#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Cyble | Breaking Cybersecurity News | The Hacker News

Category — Cyble
Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence

Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence

Mar 28, 2023 Advanced Persistent Threat
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which  attributed  the operation to  SideCopy , the activity cluster is designed to target the Defence Research and Development Organization ( DRDO ), the research and development wing of India's Ministry of Defence. Known for emulating the infection chains associated with  SideWinder  to deliver its own malware, SideCopy is a threat group of Pakistani origin that shares overlaps with  Transparent Tribe . It has been active since at least 2019. Attack sequences mounted by the group involve using spear-phishing emails to gain initial access. These messages come bearing a ZIP archive file that contains a Windows shortcut file (.LNK) masquerading as information about the  K-4 ballistic missile  developed by DRDO. Executing the .LNK file leads to the retrieva...
 Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide

Dec 06, 2022 Mobile Malware / Darknet
Cybersecurity researchers have shed light on a darknet marketplace called  InTheBox  that's designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own. "The automation allows other bad actors to create orders to receive the most up to date web injects for further implementation into mobile malware," Resecurity  said . "InTheBox may be called the largest and probably the only one in its marketplace category providing high-quality web injects for popular types of mobile malware." Web injects are  packages  used in financial malware that leverage the adversary-in-the-browser (AitB) attack vector to serve malicious HTML or JavaScript code in the form of an overlay screen when victims launch a banking, crypto, payments, ...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Nov 08, 2022
Cryptocurrency users are being targeted with a new clipper malware strain dubbed  Laplas  by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other  commodity trojans  like  SystemBC  and  Raccoon Stealer 2.0 , according to an  analysis  from Cyble. Observed in the wild since circa 2013,  SmokeLoader  functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called  Amadey . Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment. Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls  cryware , which are designed to steal crypto by keeping close tabs on a vic...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

May 10, 2022
Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers  said  in an analysis last week. "The stealer also steals data from various locations across the system and compresses it in a password-protected ZIP file." A 32-bit C# .NET-based executable with the name "saintgang.exe," Saintstealer is equipped with anti-analysis checks, opting to terminate itself if it's running either in a sandboxed or virtual environment. The malware can capture a wide range of information that ranges from taking screenshots to gathering passwords, cookies, and autofill data stored in Chromium-based browsers such as Google Chrome, Opera, Edge, Brave, Vivaldi, and Yandex, among others. It can also steal Discord multi-factor authentication toke...
Expert Insights / Articles Videos
Cybersecurity Resources