#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Information theft | Breaking Cybersecurity News | The Hacker News

Category — Information theft
Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia

Nov 15, 2024 Malware / Credential Theft
A Vietnamese-speaking threat actor has been linked to an information-stealing campaign targeting government and education entities in Europe and Asia with a new Python-based malware called PXA Stealer . The malware "targets victims' sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software," Cisco Talos researchers Joey Chen, Alex Karkins, and Chetan Raghuprasad said . "PXA Stealer has the capability to decrypt the victim's browser master password and uses it to steal the stored credentials of various online accounts" The connections to Vietnam stem from the presence of Vietnamese comments and a hard-coded Telegram account named " Lone None " in the stealer program, the latter of which includes an icon of Vietnam's national flag and a picture of the emblem for Vietnam's Ministry of Public Security. Cisco Talos said it observed th...
New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data

New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data

Aug 23, 2024 Endpoint Security / Data Privacy
Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It's capable of targeting both x86_64 and Arm architectures. "Cthulhu Stealer is an Apple disk image (DMG) that is bundled with two binaries, depending on the architecture," Cado Security researcher Tara Gould said . "The malware is written in Golang and disguises itself as legitimate software." Some of the software programs it impersonates include CleanMyMac, Grand Theft Auto IV, and Adobe GenP, the last of which is an open-source tool that patches Adobe apps to bypass the Creative Cloud service and activates them without a serial key. Users who end up launching the unsigned file af...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

May 21, 2024 Data Breach / Malware
The persistent threat actors behind the  SolarMarker  information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries," the company  said  in a report published last week. "This separation enhances the malware's ability to adapt and respond to countermeasures, making it particularly difficult to eradicate." SolarMarker , known by the names Deimos, Jupyter Infostealer, Polazert, and Yellow Cockatoo, is a sophisticated threat that has  exhibited a continuous evolution  since its emergence in September 2020. It has the capability to steal data from several web browsers and cryptocurrency wallets, as well...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities

Apr 01, 2024 Mobile Security / Data Privacy
The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data. "Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions," NCC Group researcher Joshua Kamp  said  in a report published last week. Vultur was  first disclosed  in early 2021, with the malware capable of leveraging Android's accessibility services APIs to execute its malicious actions. The malware has been observed to be  distributed via trojanized dropper apps  on the Google Play Store, masquerading as authenticator and productivity apps to trick unwitting users into installing them. These dropper apps are offered as part of...
New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

Dec 20, 2023 Cryptocurrency / Malware
A new Go-based information stealer malware called  JaskaGO  has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery,  said  the malware is "equipped with an extensive array of commands from its command-and-control (C&C) server." Artifacts designed for macOS were first observed in July 2023, impersonating installers for legitimate software such as CapCut. Other variants of the malware have masqueraded as AnyConnect and security tools.  Upon installation, JaskaGO runs checks to determine if it is executing within a virtual machine (VM) environment, and if so, executes a harmless task like pinging Google or printing a random number in a likely effort to fly under the radar. In other scenarios, JaskaGO proceeds to harvest information from the victim system and establishes a connection to its C&C for receiving further instructions, including executing shell command...
Expert Insights / Articles Videos
Cybersecurity Resources