Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

June 13, 2024 at 10:25AM The threat actor Arid Viper is behind a mobile espionage campaign using trojanized Android apps to distribute spyware called AridSpy. The campaign targets users in Palestine and Egypt through fake messaging and job opportunity apps. AridSpy is capable of downloading additional payloads and harvesting data from infected devices. From the … Read more

Arc browser’s Windows launch targeted by Google ads malvertising

May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

May 9, 2024 at 11:48AM Russian APT28 orchestrates a malware campaign targeting Polish government institutions. The attack involves tricking victims into downloading malicious files via redirection to legitimate sites. APT28’s use of legitimate services aims to avoid detection by security software. The group has also expanded its activities to target iOS devices. NATO countries recently … Read more

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

April 24, 2024 at 03:51AM A new malware campaign, called GuptiMiner, is using the eScan antivirus software’s updating mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The campaign is linked to a North Korean hacking group Kimsuky. The malware uses sophisticated techniques and has evaded detection for at least five years. The … Read more

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

April 24, 2024 at 01:39AM A new malware campaign, linked to threat actor CoralRaider, is distributing multiple stealers via Content Delivery Network (CDN) cache domains. The campaign targets various businesses in different countries, adopting deceptive tactics such as phishing emails and booby-trapped links to propagate malware. The modular PowerShell loader script bypasses User Access Controls … Read more

CoralRaider attacks use CDN cache to push info-stealer malware

April 23, 2024 at 05:34PM A financially motivated threat actor, known as CoralRaider, is conducting an ongoing malware campaign targeting systems in the U.S., U.K., Germany, and Japan. The group uses a content delivery network cache to distribute malware, including info stealers LummaC2, Rhadamanthys, and Cryptbot. The attacks start with malicious Windows shortcut files delivered … Read more

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

April 10, 2024 at 10:34AM An Android malware campaign named eXotic Visit is targeting users in South Asia, particularly in India and Pakistan, through fake apps distributed on dedicated websites and Google Play Store. The campaign uses the XploitSPY RAT to gather sensitive data, and its purpose is espionage targeting victims in the region. The … Read more

PyPI suspends new user registration to block malware campaign

March 28, 2024 at 02:04PM PyPI, the Python Package Index, has suspended user registrations and new project creation due to an ongoing malware campaign. Threat actors are uploading fake packages to compromise developers, with the latest report from Checkmarx revealing 365 malicious entries and an info-stealer payload. This emphasizes the importance of rigorously verifying open-source … Read more

Over 100 US and EU orgs targeted in StrelaStealer malware attacks

March 25, 2024 at 12:11PM The StrelaStealer malware has impacted over 100 organizations in the U.S. and Europe, targeting email account credentials. Originally targeting Spanish-speaking users, it now targets U.S. and European individuals. Its distribution through phishing campaigns has substantially increased, with evolved infection methods. The malware’s primary goal remains stealing email login information and … Read more

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

March 25, 2024 at 08:51AM Unidentified adversaries executed a sophisticated supply chain attack targeting individual developers and Top.gg’s GitHub organization account. The attack involved multiple tactics, including account takeover and malicious code insertion. It led to theft of sensitive data and distribution of trojanized software packages. The incident underscores the need for vigilance and thorough … Read more