Malware

06 Apr

Typhon Info-Stealing Malware Devs Upgrade Evasion Capabilities

Attacks, Malware, Uncategorized

Typhon, a C# based information stealing malware that was first discovered in mid-2022, has had a new version released by the threat actors behind it. Dubbed Typhon Reborn, the new malware has a heavily modified codebase from its original version, containing many new features and evasive techniques. String obfuscation techniques, using Base64 and XOR, within the malware payloads has improved, making it more difficult to analyze samples. A wide range of checks, such as looking…

Read More
06 Apr

YouTube Phishing Scam Luring Users Into Providing Credentials

Attacks, Malware, Uncategorized

A new phishing scam on YouTube has been uncovered, where hackers are using authentic-looking email addresses to trick users into giving away their account login information. The scam starts with a fraudulent email claiming to be from YouTube’s support team, stating that the user’s account is in violation of the platform’s policies and will be suspended if the issue is not resolved. The email contains a link that appears to take the user to YouTube’s…

Read More
24 Mar

Critical flaw in WooCommerce can be used to compromise WordPress websites

Data Breaches, Malware, Social Engineering

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch. “Although what we know at this time is limited, what we do know is that the vulnerability allows for unauthenticated administrative takeover of websites,” researchers from web security firm Sucuri said in…

Read More
24 Mar

Bitter APT Targeting Chinese Nuclear Energy Organizations

Attacks, Malware

While largely targeting organizations in the APAC region, this company has also been seen targeting organization in Europe, indicating that they may pivot to compromise organizations worldwide in the future. As the initial compromise in this campaign stems from phishing, the best prevention is to provide adequate user education into the latest phishing campaigns. However, this is not adequate as all it takes is one phishing attachment to slip through the cracks and get executed…

Read More
24 Mar

Watch Out for These Tax Season Scams

Attacks, Malware

The IRS provided excellent tips for protecting against these types of scams: • File early. OK. The ship may have already sort of sailed on this one, but the earlier you file, the less time cybercriminals have to use your identity to commit fraud.• Watch out for phishing and smishing. The IRS won’t send unsolicited emails or texts. Skip the links and attachments and go straight to the IRS or the applicable state and city…

Read More
24 Mar

Decoy Installers Used to Deploy AresLoader by Russian Hacktivists

Attacks, Malware

Some defensive measures can be taken to lessen the likelihood of infection by AresLoader and other malware strains alike, including: 1. Be cautious when downloading and installing software: AresLoader malware is being spread through deceptive software installers, so it’s important to be careful when downloading and installing new software. Only download software from reputable sources and be wary of any installers that look suspicious or untrustworthy. 2. Keep software up to date: Cybercriminals often exploit…

Read More
24 Mar

Cyberpion rebrands as Ionix, offering new EASM visibility improvements

Data Breaches, Malware, Social Engineering

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering. Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix’s system will feature new abilities such as extending visibility into connected assets and shadow IT, and scoring risks based on possible blast radius. “Along with the rebrand comes…

Read More
24 Mar

Android-based banking Trojan Nexus now available as malware-as-a-service

Data Breaches, Malware, Social Engineering

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide. First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware…

Read More
23 Mar

Google suspends Pinduoduo app over malware concerns

Malware

Google has suspended Chinese agricultural e-commerce app Pinduoduo from Google Play after versions of the app found outside the Google store were flagged as having malware issues. A Google spokesperson told Reuters that the app had been suspended over “security concerns”, adding that “Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect”, in other words, software that prevents the installation of malicious or harmful…

Read More
23 Mar

Russian hacktivists deploy new AresLoader malware via decoy installers

Data Breaches, Malware, Social Engineering

Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software. Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two…

Read More