeted Italian users. Malware researchers at CSE Cybsec – ZLab have analyzed a new variant of Mobef ransomware, that was involved in past attacks against Italian users. I personally obtained the sample by […]

Security researchers at the firm SiteLock have discovered that hundreds of websites have been infected with the ionCube malware. Security researchers at SiteLock have discovered that hundreds of websites have been infected with malware that masquerades as legitimate ionCube-encoded files. ionCube is an encoding technology used to protect PHP software from being viewed, changed, and run on […]

The GandCrab ransomware decryptor has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol. Bitdefender has teamed up with Europol, the Romanian Police, and the Directorate for Investigating Organized Crime and Terrorism (DIICOT) to release a free […]

Security researchers from Cisco Talos discovered a new remote access Trojan (RAT) dubbed CannibalRAT that has been written entirely in Python. The CannibalRAT RAT is being used in highly targeted attacks. the experts explained that even if it isn’t very sophisticated it exhibits signs of code cannibalisation from other open-source projects. “The RAT itself is not very sophisticated, […]

For the second time in two weeks, the computers at the Colorado Department of Transportation Agency shut down 2,000 computers after a ransomware infection. For the second time in a few days, a variant of the dreaded SamSam ransomware paralyzed the CDOT. The second incident occurred while the agency was still in the process of recovering its […]

  According to Kaspersky Lab, threat actors behind the recent Olympic Destroyer attack planted sophisticated false flags inside their malicious code. On February 9, shortly before the Pyeongchang opening ceremonies on Friday, televisions at the main press centre, wifi at the Olympic Stadium and the official website were taken down. Hackers used the so-called Olympic Destroyer, a strain […]

Microsoft experts observed more than more than 500,000 computers infected with Dofoil Trojan used to download a cryptocurrency miner. A few days ago, researchers at Microsoft announced that Windows Defender Antivirus blocked more than 80,000 instances of several malicious code that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. According to Microsoft, the malware were […]

McAfee Advanced Threat Research team discovered that the Hidden Cobra APT group is targeting financial organizations in Turkey. North Korea-linked APT group Hidden Cobra (aka Lazarus Group) is targeting the Turkish financial system. Experts from McAfee observed the hackers using the Bankshot implant in targeted attacks against the financial organizations in Turkey. The attack resembles previous attacks conducted […]

Slingshot spyware – Security researchers at Kaspersky have spotted a new sophisticated APT group that has been operating under the radar at lease since at least 2012. Security researchers at Kaspersky have spotted a new sophisticated APT group that has been operating under the radar at lease since at least 2012. Researchers tracked the group […]

Researchers from the ISC SANS group and the Anti-DDoS company Imperva discovered two distinct campaigns targeting Windows Server, Redis and Apache Solr servers online. Last week new mining campaigns targeted unpatched Windows Server, Apache Solr, and Redis servers, attackers attempted to install the cryptocurrency miner Coinminer. Two campaigns were spotted by researchers from the ISC SANS group and the […]

According to a new study conducted by American and Czech researchers, the trade of code-signing certificates is a flourishing business. Code-signing certificates are precious commodities in the dark web, according to a new study conducted by American and Czech researchers and Symantec Labs technical director Christopher Gates their trade is a flourishing business. The experts pointed out […]

According to a new study conducted by American and Czech researchers, the trade of code-signing certificates is a flourishing business. Code-signing certificates are precious commodities in the dark web, according to a new study conducted by American and Czech researchers and Symantec Labs technical director Christopher Gates their trade is a flourishing business. The experts pointed out […]

Researchers presented findings on a new strain of point-of-sale malware, dubbed PinkKite, that was spotted by security experts at Kroll Cyber Security. A new strain of point-of-sale malware, dubbed PinkKite, was spotted by security experts at Kroll Cyber Security. PinkKite was first discovered in 2017 while the experts were instigating into a large POS malware campaign. PinkKite […]

Researchers presented findings on a new strain of point-of-sale malware, dubbed PinkKite, that was spotted by security experts at Kroll Cyber Security. A new strain of point-of-sale malware, dubbed PinkKite, was spotted by security experts at Kroll Cyber Security. PinkKite was first discovered in 2017 while the experts were instigating into a large POS malware campaign. PinkKite […]

