#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Trojan Horse | Breaking Cybersecurity News | The Hacker News

Category — Trojan Horse
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks

Nov 20, 2023 Threat Analysis / Malware
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery," Cofense  said  in a report shared with The Hacker News. "The malware families used also follow suit to what we would expect QakBot affiliates to use." QakBot, also called QBot and Pinkslipbot, was  shut down  as part of a coordinated law enforcement effort codenamed Operation Duck Hunt earlier this August. The use of DarkGate and PikaBot in these campaigns is not surprising as they can both act as conduits to deliver additional payloads to compromised hosts, making them both an attractive option for cybercriminals. PikaBot's parallels to QakBot were  previously highlighted  by Zscale...
New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code

Nov 01, 2021
A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that's semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed " Trojan Source attacks ," the technique "exploits subtleties in text-encoding standards such as  Unicode  to produce source code whose tokens are logically encoded in a different order from the one in which they are displayed, leading to vulnerabilities that cannot be perceived directly by human code reviewers," Cambridge University researchers Nicholas Boucher and Ross Anderson said in a newly published paper. The  vulnerabilities  — tracked as CVE-2021-42574 and CVE-2021-42694 — affect compilers of all popular programming languages such as C, C++, C#, JavaScript, Java, Rust, Go, and Python. Compilers are programs that translate high-level human-readable source code into their lower-l...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Beware of Christmas E-Cards: Tips to Avoid Holiday Scams

Beware of Christmas E-Cards: Tips to Avoid Holiday Scams

Dec 23, 2010
Your mailbox may be filling up with Christmas cards from friends and family, and so might your email inbox. But, as the song says, 'you better watch out,' because some of those merry emails could be from an internet Grinch looking to steal your peace of mind. Christmas cards are a great way to send holiday wishes to those you love. However, many of us are opting to send our cards electronically using e-cards. "One of the big problems around Christmastime is everyone sends out Christmas cards. That's great, and it's great to see one in your email inbox. The problem is, about half of them that you're going to get are actually links to viruses and Trojan horses that will infect your computer," explained News 4 WOAI Web Expert Bob Gambert. Some of these malicious emails will attack your email address book and flood your friends' inboxes with spam. So, how do you know which e-card is safe to open? Our computer expert says don't open any of them. Inst...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Expert Insights / Articles Videos
Cybersecurity Resources