Crimeware | Breaking Cybersecurity News | The Hacker News

A novel multi-stage loader called  DoubleFinger  has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what's an advanced attack targeting users in Europe, the U.S., and Latin America. "DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger's loader stages," Kaspersky researcher Sergey Lozhkin  said  in a Monday report. The starting point of the attacks is a modified version of  espexe.exe  – which refers to Microsoft Windows Economical Service Provider application – that's engineered to execute shellcode responsible for retrieving a PNG image file from the image hosting service Imgur. The image employs steganographic trickery to conceal an encrypted payload that triggers a four-stage compromise chain which eventually culminates in the execution of the GreetingGhoul stealer on the infected host. A notable aspect of GreetingGho

The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte , aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated identity theft, wire and bank fraud affecting a financial institution, and money laundering. According to heavily redacted court documents released by the DoJ, Witte and 16 other unnamed cohorts have been accused of running a transnational criminal organization to develop and deploy a digital suite of malware tools with an aim to target businesses and individuals worldwide for theft and ransom. Since its origin as a banking Trojan in late 2015,  TrickBot  has evolved into a " crimeware-as-a-service " capable of pilfering valuable personal and financial information and even droppi

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica