#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Command-and-Control Server | Breaking Cybersecurity News | The Hacker News

New malware found using Google Drive as its command-and-control server

New malware found using Google Drive as its command-and-control server
Jan 21, 2019
Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as its command-and-control (C2) server. DarkHydrus first came to light in August last year when the APT group was leveraging the open-source Phishery tool to carry out credential-harvesting campaign against government entities and educational institutions in the Middle East. The latest malicious campaign conducted by the DarkHydrus APT group was also observed against targets in the Middle East, according to reports published by the 360 Threat Intelligence Center ( 360TIC ) and Palo Alto Networks. This time the advanced threat attackers are using a new variant of their backdoor Trojan, called RogueRobin , which i

New Malware Takes Commands From Memes Posted On Twitter

New Malware Takes Commands From Memes Posted On Twitter
Dec 18, 2018
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their command-and-control server to receive instructions from attackers and perform various tasks on infected computers. Since security tools keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly using legitimate websites and servers as infrastructure in their attacks to make the malicious software more difficult to detect. In the recently spotted malicious scheme, which according to the researchers is in its early stage, the hackers uses Steganography —a technique of hiding contents within a digital graphic image in such a way that's invisible to an observer—to hid

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices
Aug 16, 2013
The Kaspersky Lab researchers recently have discovered a number of Android malware apps are abusing the Google Cloud Messaging Service (GCM) as Command and Control server . The GCM  service allows Android app developers to send messages using JSON Format for installed apps, but hackers exploited it for malicious Purposes. Using Google Cloud Messaging Service (GCM) as Command and Control server for Android Malware is not a new concept, as last year Security researcher and Hacker ' Mohit Kumar ' demonstrated ' Android Malware Engine ' - One of the Most Sophisticated Android malware during Malcon conference. The Kaspersky Lab researchers have detected at least five Different Android Trojans that used JSON format: 1. SMS.AndroidOS.FakeInst.a 2. SMS.AndroidOS.Agent.ao 3. SMS.AndroidOS.OpFake.a 4. Backdoor.AndroidOS.Maxit.a 5. SMS.AndroidOS.Agent.az. The authors of the malware in Every case took advantage of Google Cloud Messaging Service to Exchange messag

Protecting Your Organization From Insider Threats - All You Need to Know

cyber security
websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo

Apple certified Mac Malware Captures and Uploads Screenshots without Permission

Apple certified Mac Malware Captures and Uploads Screenshots without Permission
May 17, 2013
Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum , which is an annual human rights conference. Dubbed as  OSX/KitM.A , discovered by computer security researcher Jacob Appelbaum . This Mac malware that has been used to spy on activists, targeted via spear phishing attack and had received emails that duped them into installing the malware. The malware is a backdoor application called " macs.app " which launches automatically upon login. There are two command-and-control servers, located at securitytable.org and docsforum.info. Interestingly, the malware is signed with an Apple Developer ID , which is designed to prevent the installation of malware, associated with the name Rajender Kumar  and  the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology. As of right now, F-Secure is looking into the origination of the malware and though it doesn't appear to be widespread.  You can

Hacker uses Evernote account as Command-and-Control Server

Hacker uses Evernote account as Command-and-Control Server
Mar 29, 2013
Cyber criminals  are using popular note-taking app Evernote as Command-and-Control Server to give commands to the malware installed on infected PCs using botnets. TrendMicro uncovered a malware detected as " BKDR_VERNOT.A " tried to communicate with Command-and-Control Server using Evernote. Malware delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once installed, BKDR_VERNOT.A can perform several backdoor commands such as downloading, executing, and renaming files. It then gathers information from the infected system, including details about its OS, timezone, user name, computer name, registered owner and organization. Researchers  also pointed out that the backdoor may have also used Evernote as a location to upload stolen data. " Unfortunately, during our testing, it was not able to login using the credentials embedded in the
Expert Insights
Cybersecurity Resources