Malware | SC Media

Malware

trojan, RAT

Upgraded malicious Word, Excel attachments targeting WFH employees

Cybercriminals are updating their tactics when it comes to using malicious attached Microsoft Word and Excel documents to not only fool the human recipients, but a device’s security software. An increase in the number of Excel spreadsheets being used to deliver the LimeRAT remote access trojan using the VelvetSweatshop default password has been tracked by…

FBI logo

FBI warns of Kwampirs attacks, COVID-19 scams

Cybercriminals and nation-state actors alike are leveraging the COVID-19 pandemic to weasel personal informational, financial data, dollars and access to systems from their victims, from consumers to healthcare organizations and supply chain companies, the FBI warned this week in a pair of alerts. For the third time in as many months, the FBI called out…

Sale of Dharma ransomware source code draws hackers’ scrutiny, but the price is right

An unidentified party has reportedly placed the source code for Dharma ransomware up for sale on at least two Russian hacker forums, adding a formidable new competitor to an already crowded underground market. And while cybercriminals have met the offer with some healthy skepticism, the bargain-basement selling price of $2,000 may be alluring enough for…

Hijacked routers and attempted WHO hack highlight latest COVID-19 attacks

Businesses remain closed in many major cities around the world as the coronavirus pandemic rages, but cybercriminals are still open for business, as they continue to use the crisis to serve their nefarious purposes. Today’s latest round-up of coronavirus threats includes a reported hacking attempt against the World Health Organization, a DNS hijacking attack designed…

Open redirect on Dept. of HHS website benefits COVID-19 phishing scam

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…

FBI warns of COVID-19 phishing scams promising stimulus checks, vaccines

The FBI’s Internet Crime Complaint Center (IC3) has issued a public service announcement warning citizens to watch out for email-based fraud and malware schemes that take advantage of the coronavirus pandemic. Among the scams to look out for are emails purporting to contain helpful information from the Centers for Disease Control and Prevention (CDC) and…

TrickBot banking trojan introduces RDP brute forcing module

Malicious actors have created a new module for the TrickBot banking trojan that allows the malware to perform brute force attacks on Microsoft’s Remote Desktop Protocol, specifically targeting U.S. and Hong Kong IP addresses. The module, called rdpScanDll, primarily focuses on the telecommunications, education, and financial services sectors, according to a new white paper from…

Report: NutriBullet’s website injected with skimmer three times by Magecart Group 8

Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce…

Spyware disguised as COVID-19 tracker app actually keeps track of users

Another malicious actor has weaponized an otherwise legitimate, interactive coronavirus tracking map created by Johns Hopkins University — this time to deliver Android spyware as part of a campaign that originates out of Libya and seemingly targets individuals within that country. The surveillanceware, known as SpyMax, comes packaged in a trojanized application named “corona live…

COVID-19 decoy doc, Cloudflare service used to spread ‘BlackWater’ malware

Researchers have uncovered a new malware campaign that uses the COVID-19 pandemic as a lure, and also abuses platform-as-a-service web infrastructure tools to apparently thwart attempts at blocking command-and-control communications. Dubbed BlackWater, the backdoor malware specifically takes advantage of Cloudflare Workers — an offering of Cloudflare, a popular provider of website operators with content delivery…

Next post in Malware