Tax season scammers are going full on again this year, deploying all methods of attack against taxpayers. Malware, banking Trojans, document macros, and straight out phishing forms are among the various weapons in the scammers’ arsenal. The branding on the forms...
The Lazarus hacking group has released a bunch of new malicious crypto-coin transaction tools. The group continues to focus on macOS users, but still releases Windows versions of its malware too. People are advised to avoid tools named after Cyptian, Union...
Researchers have found a new crypto-mining malware that is masked as a game cheat. The trojan is to be found in many different game cheat websites, although many of them are down by now. The actors are trying to take advantage...
One of Trickbot’s latest variants is circulating once again via payroll-themed phishing messages. The actors are using a legitimate email delivery and cloud document hosting services for obfuscation. The recent campaign has claimed hundreds of victims, infecting the host systems with...
Sophos warns about 15 adware apps that were previously downloaded by 1.3 million users. The apps employ various hiding and deception techniques and try to make their uninstallation difficult. Some of these apps were uploaded on the Play Store before, with...
The developer of CamScanner admits to having been tricked by a malicious ad network provider. The rogue SDK affected versions between 5.11.7 and 5.12.0, so if you are using these, you are urged to update. The malware that was used is...
Image Courtesy of Pexels Kaspersky Labs has discovered a new malware affecting ATM machines. The WinPot malware is available on dark web forums for sale, and similar malware variants may also become common. The malware turns the infected...
Unpatched Drupal systems are being targeted by powerful malware based on a year-old flaw. The actors have several specialized PoC samples at their disposal, focused on version 7 or 8. The code of the malware is heavily obfuscated, and it comes...
An ‘Ableton Live 10’ torrent spreads the Bird Miner crypto-miner, specifically designed for macOS systems. The malware is trying to hide its activities by running through images in the Qemu tool. The shell scripts that are executed are still blowing its cover,...
Malware campaigns are increasingly relying on obfuscating crypters and malware wrappers. The most popular choice right now is the $33/month CypherIT, which is an anti-reverse-engineering tool. The crypter is periodically changing its encryption method so that AV tools cannot detect the...
The “Study the Great Nation” app is a root-level spyware app installed on over 100 million devices. The app was launched in January by the Chinese Communist Party and was aggressively promoted via social networks. Reports say that many Chinese citizens were...
GozNym actors were caught in the net of Europol’s intelligence, during an international operation. The police made ten arrests across Moldova, Ukraine, Bulgaria, Georgia, and the United States. The group had tried to steal about $100 million from 41000 targets. ...
There’s a surge in the use of automated information exfiltration kits like HawkEye lately. The tools are harder to detect, analyze, and stop, as they have been developed with care for years now. The HawkEye keylogger/stealer is now capable of exfiltrating...
A new malware that combines data exfiltration and local mining is out and targeting Mac platforms. The malware copies and uploads Chrome and Safari browser cookies that contain credential information. On a second phase, it activates a miner on the local...
SpeakUp Trojan has already infected 70,000 Linux servers and AWS machines. The Trojan is currently occupied with crypto-mining, but that is unlikely to be its real deal. Researchers warn that security tools are currently not catching it and that it’s a...
A new Emotet distribution campaign is targeting Germans through compromised authorities. The campaign has been noticed, and the offices are doing their best to contain the problem. Emotet is getting popular again, tricking people through Christmas party invitations and more. ...
A new malicious website is pushing a re-branded version of VPN Pro which downloads Trojans. The payloads are either Vidar or CryptBot, depending on the campaign that’s currently active. People should not trust free VPN product links that are shared on...
Most crime actors in Sweden hide behind encrypted communications, and this ends in March 2020. The police will be allowed to install state spyware on the devices of suspects of a crime. The spyware could be developed internally or bought from...