Malware news & analysis | SC Media

Malware

Geopolitical targets figuring in latest StrongPity attacks

StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports this week from Cisco Talos and Bitdefender suggest the attackers are getting more aggressive in their geo-targeted malicious…

Tax software used by Chinese bank clients installs GoldenSpy backdoor

A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers SYSTEM-level privileges, researchers warn. In a company blog post and more detailed threat report, Trustwave and its SpiderLabs team identified the accounting software as Intelligent Tax, which was reportedly developed by the…

UCSF paid $1.4 million ransom in NetWalker attack

The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack disclosed in early June.  “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” according to a  statement from UCSF, which said…

Glupteba malware leverages blockchain as a communications channel

Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…

Malicious doc campaign unleashes Cobalt Strike on gov’t, military orgs in South Asia

A military-themed malware campaign targeting military and government organizations in South Asia unleashes “maldocs” that spread full remote-access trojan (RAT) capabilities. The multistage chain attack, which began in 2018, infects endpoints with customized beacons and a modular dropper that Talos calls IndigoDrop, which executes the final payloads, Cisco Talos reported in a blog post. “This…

Variant of Mac malware ‘Shlayer’ spreads via poisoned web searches

Researchers have discovered a new variant of Shlayer Mac malware that  bypasses Apple’s built-in security protections and is being spread via malicious results from Google web searches. Shlayer is used generally to distributed bundled adware or unwanted programs. According to a company blog post from Intego, the new version of this malware was observed being…

Sapphire Software’s Nicholas Takacs asks: Is self-aware malware possible yet?

“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the three “A’s” — automation, analytics and artificial intelligence — are among the more powerful defensive tools that CISOs can implement to defend their organizations. But cybercriminals can also potentially employ them to magnify their attacks…

Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn

A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…

Next post in Cybercrime