#MalwareProtection

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

by

December 7, 2024 at 03:57AM Cybersecurity researchers have identified a scam campaign using fake video conferencing apps to distribute the Realst info stealer, targeting Web3 professionals. Operatives create fraudulent companies using AI to enhance legitimacy, tricking victims into downloading malware disguised as meeting software, ultimately aiming to steal sensitive data, including cryptocurrency information. ### Meeting … Read more

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

by

December 6, 2024 at 02:48AM Gamaredon, a Russian-affiliated cyber threat group, is using Cloudflare Tunnels to hide its GammaDrop malware in a spear-phishing campaign targeting Ukrainian entities since early 2024. The group employs various techniques, including HTML smuggling and DNS fast-fluxing, to evade detection and maintain access to compromised systems. ### Meeting Takeaways – December … Read more

Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels

by

December 5, 2024 at 05:21PM BlueAlpha, a Russian APT group, has adapted its malware delivery by exploiting Cloudflare Tunnels to deploy GammaDrop malware. This method conceals staging infrastructure, enabling HTML smuggling attacks and evading detection. Insikt Group recommends enhancing email security, flagging suspicious attachments, and implementing network monitoring to counter these threats. ### Meeting Takeaways … Read more

‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs

by

December 5, 2024 at 11:12AM Researchers at Trend Micro have identified a cyber-threat operation, Earth Minotaur, targeting the Tibetan and Uyghur communities using the Moonshine exploit kit. This operation delivers the DarkNimbus spyware to Android and Windows devices, stealing personal data and monitoring activities. Users are advised to exercise caution and update applications regularly. **Meeting … Read more

New DroidBot Android banking malware spreads across Europe

by

December 4, 2024 at 01:33PM A new Android banking malware, ‘DroidBot,’ targets over 77 cryptocurrency and banking apps in Europe. Active since June 2024, it operates as a malware-as-a-service platform, facilitating attacks for affiliates. Key features include keylogging and SMS interception. Users are urged to download apps from Google Play and review permissions carefully. ### … Read more

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

by

December 4, 2024 at 12:45AM A new phishing campaign uses corrupted Microsoft Office documents and ZIP files to bypass email defenses, evading antivirus software and spam filters. These malicious emails entice users with false promises, leveraging built-in recovery features for execution. The technique, identified since August 2024, aims for credential theft and malware deployment. **Meeting … Read more

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

by

December 3, 2024 at 08:57AM Cisco has updated its advisory regarding a decade-old vulnerability (CVE-2014-2120) in its Adaptive Security Appliance, which is being actively exploited. The flaw allows cross-site scripting attacks via the WebVPN login page. Users are urged to update their systems as it was added to the CISA’s KEV catalog for urgent remediation. … Read more

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

by

December 3, 2024 at 06:03AM Cybersecurity researchers identified vulnerabilities in Palo Alto Networks and SonicWall VPN clients, allowing potential remote code execution on Windows and macOS systems. Exploiting these flaws via a rogue VPN server could lead to malicious software installation. Users are urged to apply patches to mitigate risks. No active exploitation reported yet. … Read more

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

by

December 3, 2024 at 04:52AM North Korea-aligned Kimsuky is linked to phishing attacks using Russian sender addresses to steal credentials. These attacks, primarily targeting South Korean users, exploit email services and impersonate institutions like Naver. Kimsuky utilizes compromised servers and tools for spoofing to evade security, aiming for account hijacking and further attacks. ### Meeting … Read more

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

by

December 2, 2024 at 05:45AM A report from McAfee Labs identifies over a dozen malicious Android apps on the Google Play Store, collectively downloaded over 8 million times, which contain SpyLoan malware. These apps deceive users into sharing sensitive information under the guise of providing quick loans, leading to financial exploitation and privacy violations. ### … Read more