Search results for malwarebytes download | Breaking Cybersecurity News | The Hacker News

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge , a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a legitimate GitHub project," Kaspersky said in a report published today. "The description and contents of officepackage provided below were also taken from GitHub." While every project created on sourceforge.net gets assigned a "<project>.sourceforge.io" domain name, the Russian cybersecurity company found that the domain for officepackage, "officepackage.sourceforge[.]io," displays a long list of Microsoft Office applications and corresponding links to download them in Russian. On top of that, hovering over the download button reveals a seemi...

If your Facebook wall offers you any horror videos that claim to be of a real ghost spotted, don’t dare to click on them, as it may be hoaxes, malwares or scams contained within which are the real horror for the online users. We have seen a lot of Facebook scams spreading through the Facebook timeline in wild that encourages users to click on it and fall victim, and this time some new horror scam campaign is going viral on Facebook. Christopher Boyd from the security firm Malwarebytes has discovered an epidemic of hoaxes making their way around Facebook with paranormal themes, including: Alleged footage of an “actual” ghost attack a video featuring the Aswang that is described as “a mythical shape-shifting were-dog/vampire/terrifying thing from the Philippines” a video of Mermaids claiming they are back! Video of a huge great white shark tearing apart a sea captain. Facebook has become one of the most popular social networking website with more than one billion ...

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said . "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of the malware strains distributed using this technique are Lumma Stealer , Hijack Loader (aka DOILoader, IDAT Loader, or SHADOWLADDER), and CryptBot , all of which are advertised under the malware-as-a-service (SaaS) model. The starting point of the attack chain is a Windows shortcut (LNK) file that's downloaded via drive-by download techniques -- e.g., when users look up a movie on search engines. It's worth pointing out that the LNK files are distributed within ZIP archives that are disguised as pirated movies. The LNK file connects to a content delivery network...

An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million. Electrum has been facing cyber attacks since December last year when a team of cybercriminals exploited a weakness in the Electrum infrastructure to trick wallet users into downloading the malicious versions of the software. In brief, the attackers added some malicious servers to the Electrum peer network which were designed to purposely display an error to legitimate Electrum wallet apps, urging them to download a malicious wallet software update from an unofficial GitHub repository. The phishing attack eventually allowed attackers to steal wallet funds (almost 250 Bitcoins that equals to about $937,000 at the time) and take full control over the infected systems. To counter this, the developers behind Electrum...

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors' CPUs power in order to mine the Monero cryptocurrency for monetization. However, since its inception, mid-2017, cybercriminals have been abusing the service to illegally make money by injecting their own version of CoinHive JavaScript code to a large number of hacked websites, eventually tricking their millions of visitors into unknowingly mine Monero coins. Since a lot of web application security firms and antivirus companies have now updated their products to detect unauthorized injection of CoinHive JavaScript, cybercriminals have now started abusing a different service from CoinHive to achieve the same. Hackers ...

Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealers, and other variants of potentially unwanted software range into millions. It has ability to create several different forms of itself dynamically in order to thwart antimalware programs. Instagram users are also targeted by the potentially unwanted software programs that claims to enable them to download their Instagram photos and videos using desktop machines or computers. But once downloaded and installed into system, it could expose the user to a number of security vulnerabilities, often overlap with adware , warned the security firm Malwarebytes. " In the case of Instagram, what we've seen out there could pose greater risk than, say, your average phishing site, " said Malwarebytes intelligence analyst Jovi Umawing in a blog post . Instagram is a social networking service use for online photo-sharing and video-sharing. It...

Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet . The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple fixed the issue last month. The privilege-escalation bug was once used to circumvent security protections and gain full control of Mac computers. Thanks to the environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. The vulnerability then allowed attackers to install malware and adware onto a target Mac, running OS X 10.10 (Yosemite), without requiring victims to enter system passwords. However, the company fixed the critical issue in the Mac OS X 10.11 El Capitan Beta builds as well as the latest stable version of Mac OS X – Version 10.10.5 . Mac Keychain Flaw Now, security researchers from anti-malware firm MalwareBytes spotted t...

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as  SideCopy , which is so-called because of its attempts to mimic the infection chains associated with another group tracked as  SideWinder  and mislead attribution. "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi  said , adding the embedded files are tailored to target government and military officials based in Afghanistan and India. The revelation comes close on the heels of  disclosures  that Meta took steps to block malicious activities carr...

Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. After the world's most popular torrent download website, The Pirate Bay , caught secretly  using Coinhive , a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads. However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Un...

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency (IAEA) Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong. The attacks also involved collecting information about other organizations and universities in the country, including the Korea Internet and Security Agency (KISA), Seoul National University, and Daishin Securities. Malwarebytes, however, noted that there is no evidence of active targeting or compromise by the adversary. The development is only the latest in a series of surveil...

Are you curiously googling or searching torrents for photos or videos of Emma Watson, Amanda Seyfried, Rose McGowan, or any other celebrities leaked in The Fappenning 2.0 ? If yes, then beware, you should not click any link promising Fappenning celebrity photos . Cybercriminals often take advantage of news headlines in order to trap victims and trick them into following links that may lead to websites containing malware or survey scams. Last week, a few private photos of Emma Watson and Amanda Seyfried — ranging from regular selfies to explicitly sexual photos — were circulating on the Internet forums, including Reddit and 4chan, with UK's TV presenter Holly Willoughby and US actor Rose McGowan among the latest alleged victims. Now, according to the security researchers from MalwareBytes, scammers are exploiting this new batch of leaked celebrity photos and videos by using their stolen selfies to lure victims on social media sites and making dollars. Also Read: Hacke...

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization ( SEO ) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick software professionals searching for these programs into installing them instead. "Upon execution, a backdoor known as Oyster/Broomstick is installed," the company said in a brief published last week. "Persistence is established by creating a scheduled task that runs every three minutes, executing a malicious DLL (twain_96.dll) via rundll32.exe using the DllRegisterServer export, indicating the use of DLL registration as part of the persistence mechanism." The names of some of the bogus websites are listed below - updaterputty[.]com zephyrhype[.]com putty[.]run putty[.]bet, and puttyy[.]org...

A Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict. The method, which  masquerades  as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns. "Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites," Google's Threat Analysis Group (TAG)  said  in a new report, using it to siphon credentials entered by unsuspected victims to a remote server. Among other groups  using the war as a lure  in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include  Mustang Panda  and  Scarab  as well as nation-state actors...

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name  SEO#LURKER . “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the user to an attacker-controlled phishing site,” security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov  said  in a report shared with The Hacker News. The threat actors are believed to leverage Google’s Dynamic Search Ads ( DSAs ), which automatically generates ads based on a site’s content to serve the malicious ads that take the victims to the infected site. The ultimate goal of the complex multi-stage attack chain is to entice users into clicking on the fake, lookalike WinSCP website, winccp[.]net, and download the malware. “Traffic from the gaweeweb[.]com websi...

An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News. The attacks were observed during the first week of July, coinciding the passage of controversial security law in Hong Kong and India's ban of 59 China-made apps over privacy concerns, weeks after a violent skirmish along the Indo-China border. Attributing the attack with "moderate confidence" to a new Chinese APT group, Malwarebytes said they were able to track their activities based on the "unique phishing attempts" designed to compromise targets in India and Hong Kong. The operators of the APT group have leveraged at least three different Tactics, Techniques, and Procedures (TTPs), using spear-phishing emails to drop variants of Cobalt Strike and MgBot malware, and bogus Andr...