#MalwareThreat

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

by

January 19, 2024 at 08:51AM Pirated macOS applications from Chinese websites harbor a backdoor allowing attackers remote control over infected machines. The malware, hosted on “macyy[.]cn,” uses a dropper to fetch backdoor and downloader components, which enable persistence and facilitate additional payloads. This echoes previous incidents involving the ZuRu malware, possibly indicating a successor. (Words: … Read more

Nigerian Businesses Face Growing Ransomware-as-a-Service Trade

by

January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated … Read more

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

by

January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more

This is why we update… Data-thief malware exploits unpatched Windows PCs

by

January 12, 2024 at 07:00PM Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update … Read more

Google: Malware abusing API is standard token theft, not an API issue

by

January 6, 2024 at 11:46AM Malware is exploiting an undocumented Google Chrome API to generate new authentication cookies from stolen ones. Multiple malware operations are using this technique to gain access to users’ Google accounts through the API, and Google has downplayed the severity of the issue. The company urges affected users to take precautionary … Read more

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

by

December 27, 2023 at 04:18AM A new Android backdoor, Xamalicious, has been uncovered by McAfee Mobile Research Team. It leverages accessibility permissions to execute malicious actions, including retrieving a second-stage payload and taking control of devices for fraudulent activities. The threat has been associated with 25 apps and is particularly prevalent in several countries, including … Read more

New Web injections campaign steals banking data from 50,000 people

by

December 19, 2023 at 03:40PM A new malware campaign, detected by IBM in March 2023, has targeted over 50,000 users across 40 banks globally, attempting to steal banking data. Using JavaScript web injections, the attackers intercepted user credentials and OTPs, gaining access to accounts, changing settings, and performing unauthorized transactions. The evasive campaign employs stealthy … Read more

Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft

by

December 15, 2023 at 08:18AM Ledger, a crypto hardware wallet maker, faced a security breach after former employee fell victim to a phishing attack, leading to theft of $600,000 in virtual assets. Malicious code from the compromised npm account was used to propagate crypto drainer malware to other applications. Ledger has since removed the malicious … Read more

BazarCall attacks abuse Google Forms to legitimize phishing emails

by

December 13, 2023 at 03:41PM A recent surge in BazarCall attacks includes the exploitation of Google Forms to fabricate and dispatch fraudulent payment receipts, augmenting the appearance of authenticity. Initially surfaced in 2021, BazarCall employs phishing tactics via sham payment notifications from reputable companies. The updated method entails sending false payment confirmations using Google Forms, … Read more

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

by

November 23, 2023 at 05:54AM An active malware campaign is using two zero-day vulnerabilities to create a Mirai-based DDoS botnet by targeting routers and network video recorders. Akamai has discovered the attacks and identified the malware variants involved. The flaws are being kept under wraps to allow vendors to patch them. The attacks utilize offensive … Read more