Malware news & analysis | SC Media

Malware

SMBs assaulted by ‘mercenary’ DeathStalker APT espionage campaigns

The hacker collective known as DeathStalker has recently widened its footprint to include small to medium-sized business (SMB) targets in the financial sector throughout Europe, Middle East, Asia and Latin America. Deathstalker’s tactics, techniques and procedures aren’t different from when it first emerged as a hacker-for-hire, according to Kaspersky, which tracked Deathstalker’s activities for the…

Apple OS developer supply chain threatened by ‘clever’ malware attack

In an attack described as a “clever” supply-chain threat, XCSSET malware is being injected undetected into programs created by unwitting Xcode Apple developers who share their projects on the GitHub repository. The “unusual infection” can pilfer infected users’ credentials, accounts and other vital data, according to a blog post from researchers at Trend Micro who…

U.S. urges Linux users to secure kernels from new Russian malware threat

Linux users should not assume they are safe from the ambitions and reach of reputed Russian hacking group Fancy Bear, which has been using a newly disclosed malware toolset to establish a command-and-control connection with infected Linux systems. Called Drovorub, the toolset essentially creates a backdoor that enables file downloads and uploads, the execution of…

Tesla RAT adapts, evolves to thwart security

It may be unsophisticated but the Agent Tesla RAT is “street-wise,” adapting and evolving just enough to wreak havoc on organizations’ security efforts. Recent improvements to the malware include more robust spreading and injection methods, as well as discovery and theft of wireless network details and credentials, according to an analysis by SentinelOne. Expanding its…

Botnet abuses Docker servers and crypto blockchain to deliver Doki backdoor

As user organizations move more of their business infrastructure off premises, cybercriminals become increasingly motivated to target Linux-based cloud environments, including Docker servers with misconfigured API ports. And while cryptojacking schemes comprise some of the more conventional varieties of these Linux-based malware attacks, researchers have just disclosed the discovery of a Docker container attack that…

Dacls RAT’s goals are to steal customer data and spread ransomware

The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers. Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog post and corresponding press release that also detailed an…

Next post in Malware