Threat actors continue to prey on the public’s fears of the COVID-19 pandemic by conducting malware activities disguised behind COVID-19 safety measure documents, according to BleepingComputer.
Researchers at Cybaze/Yoroi ZLAb previously reported receiving a CoronaVirusSafetyMeasures_pdf.exe executable that is likely spread as an email attachment in phishing campaigns. The executable turned out to be a Remcos RAT dropper with persistence capabilities and the ability to log the user’s keystrokes.
Other researchers also reported emails spreading around that are purported to be from the Ministry of Health of the People's Republic of China with emergency COVID-19 regulations in English but are actually the Lokibot information stealer malware. The MalwareHunterTeam collective also unveiled a COVID-19 themed document claiming to be from the Center for Public Health of the Ministry of Health of Ukraine with malicious macros that enable threat actors to perform clipboard stealing, screenshotting and keylogging on victims.
The World Health Organization recently warned of phishing attacks impersonating the organization that were designed to steal information.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Security Affairs reports that attacks with the novel Cuttlefish malware have been deployed against enterprise-grade small office/home office routers between October 2023 and April 2024 to facilitate the exfiltration of public cloud authentication information.
Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code, according to The Hacker News.
BleepingComputer reports that hacked WordPress sites have been used as relay command-and-control servers by the novel Wpeeper Android malware, which has been spread via a pair of app stores impersonating the Uptodown App Store and is believed to have already compromised thousands of Android devices.