Crimeware | Breaking Cybersecurity News | The Hacker News

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys . Targeted regions include the United States, Europe, East Asia, and South America. "The campaign impersonates dozens of companies, while each email is sent to a specific targeted entity from a different Gmail account, adapting the impersonated company and the language per targeted entity," the company said in a technical analysis. "Almost 70% of the impersonated companies are from the Entertainment /Media and Technology/Software sectors." The attacks are notable for the deployment of version 0.7 of the Rhadamanthys stealer, which, as detailed by Recorded Future's Insikt Group early last month, incorporates artificial intelligence (AI) for optical character recognition ...

A novel multi-stage loader called  DoubleFinger  has been observed delivering a cryptocurrency stealer dubbed GreetingGhoul in what's an advanced attack targeting users in Europe, the U.S., and Latin America. "DoubleFinger is deployed on the target machine, when the victim opens a malicious PIF attachment in an email message, ultimately executing the first of DoubleFinger's loader stages," Kaspersky researcher Sergey Lozhkin  said  in a Monday report. The starting point of the attacks is a modified version of  espexe.exe  – which refers to Microsoft Windows Economical Service Provider application – that's engineered to execute shellcode responsible for retrieving a PNG image file from the image hosting service Imgur. The image employs steganographic trickery to conceal an encrypted payload that triggers a four-stage compromise chain which eventually culminates in the execution of the GreetingGhoul stealer on the infected host. A notable aspect of Gree...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte , aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated identity theft, wire and bank fraud affecting a financial institution, and money laundering. According to heavily redacted court documents released by the DoJ, Witte and 16 other unnamed cohorts have been accused of running a transnational criminal organization to develop and deploy a digital suite of malware tools with an aim to target businesses and individuals worldwide for theft and ransom. Since its origin as a banking Trojan in late 2015,  TrickBot  has evolved into a " crimeware-as-a-service " capable of pilfering valuable personal and financial information and even droppi...