Malware news & analysis | SC Media Malware

Malware

Law enforcement delivers knockout blow to Imminent Monitor RAT network

International law enforcement officials late last week announced a crackdown on a cybercriminal network responsible for the proliferation of the Imminent Monitor Remote Access Trojan (IM-RAT). The coordinated operation, executed by authorities based in Australia, Europe and Colombia, resulted in the takedown of IM-RAT web page and infrastructure, and the arrest of 13 people. Additionally,…

Dexphot malware uses fileless techniques to install cryptominer

Microsoft Corporation yesterday revealed its discovery of a polymorphic malware that uses fileless techniques to execute a cryptomining program on victimized machines. Dubbed Dexphot, the malware was first observed in October 2018 when Microsoft detected a campaign that “attempted to deploy files that changed every 20 to 30 minutes on thousands of devices,” according to…

Stantinko botnet’s monetization strategy shifts to cryptomining

The versatile Stantinko botnet that’s been targeting former Soviet nations since at least 2012 has added a Monero cryptomining module to its arsenal. Stantinko historically has perpetrated click fraud, ad injections, social network fraud and brute-force password stealing attacks, primarily targeting Russia, Ukraine, Belarus and Kazakhstan. But this latest module, discovered by researchers at ESET,…

Skimming operation creates fake 3rd-party payment processing page to phish victims

Cybercriminals have devised a card-skimming scheme that involves creating a phishing page that impersonates a retailer’s third-party payment service platform (PSP). Certain e-commerce websites outsource their financial transactions by redirecting customers to a secure page operated by PSP companies. But in this scam, discovered by researchers at Malwarebytes, the malicious actors swap out the genuine…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…

Phishing emails spoof WebEx invites, abuse Cisco open redirect

That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect. An open redirect is an app or website vulnerability — caused by improper authentication of URLs — that allows attackers to introduce their own URLs that route users or…

49 Google Play app titles found to deliver pesky ads

Researchers recently uncovered 49 adware-laced Android apps that were downloaded from the Google Play store more than 3 million times, collectively, before they were reportedly removed. Many of the apps were disguised as games, video editors and stylized photo and filter programs. Sample titles included Cut Out Studio Pro, Tattoo Maker, Bubble Effect, CLOWN MASK,…

Researchers: WP-VCD malware is No. 1 in WordPress infections since August

Researchers at WordFence have eyed a recent uptick in attacks on WordPress involving WP-VCD backdoor malware. Since August 2019, no other WordPress-targeting malware has yielded a higher rate of new infections that WP-VCD, the company reported this week in a blog post and in-depth white paper. Such findings suggest that the malware, whose main purpose…

Next post in Malware