June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more
June 18, 2024 at 06:19AM Cybersecurity researchers have discovered a new malware campaign targeting exposed Docket API endpoints, deploying cryptocurrency miners and accessing more malicious programs via a remote access tool. The attack involves reconnaissance, privilege escalation, and exploitation of Docker servers. The campaign is linked to a previous activity dubbed Spinning YARN and features … Read more
June 18, 2024 at 03:51AM The Singapore Police Force (SPF) extradited two men from Malaysia linked to a mobile malware campaign. The suspects targeted Android users and used phishing scams to steal personal data and banking information. The SPF, in collaboration with other law enforcement agencies, apprehended 16 cyber criminals and reported over 4,000 victims. … Read more
June 13, 2024 at 10:25AM The threat actor Arid Viper is behind a mobile espionage campaign using trojanized Android apps to distribute spyware called AridSpy. The campaign targets users in Palestine and Egypt through fake messaging and job opportunity apps. AridSpy is capable of downloading additional payloads and harvesting data from infected devices. From the … Read more
May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more
May 9, 2024 at 11:48AM Russian APT28 orchestrates a malware campaign targeting Polish government institutions. The attack involves tricking victims into downloading malicious files via redirection to legitimate sites. APT28’s use of legitimate services aims to avoid detection by security software. The group has also expanded its activities to target iOS devices. NATO countries recently … Read more
April 24, 2024 at 03:51AM A new malware campaign, called GuptiMiner, is using the eScan antivirus software’s updating mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The campaign is linked to a North Korean hacking group Kimsuky. The malware uses sophisticated techniques and has evaded detection for at least five years. The … Read more
April 24, 2024 at 01:39AM A new malware campaign, linked to threat actor CoralRaider, is distributing multiple stealers via Content Delivery Network (CDN) cache domains. The campaign targets various businesses in different countries, adopting deceptive tactics such as phishing emails and booby-trapped links to propagate malware. The modular PowerShell loader script bypasses User Access Controls … Read more
April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more
April 10, 2024 at 10:34AM An Android malware campaign named eXotic Visit is targeting users in South Asia, particularly in India and Pakistan, through fake apps distributed on dedicated websites and Google Play Store. The campaign uses the XploitSPY RAT to gather sensitive data, and its purpose is espionage targeting victims in the region. The … Read more