Qrypter RAT hits 243 organizations worldwide in February 2018, its popularity in the cybercrime ecosystem continues to increase. A new strain of remote access Trojan dubbed Qrypter RAT (aka Qarallax, Quaverse, QRAT, and Qontroller) hit hundreds of organizations worldwide. The malware was spotted by security firm Forcepoint, it has been around for a couple of years, […]

Qrypter RAT hits 243 organizations worldwide in February 2018, its popularity in the cybercrime ecosystem continues to increase. A new strain of remote access Trojan dubbed Qrypter RAT (aka Qarallax, Quaverse, QRAT, and Qontroller) hit hundreds of organizations worldwide. The malware was spotted by security firm Forcepoint, it has been around for a couple of years, […]

RottenSys – A Chinese crime ring is building a huge botnet that is already composed of nearly 5 million Android device. Researchers at Check Point discovered attackers infecting the device with a strain of malware dubbed RottenSys that aggressively display ads on victims’ devices. “The Check Point Mobile Security Team has discovered a new widespread malware family […]

RottenSys – A Chinese crime ring is building a huge botnet that is already composed of nearly 5 million Android device. Researchers at Check Point discovered attackers infecting the device with a strain of malware dubbed RottenSys that aggressively display ads on victims’ devices. “The Check Point Mobile Security Team has discovered a new widespread malware family […]

According to Check Point report, the authors of the prolific GandCrab ransomware are continuously improving their malware by adopting the AGILE development process. Early February experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking communities, researchers noticed that […]

According to Check Point report, the authors of the prolific GandCrab ransomware are continuously improving their malware by adopting the AGILE development process. Early February experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking communities, researchers noticed that […]

The China-linked APT group Leviathan. aka TEMP.Periscope, has increased the attacks on engineering and maritime entities over the past months. Past attacks conducted by the group aimed at targets connected to South China Sea issues, most of them were research institutes, academic organizations, and private firms in the United States. The group has also targeted professional/consulting services, high-tech industry, […]

The China-linked APT group Leviathan. aka TEMP.Periscope, has increased the attacks on engineering and maritime entities over the past months. Past attacks conducted by the group aimed at targets connected to South China Sea issues, most of them were research institutes, academic organizations, and private firms in the United States. The group has also targeted professional/consulting services, high-tech industry, […]

A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August. Do you remember the powerful cyber attack that in 2014 hit computers at Saudi Aramco? A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August. […]

A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August. Do you remember the powerful cyber attack that in 2012 hit computers at Saudi Aramco? A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August. […]

Computer systems in the City of Atlanta were infected by ransomware, the cyber attack was confirmed by the City officials. The city learned of the attack at around 5:40 am local time on Thursday. On Thursday, Mayor Keisha Lance Bottoms announced on Thursday that a malware has taken in hostage some internal systems, city’s data were encrypted. Mayor @KeishaBottoms holds […]

Computer systems in the City of Atlanta were infected by ransomware, the cyber attack was confirmed by the City officials. The city learned of the attack at around 5:40 am local time on Thursday. On Thursday, Mayor Keisha Lance Bottoms announced on Thursday that a malware has taken in hostage some internal systems, city’s data were encrypted. Mayor @KeishaBottoms holds […]

Security experts at Cisco Talos discovered a new piece of malware dubbed GoScanSSH that was being used to compromise SSH servers exposed online. Security researchers at Cisco Talos have discovered a new piece of malware dubbed GoScanSSH that was being used to compromise SSH servers exposed online. The malicious code was written in Go programming language, uncommon for […]

Who is behind the newborn Grey Heron surveillance company? According to an investigation conducted by Motherboard, the firm is linked to the Italian surveillance firm Hacking Team. The development and sale of surveillance software is a profitable business, many government agencies use spyware for different purposes, in some their involvement is very questionable. Early this month, […]

Security researchers at Arbor Networks have discovered a threat actor targeting financial institutions in Japan using the Panda Banker banking malware (aka Zeus Panda, PandaBot). Panda Banker was first spotted 2016 by Fox-IT, it borrows code from the Zeus banking Trojan. In November 2017, threat actors behind the Zeus Panda banking Trojan leveraged black Search Engine Optimization (SEO) […]

