Malware | SC Media

Malware

malvertising targets hundreds of adult sites

Increase in malware stealing credentials for adult sites, report

By

Malware targeting online porn account credentials more than doubled in 2018 with more than 110,000 people facing these attacks. Kaspersky researchers found the number of attacks using these credential sniffing malware grew almost three-fold compared to 2017 with more than 850,000 attempts to install the malicious malware, according to their “Threats to users of adult…

New 'Rombertik' malware destroys master boot record if analysis function detected

Malspam campaign fakes Google reCAPTCHA images to fool victims

By

A recently discovered malspam campaign targeting customers of a Polish bank was found using forgeries of Google reCAPTCHA images to fake legitimacy. The banking malware was delivered via phishing emails that purported to seekin confirmation of a recent banking transaction that in reality never occurred, according to Feb. 21 blog post published week by Sucuri. Recipients…

North Korean hackers allegedly pick on Russian targets for a change

By

The reputed North Korean APT actor known as Lazarus Group (aka Hidden Cobra) typically focuses its hacking efforts on South Korea, Japan and the U.S., but one of its suspected campaigns from last January surprisingly appears to have targeted Russian businesses with its signature Lazarus backdoor malware. Taking place from Jan. 26-31, the phishing campaign…

Heart attack: Ransomware encrypts Australian cardiac clinic’s patient files

By

Employees of Melbourne Heart Group in Malvern, Australia, have been unable to access patients’ medical records following a January ransomware attack that encrypted the health care provider’s files. The cardiology clinic disclosed the incident today on its website’s home page. “We have been assured that no patient’s privacy has been compromised in any way,” the…

ghostlyskullmobilemalware_826540

New Separ credential-stealing campaign abuses legit tools and executables

By

A new phishing campaign distributing the credential-stealing malware Separ has over the last few weeks reportedly affected hundreds of business organizations, primarily those located in Southeast Asia and the Middle East. The malware has been uploading stolen data from infected entities on a daily basis, with additional targets based in North America, according to a Feb.…

WinPot ATM jacking malware lets users play the slots while stealing

By

Cybercriminals have gamified the ATM jackpotting experience with a malware variant dubbed WinPot which includes a slot machine-like interface. The graphics are a node to the popular term ATM-jackpotting techniques designed to empty ATMs minor modifications just as WinPot does when it infects a target system, according to a Feb. 19 Kaspersky Lab blog post.…

Monero miner combines RADMIN and MIMKATZ to spread and infect

By

A Monero miner-malware is leveraging RADMIN and MIMKATZ for propagation while exploiting critical vulnerabilities to spread in a worm-like behavior to covertly target specific systems in industries in China, Taiwan, Italy, and Hong Kong. Researchers noted an uptick in activities between the last week of January and February 2019 which coincidentally coincided with regional holiday…

Third decryption tool for GandCrab ransomware released to public

By

A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.  This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as October 2018 can now be defeated. The tool is the result of a collaborative effort…

Reitspoof mysterious multistage malware makes its rounds

By

A multi-staged malware dropping multiple payloads is infecting its victims without a clear purpose and has shown a significant uptick in activity since January 2019. Dubbed Reitspoof, the malware has bot capabilities although Avast researchers believe it was primarily designed as a dropper, according to a Feb. 16 blog post. The malware’s developers used several…

‘Old Phantom Crypter’ supplants older Microsoft Office exploit builder tools

By

Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…

Next post in Security News