#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

worm | Breaking Cybersecurity News | The Hacker News

Category — worm
Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

Dec 21, 2022
The  Raspberry Robin  worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools," Trend Micro researcher Christopher So  said  in a technical analysis published Tuesday. A majority of the infections have been detected in Argentina, followed by Australia, Mexico, Croatia, Italy, Brazil, France, India, and Colombia. Raspberry Robin, attributed to an activity cluster tracked by Microsoft as  DEV-0856 , is being increasingly  leveraged by multiple threat actors  as an initial access mechanism to deliver payloads such as  LockBit  and  Clop  ransomware. The malware is known for relying on infected USB drives as a distribution vector to download a rogue MSI ...
DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly

Mar 17, 2022
The malware known as DirtyMoe has gained new worm-like propagation capabilities that allow it to expand its reach without requiring any user interaction, the latest research has found. "The worming module targets older well-known vulnerabilities, e.g.,  EternalBlue  and  Hot Potato  Windows privilege escalation," Avast researcher Martin Chlumecký  said  in a report published Wednesday. "One worm module can generate and attack hundreds of thousands of private and public IP addresses per day; many victims are at risk since many machines still use unpatched systems or weak passwords." Active since 2016, the  DirtyMoe botnet  is used for carrying out cryptojacking and distributed denial-of-service (DDoS) attacks, and is deployed by means of external exploit kits like  Purple Fox  or injected installers of Telegram Messenger. Also employed as part of the attack sequence is a DirtyMoe service that triggers the launch of two additional p...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Thunderstrike 2: World's First Firmware Worm That Infects Mac Computers Without Detection

Thunderstrike 2: World's First Firmware Worm That Infects Mac Computers Without Detection

Aug 05, 2015
If you think Apple's Mac computers are much more secure than Windows-powered systems, you need to think again. This isn't true, and security researchers have finally proved it. Two security researchers have developed a proof-of-concept computer worm for the first time that can spread automatically between MacBooks, without any need for them to be networked. Dubbed Thunderstrike 2 , the new proof-of-concept firmware attack is inspired by previously developed proof-of-concept firmware called Thunderstrike. Thunderstrike Attack , developed by security engineer Trammell Hudson, actually took advantage of a vulnerability in Thunderbolt Option ROM that could be used to infect Apple Extensible Firmware Interface (EFI) by allocating a malicious code into the boot ROM of an Apple computer through infected Thunderbolt devices. Thunderstrike 2 Spreads Remotely Although the original Thunderstrike required an attacker to have physical access to your Mac computer to wor...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Malware Exploits SHELLSHOCK Vulnerability to Hack NAS Devices

Malware Exploits SHELLSHOCK Vulnerability to Hack NAS Devices

Dec 16, 2014
The year is about to end, but serious threats like  Shellshock is " far from over ". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation. Security researchers have unearthed a malicious worm that is designed to plant backdoors on network-attached storage (NAS) systems made by Taiwan-based QNAP and gain full access to the contents of those devices. The worm is spread among QNAP devices, which run an embedded Linux operating system, by the exploitation of the GNU Bash vulnerability known as ShellShock or Bash, according to security researchers at the Sans Institute. QNAP vendor released a patch in early October to address the flaw in its Turbo NAS product, but because the patches are not automatic or easy to apply for many users, so a statistically significant portion of systems remain vulnerable and exposed to the Bash bug . Sh...
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies

Mar 20, 2014
Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices. A Linux worm named Linux . Darlloz , earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin. Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year. Linux . Darlloz worm exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate and is capable to infect devices those run Linux on Intel's x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL. The latest variant of Linux . Darlloz equipped with an open source crypto currency mining tool called ' cpuminer ', could be us...
Cryptolocker Malware learned to replicate itself through removable USB drives

Cryptolocker Malware learned to replicate itself through removable USB drives

Jan 06, 2014
In the category of Ransomware Malware, a nasty piece of malware called  CRYPTOLOCKER  is on the top, that threatened most of the people around the world, effectively destroying important files of the victims. Cryptolocker, which strongly encrypts victims' hard drives until a ransom is paid, is now again back in action to haunt your digital life with an additional feature. Until now, CryptoLocker has been spread via spam email, with victims tempted to download an attachment or click on a link to a malicious website, but now it can spread itself as a worm through removable USB drives . Security Researchers at Trend Micro have recently reported a new variant of Cryptolocker which is capable of spreading through removable USB drives. As Previously reported by our Security experts at The Hacker News , Cryptolocker is a malware which locks your files and demand a ransom to release it. The files are encrypted so removing the malware from the system doesn't unlo...
Super 'Stuxnet' Malware development in progress to destroy Iran’s nuclear program

Super 'Stuxnet' Malware development in progress to destroy Iran's nuclear program

Dec 03, 2013
Saudi Arabia and Israel's Mossad intelligence division are reportedly collaborating to develop a computer worm more destructive than the Stuxnet malware to spy on and destroy the software structure of Iran's nuclear program. The Iranian Fars news agency has reported : " Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides' cooperation in intelligence and sabotage operations against Iran's nuclear program. "  " One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran's nuclear program ," But Why ? The report claims that Saudi Arabia and Israel were not particularly happy with the deal between between Iran and the Group 5+1 (the US, Russia, China, France and Britain plus Germany) and Israel has dubbed the deal as " historic m...
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

Nov 30, 2013
A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability ( CVE-2012-1823 ) to propagate that has been patched as far back as May 2012. Linux worm, which has been dubbed Linux.Darlloz , poses a threat to devices such as home routers and set-top boxes, Security Cameras, and even industrial control systems. It is based on proof-of-concept code released in late October and it helps spread malware by exploiting a vulnerability in php-cgi . " Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability. If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. " the Symantec researchers explained. The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of sy...
Expert Insights / Articles Videos
Cybersecurity Resources