Malware news & analysis | SC Media

Malware

North Korean hackers allegedly pick on Russian targets for a change

By

The reputed North Korean APT actor known as Lazarus Group (aka Hidden Cobra) typically focuses its hacking efforts on South Korea, Japan and the U.S., but one of its suspected campaigns from last January surprisingly appears to have targeted Russian businesses with its signature Lazarus backdoor malware. Taking place from Jan. 26-31, the phishing campaign…

Heart attack: Ransomware encrypts Australian cardiac clinic’s patient files

By

Employees of Melbourne Heart Group in Malvern, Australia, have been unable to access patients’ medical records following a January ransomware attack that encrypted the health care provider’s files. The cardiology clinic disclosed the incident today on its website’s home page. “We have been assured that no patient’s privacy has been compromised in any way,” the…

ghostlyskullmobilemalware_826540

New Separ credential-stealing campaign abuses legit tools and executables

By

A new phishing campaign distributing the credential-stealing malware Separ has over the last few weeks reportedly affected hundreds of business organizations, primarily those located in Southeast Asia and the Middle East. The malware has been uploading stolen data from infected entities on a daily basis, with additional targets based in North America, according to a Feb.…

Third decryption tool for GandCrab ransomware released to public

By

A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.  This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as October 2018 can now be defeated. The tool is the result of a collaborative effort…

‘Old Phantom Crypter’ supplants older Microsoft Office exploit builder tools

By

Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…

Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients

By

Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…

TrickBot variant steals credentials for remote computer access

By

The developers behind TrickBot have once again upgraded the information stealer’s malicious capabilities, this time creating a variant that swipes credentials for various remote access services. In a Feb. 12 company blog post, Trend Micro researchers Noel Anthony Llimos and Carl Maverick Pascual report that the new version targets passwords for Virtual Network Computing (VCN), PuTTY,…

‘Clipper’ malware that alters crypto wallet addresses slips into Play Store

By

Google’s Play Store unknowingly hosted a fake cryptocurrency app that actually modifies users’ crypto wallet addresses once they’re copied to the clipboard, researchers are reporting. This Android-based “clipper” malware, as it’s called, secretly changes the wallet address to one hosted by the attackers, allowing them to steal victims’ digital coin transactions, explains ESET researcher Lukas…

Phishing emails imitate North American banks to infect recipients with TrickBot

By

An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…

Next post in Security News