September 10, 2024 at 06:41AM The NoName ransomware gang, also known as CosmicBeetle, has targeted small and medium-sized businesses for over three years, using the Spacecolon malware family and recently deploying the ScRansom ransomware. NoName has advanced to becoming a RansomHub affiliate, using various tools, exploiting vulnerabilities, and experimenting with different ransomware to increase its … Read more
August 22, 2024 at 01:05PM NGate, a new Android malware, steals money from payment cards through NFC data relay. It tricks victims into installing malicious PWAs and WebAPKs, stealing banking credentials. Once installed, it uses NFC to capture and relay card data to the attacker’s device. It can also obtain the card PIN, posing a … Read more
August 21, 2024 at 04:59PM Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation … Read more
June 17, 2024 at 02:08AM Hamas-linked APT group Arid Viper uses Android spyware AridSpy distributed through Trojanized messaging apps. The malware targets Android users in Egypt and Palestine, collecting various data and enabling audio and visual surveillance. Ongoing AridSpy espionage campaigns are active, posing a continued threat. The group is continuously updating and maintaining the … Read more
May 15, 2024 at 08:00AM The Ebury Linux botnet, active since 2009, has continued to grow, with over 100,000 infected systems in 2023, and it has impacted over 400,000 hosts. ESET reports that the operators are highly active, using various tactics to compromise and exploit servers, including targeting Tor exit nodes and cryptocurrency wallets. Key … Read more