December 21, 2023 at 02:45AM Attackers are utilizing an old Microsoft Office vulnerability in phishing campaigns to distribute Agent Tesla malware. The infection chains leverage decoy Excel documents in invoice-themed messages to trick targets into opening them. Once downloaded, the malware initiates communication with a malicious destination to download additional files. Organizations must stay updated … Read more
December 20, 2023 at 06:56PM IBM Security discovered a JavaScript code injected into online banking pages, compromising 50,000 user sessions with 40+ banks globally. The DanaBot Windows malware infects PCs, waits for users to access bank sites, then steals login credentials. It targets financial organizations across continents. The malware communicates with a server and adapts … Read more
December 20, 2023 at 04:03AM A new Go-based information stealer malware called JaskaGO poses a cross-platform threat to Windows and Apple macOS systems, equipped with extensive commands from its C&C server. Capable of establishing persistence within the system, it employs multiple tactics for information theft and cryptocurrency theft. Its distribution method and campaign scale remain … Read more
December 19, 2023 at 06:22PM Qakbot malware has resurfaced, distributed through phishing emails targeting hospitality organizations. Microsoft, Zscaler, and Proofpoint reported sightings of a new 64-bit version using AES encryption. Despite a takedown in August, Qakbot’s operators continue distributing other malware. Lumu observed 1,581 attempted attacks in September, indicating the group’s resilience. The group’s continued … Read more
December 19, 2023 at 04:33AM Qakbot malware has resurged with a new phishing campaign targeting the hospitality sector. The gang uses malicious PDF attachments disguised as IRS documents to distribute the malware. Despite earlier efforts to take it down, Qakbot has reappeared, demonstrating the challenge of combating cybercrime. Similar to Emotet’s revival, Qakbot’s resurgence poses … Read more
December 18, 2023 at 09:39AM Developers continue to enhance Rhadamanthys malware, broadening its capabilities and incorporating a plugin system for customization. Deployed through malicious sites, the malware harvests sensitive information from compromised hosts. Check Point’s analysis reveals its evolution into a potent threat, with a new plugin system allowing customized deployment. Similar to Rhadamanthys, AsyncRAT … Read more
December 18, 2023 at 05:52AM A new wave of QakBot malware phishing targeting the hospitality industry was discovered by Microsoft. The phishing campaign began on December 11, 2023, distributing a PDF with a URL leading to an MSI file. Cisco Talos had previously noted QakBot affiliates using phishing to distribute ransomware and other malware. The … Read more
December 17, 2023 at 04:52PM The Rhadamanthys information-stealing malware has recently released two major versions with added improvements, such as new stealing capabilities, enhanced evasion, and a new plugin system for customization. These updates indicate a shift towards a more modular and customizable framework, making it a more formidable tool for cybercriminals. From the meeting … Read more
December 17, 2023 at 04:44PM The QakBot malware, previously disrupted by law enforcement, has resurfaced in new phishing campaigns. Microsoft warns of email phishing attacks impersonating IRS employees, distributing QakBot via a malicious PDF file. The malware, initially a banking trojan, has evolved into a delivery service for ransomware attacks and data theft, using various … Read more
December 15, 2023 at 01:22PM A versatile malware named NKAbuse, deployed as both a flooder and backdoor, has been discovered targeting Linux systems in Colombia, Mexico, and Vietnam. Written in Go, it exploits the NKN blockchain-oriented peer-to-peer networking protocol. Utilizing various methods, including exploiting vulnerabilities, it has the capacity to launch DDoS attacks and compromise … Read more