New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

September 5, 2024 at 02:15AM Earth Lusca, a Chinese-speaking threat actor, has been observed deploying a new backdoor named KTLVdoor in a cyber attack targeting an unnamed trading company in China. The malware is written in Golang and masquerades as system utilities, with over 50 command-and-control servers identified. Its use by other Chinese threat actors … Read more

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

September 4, 2024 at 01:42AM A new malware campaign is using a spoofed version of Palo Alto Networks’ GlobalProtect VPN software to distribute the WikiLoader malware through an SEO campaign. The malware campaign is a shift from previous tactics and involves malicious activities such as delivering malware via fake GlobalProtect download pages and anti-analysis checks … Read more

New Mad Liberator gang uses fake Windows update screen to hide data theft

August 17, 2024 at 10:37AM Mad Liberator, a new data extortion group, targets AnyDesk users by using fake Microsoft Windows update screens to distract while exfiltrating data. The group claims to use AES/RSA algorithms to lock files but did not encrypt data in observed attacks. They drop ransom notes on shared network directories as a … Read more

RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary

August 16, 2024 at 01:18PM The utility gains privilege escalation and the ability to disable endpoint protection software by using a public exploit after loading a vulnerable driver. Based on the meeting notes, it appears that the discussion revolved around the use of a vulnerable driver to gain the ability to disable endpoint protection software … Read more

Fake AI editor ads on Facebook push password-stealing malware

August 2, 2024 at 02:37PM A malvertising campaign on Facebook targets users seeking AI image editing tools, deceiving them into installing fake apps that mimic genuine software and stealing their credentials. Based on the meeting notes, it appears that a malicious advertising campaign on Facebook is specifically targeting users who are searching for AI image … Read more

Beware of fake CrowdStrike domains pumping out Lumma infostealing malware

July 25, 2024 at 06:42PM CrowdStrike’s threat intel team warns of a new scam using the Lumma infostealing malware, targeting Windows users. The malware extracts sensitive data for criminal use, such as online banking and cryptocurrency credentials. The scam leverages a fake CrowdStrike domain, posing as a recovery tool for a previous faulty sensor update. … Read more

‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets with SSH-Snake and Open Source Tools

July 11, 2024 at 10:48AM CrystalRay, a threat actor, has expanded their operations since the February attacks. They utilize SSH-Snake, an automated worm-like tool, for hacking purposes and have added mass scanning, open source software exploitation, and credential theft to their arsenal. Their use of open source and penetration testing tools enables them to maintain … Read more

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion

July 5, 2024 at 01:11PM Threat actors have leaked alleged Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, threatening to release more if a $2 million extortion demand isn’t met. The data breach occurred via Snowflake, impacting multiple organizations including Neiman Marcus and the Los Angeles Unified School District. Ticketmaster has not confirmed … Read more

Software Productivity Tools Hijacked to Deliver Infostealers

July 4, 2024 at 09:10AM Conceptworld Corporation, an India-based software company, was found to be distributing information-stealing malware with its software products. Researchers from Rapid7 discovered that the installation packages of their tools, Notezilla, RecentX, and Copywhiz, had been Trojanized. Despite replacing the malicious installers, users were unknowingly exposed to the dllFake malware, capable of … Read more

Polyfill.io owner punches back at ‘malicious defamation’ amid domain shutdown

June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more