Malware News, Articles and Updates

Core router compromised in DragonFly 2.0 attacks on critical infrastructure

Cylance researchers said the discovery's significance far outweighs its size, given that core router compromises are considerably harder to detect, analyze, patch, and remediate than compromises of PCs.

Russian hackers target European agency with updated DealersChoice Adobe Flash exploit tool

The aggressive Russian APT group Sofacy targeted yet another European government agency earlier this month, attempting to infect the organization with unknown malware using a crafty new variant of its Adobe Flash-based exploit platform DealersChoice.

New Fakebank malware variant intercepts calls on Android smartphones

Malware active in South Korea, redirects calls to scammers. Security researchers have discovered a new variant of the Fakebank malware.

Suspected Chinese cyberespionage group targets U.S. engineering, maritime Industries

The suspected Chinese cyberespionage group dubbed "TEMP.Periscope" is targeting U.S. engineering and maritime Industries in its latest campaign.

Evolved Prilex malware lets cybercriminals clone chip and PIN cards

Prilex, a point-of-sale malware program that's historically been used to steal money or payment card information Brazilian ATMs and retailers, has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.

Intel redesigns chips to address Spectre and Meltdown vulnerabilities

Intel is redesigning its chips in order to combat Spectre and Meltdown attacks, also known as Project Zero Variant 1, 2, and 3.

PinkKite POS spotted

Kroll Cyber Security has detected a small footprint Point of sale malware called PinkKite that is currently active in the wild.

Bitcoin stealing malware distributed on for nearly a year

Bitcoin stealing malware that swaps user accounts with that of the attacker was hosted on servers for nearly a year.

Middleboxes in Turkish telecom redirecting users to nation-state spyware

Security researchers have uncovered how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.

HenBox malware targets Chinese minority group

A new Android malware family dubbed HenBox is targeting a large online population based in China who have been the subject of numerous cyber-attacks in the past.

Mac malware rockets 270 percent - users warned 'safe' perception is wrong

Anti-malware security vendors have warned that Mac malware is on the rise, and that the perception of Macs as being completely 'safe' is misleading.

Hacking Team reunion samples found in 14 countries

The Hacking Team is back to developing spyware as previously unreported samples of its infamous surveillance RCS tool were reportedly spotted in the wild.

Cybercriminals trained up for March Madness

Like any other major sporting event that draws millions of viewers, March Madness will attract bad actors trying steal money and wreak havoc.

Slingshot APT campaign exposed after six years of sophisticated spying

A cyber espionage campaign bearing all of the hallmarks of an extremely advanced nation-state actor used malware to spy on international targets for six years before it was finally detected and exposed, Kaspersky Lab reported on Friday.

Avast: CCleaner hackers planned to infect victims with third-stage Chinese hacking tool

The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.

RedisWannaMine cryptojacking attack exploits EternalBlue vulnerability and public Redis servers

A newly discovered and unusually sophisticated cryptojacking attack attempts to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit.

Gozi ISFB malware spreading more havoc in 2018

After monitoring the malware distributor for the past six months, Talos said in a blog post that Gozi ISFB remains active in 2018 leveraging a wider distribution surface in attack recent campaigns.

ComboJack malware steals digital payments, cryptocurrency, by modifying info saved to clipboards

Researchers have discovered a new malware that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.

Updated Avzhan DDoS bot spotted in Chinese drive-by attack

Malwarebytes researchers spotted an updated version of the Avzhan DDoS bot dropped by Chinese drive-by attack.

RedDrop mobile malware infecting 53 apps, takes data and PII

A previously unrecorded threat has been uncovered that has 53 still operating apps distributing RedDrop malware which can exfiltrate a wide range of data from a victim's mobile device.

Drive-by download campaign tests exploits on Chinese websites

A drive-by download campaign is targeting Chinese websites to experiment with different exploits to drop malware.

Social media and engineering used to spread Tempted Cedar Spyware

Cybercriminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.

Private chats and user accounts could be exposed by Tinder security bug

An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.

FYI, the OMG Mirai botnet variant turns IoT devices into proxy servers

A newly discovered variant of Mirai botnet malware forces infected devices to act as proxy servers capable of protecting the anonymity of cybercriminals engaging in illegal activities.

2,000 UVA Health System patients' information compromised

The University of Virginia Health System is letting almost 2,000 patients know that their health records may have been exposed when an unauthorized third party gained access to a computer several years ago.