#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Ursnif | Breaking Cybersecurity News | The Hacker News

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Nov 23, 2023 Malware / Threat Analysis
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as  WailingCrab . "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat Metrick  said . WailingCrab, also called WikiLoader, was  first documented  by Proofpoint in August 2023, detailing campaigns targeting Italian organizations that used the malware to ultimately deploy the Ursnif (aka Gozi) trojan. It was spotted in the wild in late December 2022. The malware is the handiwork of a threat actor known as TA544, which is also tracked as Bamboo Spider and Zeus Panda. IBM X-Force has named the cluster Hive0133. Actively maintained by its operators, the malware has been observed incorporating features that prioritize stealth and allows it to resist an
BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

Mar 11, 2023 Cyber Threat Intelligence
The malware downloader known as BATLOADER has been observed  abusing Google Ads  to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company  eSentire , the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and Zoom. BATLOADER , as the name suggests, is a loader that's responsible for distributing next-stage malware such as information stealers, banking malware, Cobalt Strike, and even ransomware. One of the key traits of the BATLOADER operations is the use of software impersonation tactics for malware delivery. This is achieved by setting up lookalike websites that host Windows installer files masquerading as legitimate apps to trigger the infection sequence when a user searching for the software clicks a rogue ad on the Google search results page. These MSI installer files, when launched, execute Python scripts that contain the BATLOADER payload to retrie
Code Keepers: Mastering Non-Human Identity Management

Code Keepers: Mastering Non-Human Identity Management

Apr 12, 2024DevSecOps / Identity Management
Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or
New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

Oct 20, 2022
The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable banking fraud, but is consistent with the broader threat landscape," Mandiant researchers Sandor Nemes, Sulian Lebegue, and Jessa Valdez  disclosed  in a Wednesday analysis. The refreshed and refactored variant, first spotted by the Google-owned threat intelligence firm in the wild on June 23, 2022, has been codenamed LDR4, in what's being seen as an attempt to lay the groundwork for potential ransomware and data theft extortion operations. Ursnif, also called Gozi or ISFB, is one of the oldest banker malware families, with  the earliest documented attacks  going as far back as 2007. Check Point, in August 2020, mapped the " divergent evolution of Gozi " over th
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources