New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

August 10, 2024 at 11:21AM A widespread malware campaign installs rogue Google Chrome and Microsoft Edge extensions via a trojan distributed through fake websites. The malware, present since 2021, affects over 300,000 users and uses malvertising to trick users into downloading the trojan. The extensions hijack searches, intercept web requests, and execute various commands. From … Read more

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

July 31, 2024 at 09:45AM A malware campaign, DEV#POPPER, is targeting software developers across Windows, Linux, and macOS systems. Linked to North Korea, the threat actors use social engineering to trick victims into divulging information or downloading malicious software. The campaign uses obfuscated JavaScript and Python backdoors, along with enhanced obfuscation and remote monitoring to … Read more

Void Banshee APT Exploits Microsoft Zero-Day in Spear-Phishing Attacks

July 16, 2024 at 09:41AM A Trend Micro blog post reveals new details about the exploit of a Microsoft zero-day flaw by an APT group known as Void Banshee, spreading the Atlantida Stealer in a spear-phishing campaign targeting victims in North America, Europe, and Southeast Asia. The attackers use unpatched vulnerabilities in the now-retired Internet … Read more

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

June 21, 2024 at 06:15AM A malvertising campaign is using fake websites to distribute backdoor malware disguised as popular software like Google Chrome and Microsoft Teams. The malware, called Oyster, can gather information, communicate with a command-and-control address, and execute remote code. This coincides with the emergence of a new phishing platform called ONNX Store. … Read more

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

June 18, 2024 at 06:19AM Cybersecurity researchers have discovered a new malware campaign targeting exposed Docket API endpoints, deploying cryptocurrency miners and accessing more malicious programs via a remote access tool. The attack involves reconnaissance, privilege escalation, and exploitation of Docker servers. The campaign is linked to a previous activity dubbed Spinning YARN and features … Read more

Singapore Police Extradites Malaysians Linked to Android Malware Fraud

June 18, 2024 at 03:51AM The Singapore Police Force (SPF) extradited two men from Malaysia linked to a mobile malware campaign. The suspects targeted Android users and used phishing scams to steal personal data and banking information. The SPF, in collaboration with other law enforcement agencies, apprehended 16 cyber criminals and reported over 4,000 victims. … Read more

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

June 13, 2024 at 10:25AM The threat actor Arid Viper is behind a mobile espionage campaign using trojanized Android apps to distribute spyware called AridSpy. The campaign targets users in Palestine and Egypt through fake messaging and job opportunity apps. AridSpy is capable of downloading additional payloads and harvesting data from infected devices. From the … Read more

Arc browser’s Windows launch targeted by Google ads malvertising

May 25, 2024 at 07:33PM Cybercriminals capitalized on the release of the Arc web browser for Windows by launching a Google Ads malvertising campaign, tricking users into downloading trojanized installers that infect them with malware. The malicious ads led to typo-squatted domains, where users unknowingly downloaded malware through trojanized installers. Malwarebytes recommends caution and verification … Read more

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

May 9, 2024 at 11:48AM Russian APT28 orchestrates a malware campaign targeting Polish government institutions. The attack involves tricking victims into downloading malicious files via redirection to legitimate sites. APT28’s use of legitimate services aims to avoid detection by security software. The group has also expanded its activities to target iOS devices. NATO countries recently … Read more

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

April 24, 2024 at 03:51AM A new malware campaign, called GuptiMiner, is using the eScan antivirus software’s updating mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The campaign is linked to a North Korean hacking group Kimsuky. The malware uses sophisticated techniques and has evaded detection for at least five years. The … Read more