Necro malware continues to haunt side-loaders of dodgy Android mods

September 23, 2024 at 05:38PM The Necro trojan is targeting Android users, potentially affecting millions. Kaspersky discovered the Necro campaign in 2019, exposing numerous devices to malware. Popular apps like Wuta Camera and Max Browser were affected, prompting Google to take action. Malicious modifications for apps like WhatsApp and children’s games are also concerning. Kaspersky … Read more

Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch

September 18, 2024 at 05:00PM SambaSpy, a remote access Trojan (RAT), is a sophisticated tool with various spying and data-stealing functions, initially targeting Italian victims and potentially expanding to other countries. The malware’s capabilities include file management, remote control, password stealing, and more, making it a versatile and powerful tool for threat actors. It is … Read more

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

August 27, 2024 at 12:33PM Chinese instant messaging app users are targeted by HZ RAT, a backdoor malware on Apple macOS replicating Windows version. Distributed via RTF documents and software installers, it connects to C2 server for instructions, likely for credential harvesting and reconnaissance. Recent sample impersonates OpenVPN, collecting user data, with most C2 servers … Read more

Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls

August 13, 2024 at 06:51AM Various attempts at prompt injection into large language models (LLMs) have been identified, with the majority coming from job seekers seeking to manipulate automated HR screening systems. Kaspersky’s research found instances of direct and indirect prompt injections, often aiming to influence HR processes or as a form of protest against … Read more

CloudSorcerer hackers abuse cloud services to steal Russian govt data

July 8, 2024 at 11:17AM CloudSorcerer, a new APT group discovered by Kaspersky, uses custom malware to steal data from Russian government organizations via cloud services. The malware’s behavior varies based on its injection point within the system, allowing it to collect data and execute commands. Kaspersky characterizes the attacks as highly sophisticated, with IoC … Read more

Widely used modems in industrial IoT devices open to SMS attack

May 11, 2024 at 09:14AM Security flaws in Telit Cinterion cellular modems, reported by Kaspersky, allow remote attackers to execute arbitrary code via SMS. The most severe vulnerability, CVE-2023-47610, has a severity score of 9.8 and could allow attackers to take control of vulnerable devices without authentication. Telit has patched some vulnerabilities, but others remain. … Read more

Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem

May 10, 2024 at 06:37PM Millions of IoT devices utilizing Cinterion modems are vulnerable to multiple severe vulnerabilities, according to research conducted by Kaspersky. Telit, the modem vendor, has only partially addressed the flaws. The most critical threat allows remote attackers to execute arbitrary code and poses a significant risk to various industries. Recommended mitigation … Read more

Widely used Telit Cinterion modems open to SMS takeover attacks

May 10, 2024 at 04:09AM Security flaws in widely utilized Telit Cinterion cellular modems present remote code execution risks via SMS. Eight issues, comprising a severe heap overflow problem (CVE-2023-47610), were revealed by Kaspersky’s ICS CERT division. The vulnerabilities could allow attackers to compromise device integrity and cause extensive disruption. Mitigation strategies include disabling SMS … Read more

New Android Trojan ‘SoumniBot’ Evades Detection with Clever Tricks

April 18, 2024 at 07:36AM A new Android trojan named SoumniBot is targeting users in South Korea by exploiting vulnerabilities in manifest extraction. It evades analysis through unconventional approaches, including obfuscating the Android manifest. The malware collects sensitive data, manipulates device settings, and searches for digital signature certificates. Its developers successfully complicate detection through insufficiently … Read more

SoumniBot malware exploits Android bugs to evade detection

April 17, 2024 at 05:45PM The newly discovered Android banking malware ‘SoumniBot’ employs unusual obfuscation techniques to evade standard security measures found in Android phones. It exploits weaknesses in the Android manifest extraction and parsing procedure, allowing it to perform info-stealing operations. Once launched, SoumniBot exfiltrates a variety of data and is controlled by commands … Read more