cancel
Showing results for 
Search instead for 
Did you mean: 

Malware Manifesto

52 Views
0 Comments

 

DarkTequila.png

  

22nd August, 2018  By Pierluigi Paganini Security Affairs

 

SummarySecurity experts from Kaspersky Labs have spotted a sophisticated strain of banking malware dubbed Dark Tequila that was used to target customers of several Mexican financial institutions. According to the researchers, the complex Dark Tequila malware went undetected since at least 2013.

 

Dark Tequila is a multistage malware that spreads via spear-phishing messages and infected USB devices. The malware steals financial data from a long list of online banking sites from infected systems, it is also able to gather credentials to popular websites, business and personal email addresses, domain registers, and file storage accounts.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

56 Views
0 Comments

 

Ryuk.png

  

21st August, 2018  By Catalin Cimpanu Bleeping Computer

 

SummaryA new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. Attacks with this ransomware strain were first spotted last Monday, August 13, according to independent security researcher MalwareHunter, who first tweeted about this new threat.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

48 Views
0 Comments

 

Marap.png

  

16th August, 2018  By Linday O'Donnell Threat Post

 

SummaryA new downloader, which has been spotted in an array of recent email campaigns, uses anti-analysis techniques and calls in a system fingerprinting module.

 

A newly discovered downloader malware has been discovered as part of a new campaign primarily targeting financial institutions.

 

Researchers at Proofpoint said today that the downloader – dubbed “Marap” after its command-and-control phone-home parameter, “param,” spelled backwards – is notable for its focused functionality and modular nature, as well as its ability to perform reconnaissance through a systems-fingerprinting module.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

136 Views
0 Comments

 

KEYMARBLE.png

  

10th August, 2018  By Juha Saarinen IT News

 

SummaryThe United States Computer Emergency Readiness Team (US-CERT) has issued a fresh warning that a new piece of malware believed to be created by North Korean government actors is on the lose on networks around the world.

 

Known as KEYMARBLE, the malware is a Remote Access Trojan (RAT), US-CERT said and cautioned users against opening attachments in emails, even when the sender appears to be known.

 

The RAT is a 32-bit Windows executable that can access device configuration data, download further files, run commands, modify the Windows Registry configuration and settings database, take screenshots and exfiltrate data, according to the Malware Analysis Report (MAR) by US-CERT.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

53 Views
0 Comments

 

DeepLocker.png

  

8th August, 2018  By Nicky Cappella The Stack

 

SummaryWhile DeepLocker has yet to be seen outside of the research lab, all of the tools used to create it are readily available: existing malware, and AI tools that can be trained to recognize a target.

 

DeepLocker malware can remain undetected for lengthy periods, inactive until presented with an AI trigger – through facial or voice recognition, or geolocation – that indicates a specifically targeted individual. When the trigger is recognized, it acts as a key, activating the dormant malware on the system.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

43 Views
0 Comments

 

Dark Caracal.png

  

6th August, 2018  By Nick Lewis TechTarget

 

SummaryDark Caracal is written in Java, so it can be used against any computer that executes Java code. It is an immature remote access tool that appears to be used by nation-state actors, but it only works on systems with Java installed -- so it shouldn't affect most systems running macOS 10.7 and later, as those versions no longer install the Java runtime by default.

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

51 Views
0 Comments

Ramnit.png

  

6th August, 2018  By Tara Seals Bleeping Computer

 

SummaryA massive proxy botnet is just the tip of the iceberg, a warning sign of a bigger operation in the works by the Ramnit operators.

 

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb.

 

Check Point Research said that the actors behind the Black botnet are mainly working on creating a network of malicious proxy servers; infected machines that together operate as a high-centralized botnet, “though its architecture implies division into independent botnets.”

 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

82 Views
0 Comments

PowerGhost.png

  

27th July, 2018  By Danny Palmer ZDNet

 

SummaryA new form of cryptocurrency-mining malware is targeting corporate networks across the world, employing a combination of PowerShell and EternalBlue to stealthily spread.

 

Dubbed PowerGhost, the fileless malware can secretly embed itself on a single system on a network then spread to other PCs and servers across organisations. The cryptojacker has been uncovered by researchers at security company Kaspersky Lab, who detected it on corporate networks across the globe, with the largest concentration of infections in India, Brazil, Columbia, and Turkey. PowerGhost has also been detected across Europe and North America. 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

73 Views
0 Comments

RANCOR.png

  

26th July, 2018  By Douglas Bonderud Security Intelligence

 

SummaryA previously unidentified threat group, RANCOR, is conducting malware-based espionage attacks in Singapore and Cambodia, according to a June 2018 report from Palo Alto Networks Unit 42. After observing the group throughout both 2017 and 2018, researchers identified two new malware strains: DDKONG and PLAINTEE.

 

Given the highly targeted distribution of this malware and the political nature of its decoy files, Palo Alto Networks concluded that RANCOR’s primary objective is likely espionage. 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto

67 Views
0 Comments

Kronos.png

  

18th July, 2018  By Catalin Cimpanu Bleeping Computer

 

SummaryA new version of the Kronos banking trojan is making the rounds, according to Proofpoint security researchers, who say they've identified at last three campaigns spreading a revamped version of this old trojan that had its heyday back in 2014.

 

According to a report published yesterday evening, first samples of this new Kronos variant have been spotted in April, this year. While initial samples appeared to be tets, real-life campaigns got off the ground in late June, when researchers started detecting malspam and exploit kits delivering this new version to users in the wild. 


Article Link - Read more


 Glossary Blog Back to the Malware Manifesto