#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

malware framework | Breaking Cybersecurity News | The Hacker News

Category — malware framework
North Korean Hackers Spotted Using New Multi-Platform Malware Framework

North Korean Hackers Spotted Using New Multi-Platform Malware Framework

Jul 23, 2020
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework — so-called because of the authors' reference to the infrastructure as "MataNet" — comes with a wide range of features designed to carry out a variety of malicious activities on infected machines. The MATA campaign is said to have begun as early as April of 2018, with the victimology traced to unnamed companies in software development, e-commerce and internet service provider sectors situated in Poland, Germany, Turkey, Korea, Japan, and India, cybersecurity firm Kaspersky said in its Wednesday analysis. The report offers a comprehensive look at the MATA framework, while also building on previous evidence gathered by researche...
Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years

Sophisticated 'TajMahal APT Framework' Remained Undetected for 5 Years

Apr 10, 2019
Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years—but remained undetected until recently. Dubbed TajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malware toolkit that not only supports a vast number of malicious plugins for distinct espionage operations, but also comprises never-before-seen and obscure tricks. Kaspersky named the framework after Taj Mahal, one of the Seven Wonders of the World located in India, not because it found any connection between the malware and the country, but because the stolen data was transferred to the attackers' C&C server in an XML file named TajMahal. TajMahal toolkit was first discovered by security researchers late last year when hackers used it to spy on the computers of a diplomatic organization belonging to a Central Asian country whose nationality and location have not been disclosed...
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Jan 06, 2025SaaS Security / Threat Detection
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024 ). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field.  As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems. Here are the Cyber Threat All-Stars to watch out for—the MVPs, rising stars, and master strategists who shaped the game. 1. ShinyHunters: The Most Valuable Player Playstyle: Precision Shots (Cybercriminal Organization) Biggest Wins: Snowflake, Ticketmaster and Authy Notable Drama: Exploited on...
New Android Malware Framework Turns Apps Into Powerful Spyware

New Android Malware Framework Turns Apps Into Powerful Spyware

Aug 23, 2018
Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users' knowledge. The strain of Triout-based spyware apps was first spotted by the security researchers at Bitdefender on May 15 when a sample of the malware was uploaded to VirusTotal by somebody located in Russia, but most of the scans came from Israel. In a white paper (PDF) published Monday, Bitdefender researcher Cristofor Ochinca said the malware sample analyzed by them was packaged inside a malicious version of an Android app which was available on Google Pla...
cyber security

Advance Your Cybersecurity Career at SANS Security East Baltimore 2025

websiteSANS SecurityCybersecurity Training
Choose from 25+ cutting-edge courses & train in-person to unlock $999. Elevate your skills now!
Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA’s Arsenal

Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA's Arsenal

Sep 08, 2017
The Shadow Brokers , a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its "monthly dump service" subscribers. Dubbed UNITEDRAKE , the implant is a "fully extensible remote collection system" that comes with a number of "plug-ins," enabling attackers to remotely take full control over targeted Windows computers. In its latest post, the hacking group announced a few changes to its monthly dump service and released encrypted files from the previous months as well. Notably, the September dump also includes an unencrypted PDF file, which is a user manual for the UNITEDRAKE (United Rake) exploit developed by the NSA. According to the leaked user manual, UNITEDRAKE is a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets. The tool c...
WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks

May 15, 2017
When the world was dealing with the threat of the self-spreading WannaCry ransomware , WikiLeaks released a new batch of CIA Vault 7 leaks , detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed " AfterMidnight " and " Assassin ," both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization's 'Vault 7' series. 'AfterMidnight' Malware Framework According to a statement from WikiLeaks, 'AfterMidnight' allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the ma...
Expert Insights / Articles Videos
Cybersecurity Resources