#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Trojan | Breaking Cybersecurity News | The Hacker News

Russian Government Software Backdoored to Deploy Konni RAT Malware

Russian Government Software Backdoored to Deploy Konni RAT Malware

Feb 22, 2024 Malware / Cyber Espionage
An installer for a tool likely used by the Russian Consular Department of the Ministry of Foreign Affairs (MID) has been backdoored to deliver a remote access trojan called  Konni RAT  (aka  UpDog ). The findings come from German cybersecurity company DCSO, which linked the activity as originating from the Democratic People's Republic of Korea (DPRK)-nexus actors targeting Russia. The Konni (aka Opal Sleet, Osmium, or  TA406 ) activity cluster has an established pattern of deploying Konni RAT against Russian entities, with the threat actor also linked to  attacks directed against MID  at least since October 2021. In November 2023, Fortinet FortiGuard Labs  revealed  the use of Russian-language Microsoft Word documents to deliver malware capable of harvesting sensitive information from compromised Windows hosts. DCSO said the packaging of Konni RAT within software installers is a technique  previously adopted  by the group in October 2023, when it was found to leverage a backd
Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack

Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack

Dec 05, 2023 Mobile Security / Spyware
A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a  report  shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be 'bypassed' when you trigger its activation." In other words, the goal is to implement Fake Lockdown Mode on a device that's compromised by an attacker through other means, such as  unpatched security flaws  that can trigger execution of arbitrary code. Lockdown Mode , introduced by Apple last year with iOS 16, is an  enhanced security measure  that aims to safeguard high-risk individuals from sophisticated digital threats such as mercenary spyware by  minimizing the attack surface . What it doesn't do is prevent the execution of mali
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

Nov 16, 2023 Advanced Persistent Threat / Zero-Day
A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described  DarkCasino  as an "economically motivated" actor that first came to light in 2021. "DarkCasino is an APT threat actor with strong technical and learning ability, who is good at integrating various popular APT attack technologies into its attack process," the company  said  in an analysis. "Attacks launched by the APT group DarkCasino are very frequent, demonstrating a strong desire to steal online property." DarkCasino was most recently linked to the zero-day exploitation of  CVE-2023-38831  (CVSS score: 7.8), a security flaw that can be weaponized to launch malicious payloads. In August 2023, Group-IB disclosed real-world attacks weaponizing the vulnerability and aimed at online trading forums at least since April 2023 to deli
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

Sep 19, 2023 Mobile Security / Malware
The suspected Pakistan-linked threat actor known as  Transparent Tribe  is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security researcher Alex Delamotte  said  in a Monday analysis. Transparent Tribe , also known as APT36, is known to  target Indian entities  for intelligence-gathering purposes, relying on an arsenal of tools capable of infiltrating Windows, Linux, and Android systems. A crucial component of its toolset is  CapraRAT , which has been propagated in the form of trojanized secure messaging and calling apps branded as MeetsApp and MeetUp. These weaponized apps are distributed using social engineering lures. The latest set of Android package (APK) files discovered by SentinelOne are engineered to mas
New TOITOIN Banking Trojan Targeting Latin American Businesses

New TOITOIN Banking Trojan Targeting Latin American Businesses

Jul 10, 2023 Enterprise Security / Malware
Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called  TOITOIN  since May 2023. "This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscaler researchers Niraj Shivtarkar and Preet Kamal  said  in a report published last week. "These modules are custom designed to carry out malicious activities, such as injecting harmful code into remote processes, circumventing User Account Control via COM Elevation Moniker, and evading detection by Sandboxes through clever techniques like system reboots and parent process checks." The six-stage endeavor has all the hallmarks of a well-crafted attack sequence, beginning with a phishing email containing an embedded link that points to a ZIP archive hosted on an Amazon EC2 instance to evade domain-based detections. The email messages leverage an invoice-themed lure to t
Cybersecurity Resources