Search results for malware | Breaking Cybersecurity News | The Hacker News

Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations. Dubbed " Xavier ," the malicious ad library, initially emerged in September 2016, is a member of AdDown malware family, potentially posing a severe threat to millions of Android users. Since 90 percent of Android apps are free for anyone to download, advertising on them is a key revenue source for their developers. For this, they integrate Android SDK Ads Library in their apps, which usually doesn't affect an app's core functionality. According to security researchers at Trend Micro , the malicious ad library comes pre-installed on a wide range of Android applications, including photo editors, wallpapers and ringtone changers, Phone tracking, Volume Booster, Ram Optimizer and music-video player. Features of Xavier Info-Stealing Malware

A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans (RAT) capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word documents as droppers to deploy a previously unknown Python-based RAT dubbed "PoetRAT" due to various references to sonnets by English playwright William Shakespeare. "The RAT has all the standard features of this kind of malware, providing full control of the compromised system to the operation," said Cisco Talos in an analysis published last week. According to the researchers, the malware specifically targets supervisory control and data acquisition (SCADA) systems in the energy industry, such as wind turbine systems, whose identities are currently not known. The development is the latest in a surge in cyberattacks exploiting the ongoing coronavirus pandemi

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said . FakeCalls was previously documented by Kaspersky in April 2022, describing the malware's capabilities to imitate phone conversations with a bank customer support agent. In the observed attacks, users who install the rogue banking app are enticed into calling the financial institution by offering a fake low-interest loan. At the point where the phone call actually happens, a pre-recorded audio with instructions from the real bank is played. Simultaneously, the malware conceals the phone number with the bank's legitimate number to give the impression that a conversation

Hey Android users! I am quite sure that you must be syncing your Smartphone with your PCs for transferring files and generating backup of your device.  If your system is running a windows operating system, then it's a bad news for you. Researchers have discovered a new piece of windows malware that attempts to install mobile banking malware on Android devices while syncing. Last year in the month of February, Kaspersky Lab revealed an Android malware that could infect your computer when connected to Smartphone or tablets.   Recently, Researchers at Symantec antivirus firm discovered another interesting windows malware called ' Trojan . Droidpak ', that drops a malicious DLL in the computer system and then downloads a configuration file from the following remote server: https://xia2.dy[REMOVED]s-web.com/iconfig.txt The Windows Trojan then parses this configuration file and download a malicious APK (an Android application) from the following location on the

Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it's true. Dubbed " LoudMiner " and also " Bird Miner, " the attack leverages command-line based virtualization software on targeted systems to silently boot an image of Tiny Core Linux OS that already contains a hacker-activated cryptocurrency mining software in it. Isn't it interesting to use emulation to run single-platform malware on cross-platforms? Spotted by researchers at ESET and Malwarebytes , attackers are distributing this malware bundled with pirated and cracked copies of VST (Virtual Studio Technology) software on the Internet and via Torrent network since August 2018. VST applications contain sounds, effects, synthesizers, and other advanced editing features that allow tech-centric audio professionals to create music.

Four years ago, NASDAQ servers were compromised by Russian hackers, who were somehow able to insert a " digital bomb " into the systems of NASDAQ stock exchange, which would have been able to cause several damage to the computer systems in the stock market and could bring down the entire structure of the financial system of the United States. Till now, identities of the hackers have not been identified by the agencies who are investigating the whole incident from past four years. However, it has been identified that the intruder was not a student or a teen, but the intelligence agency of another country. The Hackers successfully infiltrated the network of NASDAQ stock exchange with customized malware which had ability to extract data from the systems and carry out surveillance as well. However, a closer look at the malware indicated that it was designed to cause widespread disruption in the NASDAQ computer system. MALWARE EXPLOITS TWO 0-DAY VULNERABILITIES

The threat actor behind the  BlackRock  and  ERMAC  Android banking trojans has unleashed yet another malware for rent called  Hook  that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a  report  shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "all the capabilities of its predecessor." "In addition, it also adds to its arsenal Remote Access Tooling (RAT) capabilities, joining the ranks of families such as  Octo  and  Hydra , which are capable performing a full Device Take Over (DTO), and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels," the Dutch cybersecurity firm said. A majority of the financial apps targeted by the malware are located in the U.S., Spain, Australia, Poland, Canada, Turkey, the U.K., Fran

iBanking is nothing but a mobile banking Trojan app which impersonates itself as a so-called ' Security App ' for Android devices and distributed through HTML injection attacks on banking sites, in order to deceive its victims. Recently, its source code has been leaked online through an underground forum that gave the opportunities to a larger number of cyber criminals to launch attacks using this kind of ready-made mobile malware. The malicious iBanking app installed on victims' phone has capabilities to spy on user's communications. The bot allows an attacker to spoof SMS, redirect calls to any pre-defined phone number, capture audio using the device's microphone and steal other confidential data like call history log and the phone book contacts. According to new report from ESET security researchers, now this iBanking Trojan ( Android/Spy.Agent.AF ) is targeting Facebook users by tricking them to download a malware application. The malware uses

