Search results for malware | Breaking Cybersecurity News | The Hacker News

A recent malware campaign has been found to leverage  Satacom downloader  as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. "The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim's account by performing web injections into targeted cryptocurrency websites," Kaspersky researchers Haim Zigel and Oleg Kupreev  said . Targets of the campaign include Coinbase, Bybit, KuCoin, Huobi, and Binance users primarily located in Brazil, Algeria, Turkey, Vietnam, Indonesia, India, Egypt, and Mexico. Satacom downloader, also called  Legion Loader , first emerged in 2019 as a dropper for next-stage payloads, including information stealers and cryptocurrency miners. Infection chains involving the malware begin when users searching for cracked software are redirected to bogus websites that host ZIP archive files containing the malware. "Various types

A new ATM malware strain dubbed  FiXS  has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q  said  in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and is capable of infecting any teller machine that supports  CEN/XFS  (short for eXtensions for Financial Services). The exact mode of compromise remains unknown but Metabase Q's Dan Regalado told The Hacker News that it's likely that "attackers found a way to interact with the ATM via touchscreen." FiXS is also said to be similar to another strain of  ATM malware  codenamed  Ploutus  that has enabled cybercriminals to extract cash from ATMs by using an external keyboard or by  sending an SMS message . One of the notable characteristics of FiXS is its ability to disp

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

The year begins with the number of new variants of malware that were discovered by various security researchers. The new variants are more complex, sophisticated and mostly undetectable. Two years back in 2012, the FBI warned us about the ' GameOver ' banking Trojan, a variant of Zeus financial malware that spreads via phishing emails. GameOver makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. But that wasn't the end; a new variant of the same family of banking Trojan has been discovered by researchers that are being delivered by cyber criminals to users' machines, making it easier for the banking malware to evade detection and steal victim's banking credentials. Malcovery's Gary Warner explains

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular platform-as-a-service (PaaS) solution for Linux and Windows designed to make it easier for developers to create, test, and run their applications in a loosely isolated environment called a container. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware. While the Ngrok mining botnet is active for the past two years, the new campaign is primarily focused on taking control over misconfigured Docker servers and exploiting them to set up malicious containers with cryptominers running on the victims' infrastructu

A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks. According to Kafeine, a security researcher at Proofpoint , another group of cyber criminals was using the same EternalBlue exploit , created by the NSA and dumped last month by the Shadow Brokers, to infect hundreds of thousands of computers worldwide with a cryptocurrency mining malware called ' Adylkuzz .' This malicious campaign went unnoticed for weeks because unlike WannaCry , this malware does not install ransomware or notify victims, but instead, it quietly infects unpatched computers with malware that only mine ' Monero ,' a Bitcoin-like cryptocurrency. This Malware Saves Computers From Getting Hacked By WannaCry The Researcher believes Adylkuzz malware attack could be larger in scale than WannaCry ransomware attack because it has been designed to blo

A new malware loader is being used by threat actors to deliver a wide range of  information stealers  such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and  Rescoms . Cybersecurity firm ESET is tracking the trojan under the name  Win/TrojanDownloader.Rugmi . "This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk," the company  said  in its Threat Report H2 2023. Telemetry data gathered by the company shows that detections for the Rugmi loader spiked in October and November 2023, surging from single digit daily numbers to hundreds per day. Stealer malware is typically sold under a malware-as-a-service (MaaS) model to other threat actors on a subscription basis. Lumma Stealer, for instance, is advertised in underground forums for $250 a month. The most expen

We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year.  Security researchers have observed a growth in the numbers of computer malware families starting to use TOR-based communications, but recently the Security Researchers at anti-virus firm Kaspersky Lab have spotted  the world's first Tor-Based Malware for Android Operating system. The Android Malware dubbed as ' Backdoor. AndroidOS .Torec.a ', using Tor hidden service protocol for stealth communication with Command-and-Control servers. Researchers detected that the Trojan is running from .Onion Tor domain and working on the functionality of an open source Tor client for Android mobile devices, called ' Orbot ', thus eliminating the threat of the botnet being de

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service (DDoS) attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images. "Docker containers provide a convenient way for packaging software, which is evident by its increasing adoption rate," Unit 42 researchers said . "This, combined with coin mining, makes it easy for a malicious actor to distribute their images to any machine that supports Docker and instantly starts using its compute resources towards cryptojacking." Docker is a well-known platform-as-a-servic

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed  Beep  that's designed to fly under the radar and drop additional payloads onto a compromised host. "It seemed as if the authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find," Minerva Labs researcher Natalie Zargarov  said . "One such technique involved delaying execution through the use of the  Beep API function , hence the malware's name." Beep comprises three components, the first of which is a dropper that's responsible for creating a new Windows Registry key and executing a Base64-encoded PowerShell script stored in it. The PowerShell script, for its part, reaches out to a remote server to retrieve an injector, which, after confirming it's not being debugged or launched in a virtual machine, extracts and launches the payload via a technique called  process hollowing . The payload is an

