Malware | SC Media



Cozy Bear tracks: Phishing campaign looks like work of Russian APT group


Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become actively operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…

dirty cow

DirtyCOW is back in backdoor attack targeting Drupal Web Servers


Threat actors are using the DirtyCOW bug to exploit a backdoor in Drupal Web Servers. Impreva researcher Nadav Avital spotted the attack on Oct. 31 exploiting the Drupalgeddon2 and DirtyCOW, bugs as well as system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines, according to a Nov. 19 blog post. Researchers noted this…

Make-A-Wish website compromised for cryptomining campaign


Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…

Change of stRATegy? Cybercrime group TA505 tests new tRAT malware


A newly discovered remote access trojan nicknamed tRAT has apparently attracted the interest of TA505, a cybercriminal group known for launching prolific banking malware and ransomware attacks. In a company blog post yesterday, researchers at Proofpoint reported observing  several phishing campaigns in September and October that attempted to infect victims with the malware. One of…

‘DarkGate’ miner, password-stealer could open up world of hurt for Windows users


Windows users in Europe have recently been the target of a sophisticated malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed via Torrent files disguised as popular entertainment offerings — including the Spanish basketball dramedy…

The many faces of Magecart: Report profiles groups behind card-skimming threat


Magecart, the e-commerce payment card-skimming threat that has recently victimized Ticketmaster, British Airways, Newegg and other notable companies, is primarily comprised of six major active cybercriminal groups, according to a new joint research report. All of these groups use a version the same skimmer toolset, but they rely on different strategies and in some cases have…

Researchers demo how machine learning can be used to track Gh0st RAT variants


Trend Micro researchers are proposing machine learning as a new way to combat threat actors using techniques including polymorphism, encryption, and obfuscation and other tactics to disguise their attacks. Researchers tested the theory by observing cluster network flows from Gh0st RAT variants in an effort to better spot network anomalies and intrusions and found that…

Cryptomining malware using Windows Installer to remain hidden


The high return rate offered by cryptocurrency mining operations is encouraging cybercriminals to put extra thought into how to hide their mining malware so it can function for as long as possible before discovery. One such effort researched by Trend Micro focuses on Coinminer.Win32.MALXMR.TIAOODAM uses Windows Installer as its cloak of invisibility. Trend researchers Janus…


IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature


A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

Cyber Command

U.S. Cyber National Mission Force joins VirusTotal


The U.S. Cyber National Mission Force (CNMF) has started uploading malware samples to VirusTotal as part of its on-going efforts to work more closely with the private sector. The Force, which is a sub-command of U.S. Cyber Command, on November 5 began sharing unclassified malware samples it has discovered that will have the greatest impact…

Next post in Government/Defense