A ransomware infected systems at the Uttar Haryana Bijli Vitran Nigam power company in India, crooks demanded 10 million Rupees to get the data back. The Uttar Haryana Bijli Vitran Nigam power company in India was hacked last week, attackers breached into its computer systems and stole the billing data of their customers. The hackers demanded 10 million Rupees to […]

  Security researchers at Cybereason recently discovered a credential-stealing malware dubbed Fauxpersky, that is masquerading as Kaspersky Antivirus and spreading via infected USB drives. Fauxpersky was written in AutoIT or AutoHotKey, which respectively are a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting and a free keyboard macro program to send keystrokes to […]

Researchers at Trend Micro recently discovered a new strain of Android miner dubbed ANDROIDOS HIDDENMINER that can brick infected devices Crooks are looking with increasing interest cryptocurrency mining malware developed for mobile devices. Researchers at Trend Micro recently discovered a new strain of Android malware dubbed ANDROIDOS HIDDENMINER that abuse device CPU to mine Monero cryptocurrency. HiddenMiner […]

The North Korea-linked APT group known as Lazarus made the headlines again for attacking an online casino in Central America and other targets. The activity of the Lazarus Group (aka Hidden Cobra) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. […]

Security experts at Trend Micro have discovered a new macOS backdoor that they linked to the APT 32 (OceanLotus, APT-C-00, SeaLotus, and Cobalt Kitty) cyber espionage group. The APT32 group has been active since at least 2013, according to the experts it is a state-sponsored hacking group. The hackers hit organizations across multiple industries and have also targeted foreign […]

  VirusTotal announced on Thursday the launch of a new Android sandbox, named Droidy sandbox, that will replace the previous one that was designed in 2013. “Recently we called out Additional crispinness on the MacOS box of apples sandbox, continuing with our effort to improve our malware behavior analysis infrastructure we are happy to announce […]

Early this year at least three European financial institutions were hit by DDoS attacks powered by a new variant of the Mirai botnet. A variant of the Mirai botnet, composed at lease of 13,000 compromised IoT devices was used to launch a series of DDoS attacks against financial sector businesses. The DDoS attacks peaked at up […]

A new variant of the infamous Agent Tesla spyware was spotted by experts at Fortinet, the malware has been spreading via weaponize Microsoft Word documents. Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware […]

Researchers at FireEye have spotted a hacking campaign leveraging compromised websites to spread fake updates for popular software that were also used to deliver the NetSupport Manager RAT. NetSupport is an off-the-shelf RAT that could be used by system admins for remote administration of computers. In the past, crooks abuse this legitimate application to deploy malware on victim’s […]

Microsoft Office documents created with the exploit builder kit dubbed ThreadKit now include the code for CVE-2018-4878 flaw exploitation. At the end of March, security experts at Proofpoint discovered a Microsoft Office document exploit builder kit dubbed ThreadKit that has been used to spread a variety of malware, including banking Trojans and RATs (i.e. Trickbot, Chthonic, FormBook and Loki Bot). […]

The Iran-linked APT33 group continues to be very active, security researchers at Cyberbit have discovered an Early Bird code injection technique used by the group. The Early Bird method was used to inject the TurnedUp malware into the infected systems evading security solutions. The technique allows injecting a malicious code into a legitimate process, it allows execution […]

When the Russian young Malware coder is praised by the Russian head of Information Department of the Ministry of Education and Science of North Ossetia. Under the spotlight: the story of Atsamaz Gatsoev (aka “1ms0rry”) who has set up his illegal business. A new write-up made by a security researcher known as Benkow (@Benkow_) has been […]

Malware researchers from Abuse.ch, BrillantIT, and Proofpoint have sinkholed the control infrastructure behind EITest campaign and shut down it. Malware researchers from Abuse.ch, BrillantIT, and Proofpoint have sinkholed the control infrastructure behind EITest campaign that leveraged on a network of hacked servers exploited by crooks to distribute traffic (TDS). The network was used to redirect users to compromised domains hosting exploit kits, delivering […]

According to Channel 2 Action News that investigated the incident, the ransomware attack on the City of Atlanta cost it at least $2.7 million. In the last weeks, I wrote about a massive ransomware attack against computer systems in the City of Atlanta. The ransomware infection has caused the interruption of several city’s online services, including “various internal […]