Last year saw a record-setting number of new threats appear online. In particular, criminals managed to create one-third of all viruses ever seen, 34% of all malware in existence, and 40% of all known fake AV. Those findings come from a study released Wednesday by PandaLabs, the malware research arm of antivirus vendor Panda Security. The firm said it had analyzed 99.4% of the 134 million unique files its systems automatically collected in 2010. Of those files, 60 million were malware -- viruses, worms, Trojans, and other threats. The report also found that the volume of new malware created -- about 20 million new strains -- remained roughly constant from 2009 to 2010, while the number of new threats overall increased. Between the beginning and end of 2010, according to PandaLabs, "the average number of new threats created every day has risen from 55,000 to 63,000." While names such as Zeus and Bredolab continue to make headlines -- since they're behind many attacks --

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed  Domino , is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021. "Former members of the  TrickBot/Conti syndicate  [...] have been using Domino since at least late February 2023 to deliver either the Project Nemesis information stealer or more capable backdoors such as Cobalt Strike," IBM Security X-Force security researcher Charlotte Hammond  said  in a report published last week. FIN7 , also called Carbanak and ITG14, is a prolific  Russian-speaking cybercriminal syndicate  that's known to employ an array of custom malware to deploy additional payloads and broaden its mone

Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups— APT34 , also known as ITG13 and Oilrig, and Hive0081 , also known as xHunt. A team of researchers at IBM who discovered the ZeroCleare malware says that the new wiper malware shares some high-level similarities with the infamous Shamoon, one of the most destructive malware families known for damaging 30,000 computers at Saudi Arabia's largest oil producer in 2012. Just like the Shamoon wiper malware , ZeroCleare also uses a legitimate hard disk driver called 'RawDisk by ElDos' to overwrite the master boot record (MBR) and disk partitions of targeted computers running the Windows operating system. Though EldoS driver is not s

Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace. While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of luring unsuspecting users into downloading malware-laced apps. The latest findings from  Zscaler ThreatLabz  and  Pradeo  are no different. "Joker is one of the most  prominent malware families  targeting Android devices," researchers Viral Gandhi and Himanshu Sharma said in a Monday report. "Despite public awareness of this particular malware, it keeps finding its way into Google's official app store by regularly modifying the malware's trace signatures including updates to the code, execution methods, and payload-retrieving techniques." Categorized as  fleecewa

If you hold an interest in the North Korean Missile Program and are one of those curious to know capabilities of the recently tested North Korean long-range missile than you could be a target of a new malware campaign. North Korea claims to have conducted the first test of an intercontinental ballistic missile (ICBM), the Hwasong-14 , on 3rd July, and US officials believe the country may have fired a brand-new missile that has not been seen before. Now, just a day after the test missile launch, hackers have started utilizing the news to target people interested in North Korean missile arsenal that has progressed over the decades from crude artillery rockets to testing what the country claims long-range missiles that could strike targets in the United States. Security researchers at Talos Intelligence have discovered a new malware campaign that started on 4th July to target victims with KONNI, an unknown Remote Access Trojan (RAT) that has been in use for over three years.

A new Golang-based information stealer malware dubbed  Titan Stealer  is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi  said  in a recent report. Details of the malware were  first documented  by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan. Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim's machine. The malware, upon execution, employs a technique known as  process hollowing  to inject the malicious payload into the memory of a legitimate process known as AppLa

Two days ago, Microsoft encountered a rapidly spreading cryptocurrency-mining malware that infected almost 500,000 computers within just 12 hours and successfully blocked it to a large extent. Dubbed Dofoil , aka Smoke Loader , the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mines Electroneum coins, yet another cryptocurrency, for attackers using victims' CPUs. On March 6, Windows Defender suddenly detected more than 80,000 instances of several variants of Dofoil that raised the alarm at Microsoft Windows Defender research department, and within the next 12 hours, over 400,000 instances were recorded. The research team found that all these instances, rapidly spreading across Russia, Turkey, and Ukraine, were carrying a digital coin-mining payload, which masqueraded as a legitimate Windows binary to evade detection. However, Microsoft has not mentioned how these instances were delivered to such a massive audienc

Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have already downloaded them with banking malware. The apps in question masquerade as a currency exchange app called Currency Converter and battery saver app called BatterySaverMobi , and are using motion-sensor inputs of infected Android devices to monitor them before installing a dangerous banking Trojan called Anubis. The malicious Android apps, with a large number of fake five-star reviews, use this clever trick instead of traditional evasion techniques in order to avoid detection when researchers run emulators (which are less likely to use sensors) to detect such malicious apps. &quo

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as  WailingCrab . "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage," IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat Metrick  said . WailingCrab, also called WikiLoader, was  first documented  by Proofpoint in August 2023, detailing campaigns targeting Italian organizations that used the malware to ultimately deploy the Ursnif (aka Gozi) trojan. It was spotted in the wild in late December 2022. The malware is the handiwork of a threat actor known as TA544, which is also tracked as Bamboo Spider and Zeus Panda. IBM X-Force has named the cluster Hive0133. Actively maintained by its operators, the malware has been observed incorporating features that prioritize stealth and allows it to resist an