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta  said  in its Quarterly Adversarial Threat Report. "They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware." The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into cl

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware "Electron Bot," in reference to a command-and-control (C2) domain used in recent campaigns. The identity of the attackers is not known, but evidence suggests that they could be based out of Bulgaria. "Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud," Check Point's Moshe Marelus  said  in a report published this week. "It is mainly distributed via the Microsoft store platform and dropped from dozens of infected applications, mostly games, which are constantly uploaded by the attackers." The first sign of malicious activity commenced as an ad clicker campaign that was discovered in O

Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called  Cyclops Blink  that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices," the agencies  said . "In common with VPNFilter, Cyclops Blink deployment also appears indiscriminate and widespread." The  joint government advisory  comes from the U.K. National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) in the U.S. Sandworm , aka Voodoo Bear, is the name assigned to a  highly advanced adversary  operating out of Russia that's known to be active since at least 2008.

Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device. Following responsible disclosure by Check Point researchers, the 11 apps ( list and hashes here ) in question were removed by Google from the Play Store on April 30, 2020. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point 's Aviran Hazum, who identified the new modus operandi of Joker malware. "Although Google removed the malicious apps from the P

A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users' credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ' Unflod Baby Panda ', on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone. CHINA WANTS YOUR APPLE ID & PASSWORDS Soon after the jailbroken developer uncovered the mysteries ' Unfold.dylib ' file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins . The researchers found that the captured login information is been sent

Cybersecurity researchers yesterday unveiled the existence of a highly sophisticated spyware framework that has been in operation for at least last 5 years—but remained undetected until recently. Dubbed TajMahal by researchers at Kaspersky Lab, the APT framework is a high-tech modular-based malware toolkit that not only supports a vast number of malicious plugins for distinct espionage operations, but also comprises never-before-seen and obscure tricks. Kaspersky named the framework after Taj Mahal, one of the Seven Wonders of the World located in India, not because it found any connection between the malware and the country, but because the stolen data was transferred to the attackers' C&C server in an XML file named TajMahal. TajMahal toolkit was first discovered by security researchers late last year when hackers used it to spy on the computers of a diplomatic organization belonging to a Central Asian country whose nationality and location have not been disclosed

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker  UNC4210 , said the hijacked servers correspond to a variant of a commodity malware called  ANDROMEDA  (aka Gamarue) that was uploaded to VirusTotal in 2013. "UNC4210 re-registered at least three expired ANDROMEDA command-and-control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022," Mandiant researchers  said  in an analysis published last week. Turla, also known by the names Iron Hunter, Krypton, Uroburos, Venomous Bear, and Waterbug, is an elite nation-state outfit that primarily targets government, diplomatic, and military organizations using a large set of custom malware. Since the onset of Russia's  milit

Researchers at Trusteer   spotted a new banking malware program on the underground Russian cybercrime market , that communicates with attackers over the I2P anonymity network is for sale on underground Russian cybercrime forums. Dubbed ' i2Ninja ', malware has most of the features found in other financial malware including the ability to perform HTML injections and form grabbing in Internet Explorer, Firefox and Chrome. i2Ninja can also steal FTP and e-mail credentials. It also has a PokerGrabber module feature that targets poker sites. The traffic between the malware and the command server cannot be easily blocked by intrusion prevention systems or firewalls because it's encrypted and transmitting over the Invisible Internet Project (I2P). Everything from delivering configuration updates to receiving stolen data and sending commands is done via the encrypted I2P channels. I2P communication can make it much harder for security researchers to find and take

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called  TODDLERSHARK . According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark. "The threat actor gained access to the victim workstation by exploiting the exposed setup wizard of the ScreenConnect application," security researchers Keith Wojcieszek, George Glass, and Dave Truman said . "They then leveraged their now 'hands on keyboard' access to use cmd.exe to execute mshta.exe with a URL to the Visual Basic (VB) based malware." The ConnectWise flaws in question are  CVE-2024-1708 and CVE-2024-1709 , which came to light last month and have since come under heavy exploitation by multiple threat actors to deliver cryptocurrency miners, ransomware, remote access trojans, and stealer malware. Kimsuky, also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (pr