According to experts at Kaspersky, the Roaming Mantis malware is designed for distribution through a simple, but very efficient trick based on DNS hijacking. According to experts at Kaspersky, the Roaming Mantis malware is designed for distribution through a simple, but very efficient trick based on DNS hijacking. Imagine a nefarious person swapped out your […]

A security researcher has discovered five malicious Ad Blockers extensions in the Google Chrome Store that had been installed by at least by 20 million users. The security researcher Andrey Meshkov, co-founder of Adguard, has discovered five malicious Ad Blockers extensions in the Google Chrome Store that had been installed by at least by 20 […]

Threat intelligence firm AlienVault announced the launch of a free endpoint scanning service, called OTX Endpoint Threat Hunter. Threat intelligence firm AlienVault announced the launch of a free endpoint scanning service, called OTX Endpoint Threat Hunter, that allows private firms and security experts to identify threats in their networks. “OTX Endpoint Threat Hunter is a free threat-scanning […]

Researchers at MalwareHunterTeam have discovered a new strain of ransomware called RansSIRIA that encrypts victim’s files and then states it will donate the ransom to Syrian refugees. Unscrupulous cybercriminals try to exploit every situation, even the most dramatic incidents. In the past, crooks attempted to exploits the media attention on dramatic events such as the Boston Marathon, the […]

Security experts at Trend Micro have spotted spam campaigns delivering XTRAT and DUNIHI Backdoors and Loki malware bundled with the Adwind RAT. Malware researchers at Trend Micro have uncovered a spam campaign that delivers the infamous Adwind RAT (aka jRAT) alongside the XTRAT backdoor (aka XtremeRAT) and the Loki info stealer. In a separate Adwind RAT spam campaign, the researchers observed the use […]

Symantec researchers have monitored the activity of a cyber espionage group tracked as Orangeworm that targets organizations in the healthcare sector. Security experts at Symantec have published a report on the activity of a cyber espionage group tracked as Orangeworm that targets healthcare organizations. “Symantec has identified a previously unknown group called Orangeworm that has […]

A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground, experts already spotted its malware in the wild. A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground. The Rubella Macro Builder allows crooks to generate a malicious payload for social-engineering […]

Operators behind the Necurs botnet, the world’s largest spam botnet, are currently using a new evasion technique attempting to surprise the unprepared defenses. Necurs is the world’s largest spam botnet, it is composed of millions of infected computers worldwide. Necurs was not active for a long period at the beginning of 2017 and resumed its activity in April […]

The Thai authorities with the support of the ThaiCERT and security first McAfee have seized a server used by North Korean Hidden Cobra APT as part of the Op GhostSecret campaign. The Thai authorities with the support of the ThaiCERT have seized a server used by North Korean hackers in the attack against Sony Picture. […]

SamSam ransomware made the headlines again, crooks now spreading thousands of copies of the ransomware at once into individual targeted organizations. Ransomware continues to be one of the most dangerous cyber threat and incident like the one suffered by the city of Atlanta demonstrates that their economic impact on victims could be severe. SamSam ransomware […]

Konrads Voits, the man who hacked into the computer system of Washtenaw County Jail to alter inmate records and gain early release for his friend, gets 7-Years in prison. In March 2017, Konrads Voits (27), hacked into the computer system of Washtenaw County Jail to alter inmate records and gain early release for his friend. […]

Security experts at Check Point that analyzed North Korea’s antivirus software SiliVaccine discovered it is based on a 10-year-old anti-malware engine developed by Trend Micro. Check Point received the very rare sample of North Korea’s SiliVaccine antivirus software from the freelance journalist Martyn Williams. The researchers discovered the SiliVaccine application contained “large chunks of 10+-year-old antivirus engine code […]

The latest variant of the dreaded GandCrab ransomware,version 3, locks the infected systems running on Windows 7. A few days ago, experts from security firm Fortinet uncovered a new spam campaign delivering a new version of the GandCrab ransomware, the version v3. Like other ransomware, such as Locky and Sage, the GandCrab ransomware v3 also changes the wallpapers of the infected […]

Security experts at 401TRG, the threat research and analysis team at ProtectWise, have discovered links between several Chinese APT groups under the Winnti umbrella. The experts analyzed several campaigns conducted by the cyber espionage groups over the last years and associated their activities with the Chinese Government, in one case the nation-state actor was working from the […]

