Malware | Breaking Cybersecurity News | The Hacker News

Many moons ago, when the World Wide Web was young and the nerd in me was strong, I remember building a PC and setting it up as a web server. In those exciting, pioneering days, it was quite something to be able to have my very own IP address on the internet and serve my own web pages directly from my Apache server to the world. Great fun. I also remember looking at the server logs in horror as I scrolled through pages upon pages of failed login, and presumably hacking, attempts. I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an unpatched piece of software for a breach to occur, and from there, all bets would have been off. Even today, many internet service providers will let you provision your own server, should you feel brave enough. Of course, the stakes were not high for me at home, but knowing what we know now about the growth of ransomware attacks and how AI is facilitating them, no organization would da...

CTM360 has recently observed a sophisticated global scam campaign where victims are lured through fraudulent Google Play Store download pages. CTM360, a leading cybersecurity company for Digital Risk Protection, has identified over 6,000 instances of these fake pages, tricking users into downloading malicious apps. Once installed, the apps disguise themselves as legitimate software to deploy PlayPraetor (a malware named after the authoritative Roman praetor). It seizes control of infected devices to steal banking credentials, log keystrokes, and monitor clipboard activity. The operation's global reach and complexity highlight a highly coordinated effort to compromise users' data for malicious purposes. How the Scam Works Threat actors behind PlayPraetor execute a well-crafted deception strategy: Fake Play Store Pages – Cybercriminals create highly realistic clones of Google Play Store and other trusted sources to distribute Trojanized APKs. Malicious APKs Disguised as L...

So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video ...