⚡ Webinar ▶ Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM Save Your Seat
#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter

windows virus removal | Breaking Cybersecurity News | The Hacker News

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

May 27, 2020
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang (also called Double Gun ), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits , and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware — a technique called steganography — the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said. The initial compromise relies on luring unsuspecting users to install game launching software from sketchy game portals that contain malicious code under the guise of a patch. Once the user downloads and inst
WannaCry Inspires Banking Trojan to Add Self-Spreading Ability

WannaCry Inspires Banking Trojan to Add Self-Spreading Ability

Aug 02, 2017
Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are attempting to give its banking Trojan the self-spreading worm-like capabilities that made recent ransomware attacks go worldwide. The new version of credential stealing TrickBot banking Trojan, known as " 1000029 " ( v24 ), has been found using the Windows Server Message Block (SMB)—that allowed WannaCry and Petya to spread across the world quickly. TrickBot is a banking Trojan malware that has been targeting financial institutions across the world since last year. The Trojan generally spreads via email attachments impersonating invoices from a large unnamed "international financial institution," but actually leads victims to a fake login page used to steal credenti
cyber security

external linkResearch Report: State of Threat Detection

websitevectra.aiSecOps / Threat Detection
SecOps get 4,484 alerts a day — learn how to regain control in the free report. Download now.
Cybersecurity Resources