Malware news & analysis | SC Media Malware

Malware

Dread Zeppelin: Ransomware targets health care and IT sectors in U.S., Europe

Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe. Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early…

Krampus-3PC malware redirects iPhone users to phishing pages

iPhone users who visited certain publishing websites that were compromised by a malvertising campaign may have gotten an unwelcome visit from the holiday Krampus. No, not the mythical monster that punishes naughty children around Christmastime. In this case, we’re referring to Krampus-3PC, a new mobile malware that seeks out victims’ device and session cookie information…

Snatch ransomware encrypts files in Safe Mode to thwart security software

A cybercriminal organization has been attacking Windows users with a hybrid ransomware and data stealer program that encrypts machines while in Safe Mode in order to render endpoint protection programs moot. Dubbed Snatch, the malware “runs itself in an elevated permissions mode, sets registry keys that instructs Windows to run it following a Safe Mode…

Company sued for allegedly hijacking Facebook accounts to serve ads

In a lawsuit filed yesterday, Facebook is accusing a Hong Kong-based company of infecting individuals with malware in order to hijack their Facebook ad accounts and run malicious advertisements at their expense. The Menlo Park, Calif.-based social media company filed the legal documentation in a San Francisco federal court against ILikeAd Media International Company Ltd.,…

U.S. charges alleged members of “Evil Corp” cybercrime group for Zeus and Dridex campaigns

The U.S. today announced legal and regulatory action against the powerhouse cybercriminal group Evil Corp, filing hacking and bank fraud charges against two of its suspected members. Authorities are also offering a $5 million bounty for information leading to the arrest or conviction of one of the group’s alleged masterminds, 32-year-old Maksim Yakubets of Moscow,…

trojan, RAT

Tetris game app used to distribute PyXie Python RAT

A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries. The RAT has been tracked being…

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Law enforcement delivers knockout blow to Imminent Monitor RAT network

International law enforcement officials late last week announced a crackdown on a cybercriminal network responsible for the proliferation of the Imminent Monitor Remote Access Trojan (IM-RAT). The coordinated operation, executed by authorities based in Australia, Europe and Colombia, resulted in the takedown of IM-RAT web page and infrastructure, and the arrest of 13 people. Additionally,…

Dexphot malware uses fileless techniques to install cryptominer

Microsoft Corporation yesterday revealed its discovery of a polymorphic malware that uses fileless techniques to execute a cryptomining program on victimized machines. Dubbed Dexphot, the malware was first observed in October 2018 when Microsoft detected a campaign that “attempted to deploy files that changed every 20 to 30 minutes on thousands of devices,” according to…

Stantinko botnet’s monetization strategy shifts to cryptomining

The versatile Stantinko botnet that’s been targeting former Soviet nations since at least 2012 has added a Monero cryptomining module to its arsenal. Stantinko historically has perpetrated click fraud, ad injections, social network fraud and brute-force password stealing attacks, primarily targeting Russia, Ukraine, Belarus and Kazakhstan. But this latest module, discovered by researchers at ESET,…

Next post in Cybercrime