Stealer | Breaking Cybersecurity News | The Hacker News

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, malicious software cracks, and keygens," Morphisec malware researcher Arnold Osipov  said  in a report published Tuesday. Based on the  Oski Stealer  and first discovered in June 2021,  Mars Stealer  is said to be constantly under development and available for sale on over 47 underground forums, darknet sites, and Telegram channels, costing only $160 for a lifetime subscription. Information stealers allow adversaries to vacuum personal information from compromised systems, including stored credentials and browser cookies, which are then sold on criminal marketplaces or used as a springboard for launching further attacks. The release of Mars Stealer last year has also ...

Google has recently removed a Rogue Android gaming app called " Balloon Pop 2 " from its official Play store that was actually stealing user's private Whatsapp app conversations. Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware represents an excellent solution to the request. In the past I already posted an article on the implementation of encryption mechanisms for WhatsApp application explaining that improper design could allow attackers to snoop on the conversation. Spreading the malware through an official channel the attacker could improve the efficiency of the attack, and it is exactly what is happening, an Android game has been published on the official Google Play store to stealthy steal users' WhatsApp conversation databases and to resell the collection of messages on an internet website. The games titled " Balloon Pop 2 " has been fortunately identified and removed from the official Google Play...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a recent report Sophos security firm revealed that in Australia and the U.S. Android threat exposure rates exceeding those of PCs showing the urgency to implement proper countermeasures. The situation appears really critical that why I asked to the expert of Group-IB Forensics Lab to show me how these agents work with a really case study. Several month ago Group-IB Forensics Lab detected mobile-banking malware through Google Play by Sberbank request (Russian leading national bank).  The File associated to the malware was named sber.apk , it was an Android Package having size of 225,905 bytes and digest md5: F27D43DFEEDFFAC2EC7E4A069B3C9516 . Analyzing the functionality of th...