The latest variant of the SynAck ransomware now includes a number of novel and complex anti-detection techniques, including one that was only made published by security researchers in December 2017. When it originally appeared on the scene, SynAck ransomware didn’t seem unique or outstanding. It was marginally effective, but it wasn’t going to force enterprises […]

A backdoor was discovered in the Python module named SSH Decorator (ssh-decorate), that was developed by Israeli developer Uri Goren. Are you using the Python module ‘SSH Decorator’? You need to check the version number, because newer versions include a backdoor. The library was developed to handle SSH connections from Python code. Early this week, a developer […]

  Security experts at Flashpoint confirmed the availability online for the source code of the TreasureHunter PoS malware since March. The researchers found evidence that the threat has been around since at least late 2014. TreasureHunt was first discovered by researchers at the SANS Institute who noticed the malware generating mutex names to evade detection. TreasureHunt enumerates the processes running on the […]

The Nigelthorn malware has already infected over 100,000 systems in 100 countries by abusing a Google Chrome extension called Nigelify. A new strain of malware, dubbed Nigelthorn malware because it abuses a Google Chrome extension called Nigelify, has already infected over 100,000 systems in 100 countries, most of them in the Philippines, Venezuela, and Ecuador (Over 75%). The new […]

  Security firm F5 detailed recently discovered campaigns leveraging the Panda Banker malware to target financial institution, the largest one aimed the banks in the US. Researchers at security firm F5 recently detected several campaigns leveraging the Panda Banker malware to target financial institution, the largest one aimed the banks in the US. In March, security researchers at Arbor […]

Mysterious hackers ingenuously reveal two zero-days to the security community, experts collaborated to promptly fix them. Anton Cherepanov, security expert form ESET researcher, discovered two zero-days while analyzing a malicious PDF, according to the researcher the mysterious hacker(s) were still working on the exploits. The malicious PDF was discovered late in March 2018 (Two suspicious PDF samples zero-day […]

Cisco Talos researchers have spotted a new variant of Telegrab malware designed to collect information from the Desktop version of the popular messaging service Telegram. Security experts from Cisco Talos group have spotted a new strain of malware that is targeting the desktop version of end-to-end encrypted instant messaging service Telegram. We all know that […]

Security experts from Fortinet have spotted a new variant of the Mirai botnet dubbed ‘Wicked Mirai’, it includes new exploits and spread a new bot. The name Wicked Mirai comes from the strings in the code, the experts discovered that this new variant includes at least three new exploits compared to the original one. “The […]

While a new variant of the dreaded Mirai botnet, so-called Wicked Mirai, emerged in the wild the operators of the Mirai Satori botnet appear very active. Experts observed hackers using the Satori botnet to mass-scan the Internet for exposed Ethereum mining pools, they are scanning for devices with port 3333 exposed online. The port 3333 is a port […]

Crook faces up to 35 years in prison for operating the popular Scan4You counter anti-virus (CAV) website that helped malware authors to test the evasion capabilities of their codes. Scan4You is a familiar service for malware developers that used it as a counter anti-virus (CAV). Scan4You allowed vxers to check their malware against as many […]

Security experts from Qihoo 360 Netlab discovered the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers. Researchers from security firm Qihoo 360 Netlab reported that cybercriminals are continuing to target the Dasan GPON routers, they recently spotted threat actors using another new zero-day flaw affecting the same routers and recruit them in […]

A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. A North Korea-linked APT group tracked as Sun Team has targeted North Korean deflectors with a malicious app that was published in the official Google Play store. The campaign, named RedDawn by security experts at […]

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called […]

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities. Crooks continue to abuse Google Play store to distribute malicious apps, this time experts at Trend Micro discovered at least 29 maliciousphoto editing and beauty apps that were stealing users’ photos. The malicious […]

Norwegian aluminum giant Norsk Hydro estimates more than $40 million losses in the first week following the ransomware attack that disrupted its operations. Last week Norwegian Norsk Hydro, one of the biggest Aluminum producer, suffered an extensive cyber attack that impacted operations in several of the company’s business areas across Europe and the U.S. The news […]

Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. According to the experts, the new versions […]

