Summary - Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware, depending upon their configurations to decide which of the two schemes could be more profitable.
While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files, cryptocurrency miners utilize infected system's CPU power to mine digital currencies.
Summary - A distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 2nd and we already have reports from victims in our forums and numerous cases have been spotted on ID Ransomware.
MalwareHunterTeam noticed numerous submissions to ID Ransomware this morning from Poland and anew topiccreated by victims in the BleepingComputer forums. A researcher at CERT Polska, the Computer Emergency Response Team for Poland, has also stated that they believe the ransomware is being distributed through a spam campaign pretending to be a DHL invoice.
Summary - The former NSA white hat hacker and malware researcher Patrick Wardle analyzed a new mac malware dubbed OSX.Dummy that targets the cryptocurrency community.
The popular experts decided to analyze the malicious code after the security researcher Remco Verhoef (@remco_verhoef) posted an interesting entry to SANS ‘InfoSec Handlers Diary Blog’ titled “Crypto community target of MacOS malware.”
“Previous days we’ve seen multiple MacOS malware attacks, originating within crypto related Slack or Discord chats groups by impersonating admins or key people. Small snippets are being shared, resulting in downloading and executing a malicious binary.” wrote Verhoef.
Security firm FireEye has detected that malware authors have deployed the PROPagate code injection technique for the first time inside a live malware distribution campaign.
PROPagateis a relatively new code injection technique discovered last November.
Back then, a security researcher found that an attacker could abuse the SetWindowSubclass API, a function of the Windows operating system that manages GUIs, to load and execute malicious code inside the processes of legitimate apps.
Summary - GZipDe is downloader that is used by threat actors to fetch other payloads from a server controlled by attackers. The malware was detected after user from Afghanistan has uploaded aweaponized Worddocument on VirusTotal service, the document refers to the Shanghai Cooperation Organization Summit.
At the time it is not possible to attribute the malicious code to a specific actor, VirusTotal doesn’t share information about the source of the upload and the target of the attack was not disclosed, the researchers were only able to analyze the sample.
Summary - Ransomware has lately lost its status as the queen of the cybercrime prom, but a new iteration of the nefarious SamSam extortion code shows that it can still make a bid to be sparkly and attention-getting.
The latest version of SamSam has taken the malware road less traveled, ditching widespread spam campaigns for unusually targeted, whole-company attacks. According to ananalysisby Sophos, in a reversal of previous tactics, SamSam operators are now launching thousands of copies of the ransomware at once into individual organizations, each of which has been carefully selected.
Summary - A cyber-espionage group believed to be operating out of China has developed a new piece of malware that appears to be based on one of the first tools used by the threat actor.
The actor is known as APT15, Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon, and its tools are tracked by various cybersecurity companies as Mirage, BS2005, RoyalCLI, RoyalDNS, TidePool, BMW and MyWeb. The group has been known to target organizations in the defense, high tech, energy, government, aerospace, manufacturing and other sectors.
Summary - When it was released back in 2015, one of the main perks of Windows 10 was the improved security features that made it harder for rootkits to get a foothold on Microsoft's new OS.
But three years later, security researchers from Romania-based antivirus vendor Bitdefender say they've discovered a new adware strain named Zacinlo that uses a rootkit component to gain persistence across OS reinstalls, a rootkit component that's even effective against Windows 10 installations.
In fact, researchers say that 90% of all Zacinlo's recent victims are Windows 10 users, showing that crooks intentionally designed their "product" to work against Microsoft's latest OS.
Summary - Malware researchers from ESET have discovered a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.
HeroRat isn’t the first malware abusing Telegram protocol, past investigation reported similar threats like TeleRAT and IRRAT.
The new RAT has been in the wild at least since August 2017 and in March 2018 its source code was released for free on Telegram hacking channels allowing various threat actors to create their own variant.
Summary - Olympic Destroyer, the malware that hit Pyeongchang 2018 Winter Olympics, is still alive and infecting new victims, according to a report published earlier today by Russian antivirus vendor Kaspersky Labs. The company's security researchers say they've detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.