The FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory warning people about a sophisticated spear-phishing campaign involving the Trickbot malware, reports ZDnet. Trickbot started out as a banking trojan and is now one of the most powerful and common form of malware used by cyber criminals to access infected computers to deliver their own malware and then steal sensitive information like login credentials. The newest campaign uses phishing emails with proof of traffic violations that aim to scare victims into opening the email that contains a link, which directs them to a compromised website controlled by the hackers when clicked. A group of cybersecurity companies attempted to take down Trickbot last year but cyber criminals were able to quickly resume their operations. "To completely remove Trickbot from the landscape would be extremely difficult and likely require a coordinated international law enforcement effort like we saw with Emotet. In fact, after the actions of October 2020, we saw Trickbot campaigns resume within weeks, and it has been active continually since," said Sherrod DeGrippo, Proofpoint's senior director of threat research and detection.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Security Affairs reports that attacks with the novel Cuttlefish malware have been deployed against enterprise-grade small office/home office routers between October 2023 and April 2024 to facilitate the exfiltration of public cloud authentication information.
Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code, according to The Hacker News.
BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have already compromised thousands of Android devices.