Month: November 2018

KingMiner Malware Targets Microsoft Servers

Delaware, USA – November 30, 2018 – KingMiner is a cryptocurrency mining malware that attacks mostly IIS\SQL Servers. It was discovered six months ago, and since that the malware authors continuously add new features and bypass methods to avoid emulation. Researchers from Check Point discovered a new campaign spreading KingMiner cryptojacker. The malware conducts brute […]

Read More
NjRAT is Spreading via Removable Media

Delaware, USA – November 29, 2018 – NjRAT remote access trojan was created based on the leaked Njw0rm source code, and it has a wide range of backdoor capabilities. NjRAT remote access trojan was created based on the leaked Njw0rm source code, and it has a wide range of backdoor capabilities. Researchers from Trend Micro […]

Read More
Scroboscope Ransomware Attacks

Delaware, USA – November 28, 2018 — This month, researchers discovered attacks spreading a new ransomware family. Scroboscope ransomware was created using PHP Devel Studio 3.0 and is distributed as EXE files. It is assumed that the most likely distribution vector is malspam campaigns with malicious attachments, but it is also possible that attackers hack […]

Read More
Monero-Mining Linux Malware Steals Credentials for Lateral Movement

Delaware, USA – November 27, 2018 — Adversaries are perfecting Monero-mining Linux malware, giving it new features to steal credentials and further spread via SSH. Dr.Web researchers have discovered a new complex trojan, which has many malicious features. Malware is a shell script of 1,000+ lines of code which finds a folder on disk to […]

Read More
Lateset Tricks of Emotet Malware

Delaware, USA – November 23, 2018 – Appeared four years ago, Emotet banking trojan continues to evolve and to use new tricks to infect its victims. Late last month, attackers added email harvesting module, and malware started to exfiltrate email subjects and bodies targeting any message sent or received in the past 180 days. The […]

Read More
OceanLotus Group Attacks Targets in Southeast Asia

Delaware, USA – November 22, 2018 – The OceanLotus group (aka APT32 or APT-C-00) conducts new large-scale cyber espionage campaign. The APT group is active since at least 2012 and mainly interested in government entities. Ongoing cyber espionage campaign started this September, the adversaries conduct watering hole attack compromising websites in Southeast Asia. Researchers from […]

Read More
APT28 Uses Cannon Malware in New Cyberespionage Campaign

Delaware, USA – November 21, 2018 – Researchers from Palo Alto Networks uncovered a new cyberespionage campaign conducted by APT28 and aimed at government organizations in North America and Europe. APT28 group, also known as Sofacy or Fancy Bear, is infamous for its large-scale campaigns and the use of sophisticated malware. In the uncovered campaign, […]

Read More
Attackers Hijack Websites with Drupal CMS

Delaware, USA – November 20, 2018 – Researchers from Imperva warn of a new wave of attacks on websites with the Drupal content management system. Adversaries use the Drupalgeddon2 (CVE-2018-7600) and DirtyCOW (CVE-2016-5195) exploits to gain access to a site and install the SSH client to perform further actions. Researchers spotted mass-scanning the Internet for […]

Read More
Cozy Bear is Back in Business After Their Year-Long Vacation

Delaware, USA – November 19, 2018 – Cozy Bear cyberespionage group conducts massive phishing campaign targeting the United States. The notorious hacking group is responsible for attacks on members of the Norwegian and Danish government last year and is also one of two groups that hacked the Democratic National Committee before the 2016 US Presidential […]

Read More
MageCart Reinfects 20% of Compromised Websites

Delaware, USA – November 16, 2018 – Security researcher Willem de Groot published statistics on MageCart attacks over the previous three months, which shows that threat actor reinfects every fifth online shop. Since August, adversaries have compromised 5,400 websites and injected skimmers on them, including successful attacks on British Airways, the web push notifications service […]

Read More