Security experts at Emsisoft released a new decryptor, it could be used for free by victims of the Ims00rry ransomware to decrypt their files. Thanks to the experts at Emsisoft the victims of the Ims00rry ransomware can decrypt their files for free. The Ims00rry ransomware used AES-128 algorithm for the encryption process. Unlike most of the […]

Malware researchers at Yoroi-Cybaze Z-Lab have discovered a P2P worm that is spreading Crypto-Miners in the wild. Introduction In the past months we published a white paper exploring the risks that users can encounter when downloading materials from P2P sharing network, such as the Torrent one. We discussed how crooks easily lure their victims to download malware […]

South African electric utility City Power that provides energy to the city of Johannesburg, has suffered serious disruptions after a ransomware attack. A ransomware infected systems at City Power, an electricity provider in the city of Johannesburg, South Africa, and some residents were left without power. The energy utility informed its customers via Twitter of […]

The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […]

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs. The experts first spotted the Roboto botnet in August when they detected a suspicious […]

ISS, the multinational Denmark-based facility services company, was hit with a malware that shuts down shared IT services worldwide. ISS, the Danish multinational services company announced it was hit with malware, in response to the incident the firm disabled access to shared IT services worldwide. ISS services include cleaning services, support services, property services, catering […]

Most of the ransomware attacks targeting the enterprises occur outside working hours, during the nighttime or during the weekend. Security experts from FireEye published an interesting report on the Ransomware deployment trends, it revealed that most of the attacks (76%) against the enterprise sector occur outside working hours. FireEye compiled the report using data from […]

Sophos announced the public release of the source code of the sandbox-based isolation program Sandboxie. Sophos is going to release the Windows sandbox-based isolation program Sandboxie in open source. “Sandboxie has long been a favorite sandbox-based isolation tool since its original release over fifteen years ago. Now this technology will live on in the hands of its […]

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. The phishing messages urge victims to install the “update,” but […]

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Experts from Paloalto Unit 42 published a report that analyzes the cross-section between the various types of COVID-19 themed attacks aimed at organizations in different industries. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks […]

The operators behind the Shade Ransomware (Troldesh) shut down their operations and released over 750,000 decryption keys. Good news for the victims of the infamous Shade Ransomware, the operators behind the threat have shut down their operations and released over 750,000 decryption keys. The cybercrime gang also apologized for the damages they have caused their […]

Experts discovered a new strain of malware dubbed Ramsay that can infect air-gapped computers and steal sensitive data, including Word, PDF, and ZIP files. Researchers from security firm ESET discovered a new advanced malware framework named Ramsay that appears to have been designed to infect air-gapped computers and exfiltrate sensitive data. The malicious code collects […]

The updated Grandoreiro Malware equipped with latenbot-C2 features in Q2 2020 now extended to Portuguese banks Grandoreiro is a Latin American banking trojan targeting Brazil, Mexico, Spain, Peru, and has now extended to Portugal. Cybercriminals attempt to compromise computers to generate revenue by exfiltrating information from victims’ devices, typically banking-related information. During April and May 2020, a […]

Experts discovered a new ransomware dubbed EvilQuest designed to target macOS systems, it also installs a keylogger and a reverse shell to take over them. Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected […]

The source code for the KPot information stealer was put up for auction and the REvil ransomware operators want to acquire it. The authors of KPot information stealer have put its source code up for auction, and the REvil ransomware operators will likely be the only group to bid. #KPOT source code up for sale! […]

At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. At the end of October, threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the […]

Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive […]

Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, ZDNet first revealed […]

IT services provider Sopra Steria estimates that a recent ransomware attack will have a financial impact ranging between €40M and €50M. At the end of October, French IT outsourcer Sopra Steria has been hit by a ransomware attack. While the company did not reveal the family of malware that infected its systems, local media speculate the involvement […]

Iran-linked APT group Domestic Kitten, also tracked as APT-C-50, has been conducting widespread surveillance targeting over 1,000 individuals. Domestic Kitten, also tracked as APT-C-50, is an Iran-linked APT group that has been active at least since 2018. In 2018, researchers at security firm CheckPoint uncovered an extensive surveillance operation conducted by Domestic Kitten aimed at […]

Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. […]

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […]

Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET researchers spotted a new LATAM banking trojan, tracked as Numando, that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. The threat actor behind this banking Trojan has been active since […]