Malware | SC Media

Malware

Cryptomining campaign targets Kubernetes via machine learning framework

A malware campaign is abusing the popular machine-learning (ML) framework Kubeflow in order to target Kubernetes clusters with a crypto miner, Microsoft’s Azure Security Center (ASC) warns. Tens of clusters running on the Kubernetes open-source container orchestration system have already been impacted, the ASC notes in a blog post published this week. “Nodes that are…

Black Lives Matter phishing scam looks to spread TrickBot malware

Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing campaigns seen this year. Now, as massive U.S. and global protests continue following the May 25 killing of George Floyd at the hands of a Minneapolis police officer, a new phishing operation is attempting to…

Malware found in popular barcode apps produces ads that instantly vanish

A pair of Android barcode reader apps that were downloaded more than 1 million times were found to contain ad fraud malware that tries to stay hidden by generating advertisements that instantly disappear from view. The malware, detected as AndroidOS_HiddenAd.HRXJA, can operate in the background even when infected devices aren’t actively being used, and it…

‘Enterprise-grade’ BazarBackdoor malware delivered via spear phishing emails

Researchers have uncovered a new “enterprise-grade” backdoor malware program that they say shares code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks. Dubbed BazarBackdoor, the malware has been distributed via spear phishing campaigns that leverage a variety of lure topics, including customer complaints, coronavirus-related…

Multilingual malware attacks on industrial sector suppliers designed to thwart detection

International equipment and software suppliers for the industrial sector last May suffered targeted malware attacks that employed numerous unconventional techniques to evade detection, reports Kaspersky ICS CERT experts in a recent blog post.  Utilizing steganography to conceal malicious data within another file, while abusing legitimate web resources to host the malware, the attackers made it highly difficult to detect infection attempts — although Kaspersky…

malware under the magnifying glass

Malware in GitHub-hosted projects designed to spread among open-source developers

Twenty-six open-source projects hosted on GitHub repositories were found to be infected with malware and capable of serving up weaponized code to potential developers in a potential supply chain attack, the GitHub Security Lab has disclosed. An investigation into the incident turned up what GitHub described as a first: “malware designed to enumerate and backdoor…

Six need-to-know takeaways from the Verizon breach report

Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR). Verizon researchers analyzed 157,525 known “incidents” (defined as a security event that results in the compromise of an information asset) and 3,950…

Ramsay spy framework built to subvert air-gapped defenses

Air-gapped networks aren’t easily compromised, but they don’t offer perfectly air-tight security either. Leveraging insider threats, infecting flash drives and other removable media, and conducting side-channel attacks are all techniques malicious actors can employ to spread malware to isolated systems. Indeed, researchers at ESET are reporting the discovery of a new cyber espionage framework designed…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

COVID-19 inspires Nigerian scammers to launch waves of BEC campaigns

Nigerian cybercriminal actors are shamelessly exploiting the COVID-19 pandemic to infect government health care agencies, academic medical programs, medical publishing firms and more with malware, largely for the purpose of conducting Business Email Compromise operations. In a company blog post, researchers with Palo Alto Networks’ Unit 42 threat intelligence team have reported observing three prominent…

2FA app weaponized to infect Mac users with Dacls RAT

MacOS users who think they have protected themselves by downloading a particular two-factor authentication application may have actually infected their machines with a new variant of the Dacls remote access trojan. When Dacls was originally discovered in late 2019, it was known to target Windows and Linux platforms, but now it appears Macs are no…

Next post in Cybercrime