Malware | Breaking Cybersecurity News | The Hacker News

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069 . Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a legitimate, well-known company. "They had cloned the company's founders' likeness as well as the company itself," Saayman said in a post-mortem of the incident. "They then invited me to a real Slack workspace. This workspace was branded to the company's CI and named in a plausible manner. The Slack [workspace] was thought out very well; they had channels where they were sharing LinkedIn posts." Subsequently, the threat actors are said to have scheduled a meeting with him on Microsoft Teams. Upon joining the fake call, he was presented with a fake error mes...

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while silently scanning victims' photo galleries for cryptocurrency wallet recovery phrases. Russian cybersecurity company Kaspersky said it found two infected apps on the App Store and one on the Google Play Store that primarily target cryptocurrency users in Asia. "The iOS variant, however, takes a different approach as it scans for cryptocurrency wallet mnemonic phrases, which are in English," the company said. "This makes the iOS variant potentially broader in reach, as it can affect users regardless of their region." The improved version of SparkCat for...

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws coming back to haunt us, and some very clever new tricks that let attackers bypass security logs entirely without leaving a trace. We are also seeing sketchier traffic on the underground and the usual supply chain mess, where one bad piece of code threatens thousands of apps. It is definitely worth a quick scan before you log off for the day, if only to make sure none of this is sitting in your own network. Let's get into it. Pre-auth RCE chain exposed Security Flaws in Progress ShareFile watchTower Labs has disclosed two securi...

A financially motivated operation codenamed REF1695  has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic Security Labs researchers Jia Yu Chan, Cyril François, and Remco Sprooten said in an analysis published this week. Recent iterations of the campaign have also been found to deliver a previously undocumented .NET implant codenamed CNB Bot. These attacks leverage an ISO file as the infection vector to deliver a .NET Reactor-protected loader and a text file with explicit instructions to the user to bypass Microsoft Defender SmartScreen protections against running unrecognized applications by clicking on "More info" and "Run anyway...

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA , the vast majority of the targets are located in Italy. It's assessed that the threat actors behind the activity used social engineering tactics to get users to install malicious software that mimicked WhatsApp. All the affected users have been logged out and have been recommended to uninstall the malware-laced apps and download the official WhatsApp app. WhatsApp did not reveal who was targeted in these attacks. The tech giant said it's also taking action against Asigint, an Italian subsidiary of spyware company SIO, for allegedly creating a counterfeit version of WhatsApp.  On its website, the company advertises solutions to law enforcement agencies, government organizations, and police and intelligenc...