Malware news & analysis | SC Media

Malware

Malware attack rains on Weather Channel’s parade, disrupts live broadcast

By

The Weather Channel is blaming a “malicious software” attack for knocking its live morning broadcast off the air for approximately one hour and 39 minutes today. “We experienced issued with this morning’s live broadcast following a malicious software attack on the network,” reads a tweet issued by the network earlier today. “We were able to…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

By

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

Two Romanians convicted for roles in Bayrob malware operation

By

Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

By

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

'Havex' malware strikes industrial sector via watering hole attacks

Second Triton/Trisis critical infrastructure attack spotted

By

A second attack against a critical infrastructure target has been launched using the Triton/Trisis custom attack framework. FireEye researchers were able to attribute a second attack to the Russian group it fingered as being behind the initial 2017 attack that hit a petrochemical plant in Saudi Arabia through its industrial control system. Although details such…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

By

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

FIN6 cybercrime actor adds ransomware to its repertoire

By

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Mirai botnet upgraded to work with new IoT processors

By

The developers behind the Mirai botnet have recompiled the malware so it can take advantage of a wider group of processors/architectures and upgraded with a new encryption algorithm. Palo Alto Networks Unit 42 in February found samples of Mirai compiled for Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors, which primarily are used…

Brazillian Flag

Brazilian Banking Trojan BasBanke spreads via Facebook and WhatApp promos

By

A new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil with over 10,000 installations from the official Google Play Store alone. Kaspersky Labs researchers witnessed the malware starting to make rounds during that country’s 2018 election and found the malware has credential stealing, keylogging, screen recording, SMS interception, payment card and financial information…

Pharma firm Bayer hit with WINNTI malware

By

The German drug manufacturer Bayer reported it was hit with a cyberattack launched from China that used WINNTI malware that resided on its network for at least one year. The company told Reuters it found the malware in its system in early 2018 and then studied and analyzed until last month when it was removed.…

Next post in Malware