Malware News, Articles and Updates

Xenotime broadens reach to target critical infrastructure SIS in U.S. and abroad

Using a variant of the Trisis malware, which was used in a 2017 attack in Saudi Arabia, Xenotime is aimed at the safety instrumental control systems that safeguard industrial systems in energy and manufacturing plants.

New Confucius malware campaign has links to Patchwork cybergang

New tools and techniques used by the Confucius cybergangs suggest further connections between the group and the Patchwork cybergang.

Luxury hackers crack Bimmers and Benzes, a tale of BMW's bugs and Mercedes-Benz thugs

Hackers with a taste for the finer things in life found a host of vulnerabilities in multiple BMW vehicles while tech-savvy car thieves managed to hack into and steal a Mercedes-Benz in 23 seconds.

That smarts! 'Brain Food' spam botnet malware found on thousands of websites

A spam campaign called Brain Food has been feeding email recipients a steady diet of junk messages containing links to pages promoting bogus intelligence-boosting supplements and diet pills.

Mirai-variant attack launched from Mexico

A pair of Trend Micro research teams has detected and done a quick cyber autopsy on a new Mirai-like attack that popped up in Mexico earlier this month targeting Gigabit Passive Optical Network (GPON) home routers and IP webcams.

Roaming Mantis malicious redirection campaign preys on Android, iOS and PC users

A recently discovered a DNS hijacking campaign that was found spreading banking trojan malware to Android smartphone users largely in Asia has expanded it reach to iOS and PC users as well, while targeting speakers of 27 different languages.

Attempts to terminate new WinstarNssmMiner cryptominer result in computer crash

Computers users infected with the newly observed cryptojacking malware WinstarNssmMiner will be surprised to discover that the nasty malware crashes their machines if they try to terminate the program, making it difficult to remove.

Man behind Scan4you service convicted

Ruslans Bondars, 37, a of the former USSR who had been residing in Riga, Latvia, Wednesday was convicted of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

TeleGrab information stealer swipes Telegram cache and key files

Researchers last month detected a new malware that steals not only browser credentials, browser cookies and text files, but also cache and key files from the desktop version of end-to-end encrypted instant messaging service Telegram.

RIG EK campaign delivers researcher-phobic backdoor trojan Grobios

The RIG exploit kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.

NigelThorn malware exploits Google Chrome zero-day

A zero-day exploiting malware capable of performing credential theft, cryptomining, click fraud, and more has already infected more than 100,000 users from over 100 countries

Buried no more: Source code for TreasureHunter POS malware leaked on forum

Someone has leaked the source code for well-established point-of-sale malware TreasureHunter onto an underground Russian-speaking forum, and already cybercriminals are talking about how to further improve and weaponize it now that it's available to the masses.

Mia Khalifa themed malware targets Android and Windows devices

Cybercriminals were spotted using the likes of a former adult film star to spread a multiplatform spyware disguised as an adult game.

Encrypted communications lure cybercriminals from dark web to Telegram app

Cybercriminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds.

Trojanized CMS plug-ins infect thousands of websites in tech support scam campaign

A recently uncovered tech support scam campaign has compromised thousands of websites with malicious ad injections that redirect users to a browser locker page that claims their computers are infected.

SynAck ransomware implements Doppelgänging evasion technique

SynAck targeted ransomware was seen in the wild using the Doppelgänging technique which was first presented as a proof of concept in December 2017.

Fake Teleg'e'ram app looks to take advantage of Russia banning Telegram

An imitation of the popular Telegram app made its rounds on Google Play as Russian government ordered the immediate blocking of messaging app.

Malicious Monero miner spreads via arsenal of web server exploits

Researchers have discovered a versatile cryptominer worm that propagates itself by exploiting vulnerabilities in Microsoft's SMBv1 server, Oracle's WebLogic Server and Apache Struts, as well as by brute force attacking Microsoft SQL servers.

Fancy Bear likely behind malware found on Lojack C2 domains

Because many antivirus programs don't flag the malware as of concern, it's largely able to do its dirty work without detection.

BLACKHEART ransomware uses legit AnyDesk tool as an unwitting accomplice

A nearly discovered ransomware program drops its malicious payload alongside the perfectly legitimate AnyDesk remote desktop tool, possibly as a means to evade detection, according to researchers.

GravityRAT malware detects virtualized environments by taking infected machines' temperature

A previously unidentified malicious remote access tool (RAT) primarily targeting Indian organizations uses seven different techniques for sniffing out researchers' virtual machines and sandbox environments, including taking the temperature of an infected computer.

PUBG Corp. says 15 Chinese hackers arrested

PUBG Corp. announced the arrest of 15 hackers in China who were accused of developing, selling, promoting, and using unauthorized hacking/cheating programs

SamSam ransomware designed to inundate targeted networks with thousands of copies of itself

The ongoing SamSam ransomware campaign responsible for recently infecting the city of Atlanta, the Colorado Department of Transportation and an array of health care organizations represents an emerging operational model for malicious cryptors, according to researchers at Sophos.

FacexWorm Chrome extension exploits Facebook Messenger to spread

The malicious Chrome extension FacexWorm is targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials.

HPE iLO 4 remote management interfaces targeted with ransomware

Threat actors are targeting internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware or a decoy wiper.

Secret no more: North Korea the likely culprit in complex GhostSecret cyber espionage campaign

What began as an aggressive phishing-based malware campaign against Turkish financial institutions earlier this year appears to have since burgeoned into a worldwide cyberspying and data theft operation targeting a wide range of industry sectors with at least two malicious implants.