August 22, 2024 at 01:05PM NGate, a new Android malware, steals money from payment cards through NFC data relay. It tricks victims into installing malicious PWAs and WebAPKs, stealing banking credentials. Once installed, it uses NFC to capture and relay card data to the attacker’s device. It can also obtain the card PIN, posing a … Read more
August 9, 2024 at 11:25AM A widespread malware campaign installed malicious Google Chrome and Microsoft Edge browser extensions, stealing browsing history and data. Malware employed diverse malvertising themes, infecting victims’ web browsers through fake software installers and digitally signed downloaders. The malware evaded antivirus detection, hijacked browser homepages, and persisted in the system, necessitating manual … Read more
July 10, 2024 at 03:23PM ViperSoftX malware utilizes CLR to execute PowerShell within AutoIt scripts, enabling evasion of detection. It is distributed disguised as ebooks on torrent sites, using malicious RAR archives and decoy files. The malware employs various evasion techniques, including base64 obfuscation, AES encryption, and deceptive hostnames, aiming to steal system and cryptocurrency … Read more
April 5, 2024 at 12:50PM Hackers are using hijacked Facebook pages and advertisements to promote fake AI services, infecting users with password-stealing malware. The malvertising campaigns trick users into fraudulent Facebook communities, then entice them to download malicious executables. The stolen data is sold on the dark web or used for further scams. These sophisticated … Read more
March 26, 2024 at 05:22PM A new and improved variant of the group’s malware is causing chaos in virtual environments by combining fileless infection, BYOVD, and other advanced techniques. Based on the meeting notes, it seems that a new, enhanced version of the group’s malware has been developed. This variant combines fileless infection, BYOVD, and … Read more
February 9, 2024 at 11:00AM A new Rust-based macOS malware, known as RustDoor, has been spreading as a Visual Studio update, providing backdoor access to compromised systems. Linked to the ALPHV/BlackCat ransomware gang’s infrastructure, it communicates with command and control servers potentially associated with ransomware operations. The malware has advanced capabilities and is distributed under … Read more
December 22, 2023 at 09:55AM Three Chrome extensions masquerading as VPNs were found to be malware, infecting users’ machines through pirated video game installers. ReasonLabs discovered the malicious extensions and reported their findings to Google, resulting in their removal from the Chrome Web Store. The extensions targeted Russian-speaking users, stealing data, manipulating web requests, and … Read more