Month: July 2019

TrickBot Loader Targets Windows Defender

Delaware, USA – July 31, 2019 – The new version of notorious TrickBot banking trojan stops Windows Defender and blocks the launch of a number of anti-virus solutions before loading the main component. Сybersecurity expert Vitali Kremez and MalwareHunterTeam analyzed the malware and found new methods to bypass the protection of Windows 10 systems. The […]

Read More
MyDoom Worm is Still Alive

Delaware, USA – July 30, 2019 – The fifteen-year-old worm is not just alive but also generates more than 1% of emails with malicious attachments worldwide. Now, of course, it is less of a threat than in 2004, but its capabilities and polymorphic nature leave malware “afloat”. A recent analysis by Brad Duncan, Palo Alto […]

Read More
New Magento Skimmer by MageCart Group

Delaware, USA – July 29, 2019 – Cybercriminals install a new Magento skimmer on compromised websites that downloads malicious JavaScript from the Google-like internationalized domain name. The skimmer was discovered by Sucuri researchers and during the analysis, they also found new evasion capabilities of the script. In this case, the attackers registered google-analytîcs[.]com, in the […]

Read More
Electric Utility in Johannesburg Suffers Ransomware Attack

Delaware, USA – July 26, 2019 – Yet another ransomware attack targeting the urban infrastructure happened in South Africa threatening to cut off electricity to many Johannesburg residents. Systems of utility company City Power were encrypted by unknown threat actors making it impossible for prepaid users to buy electricity. The adversaries chose the perfect moment […]

Read More
One Step Closer to BlueKeep Exploit

Delaware, USA – July 25, 2019 – After a nearly two-month lull, there has been significant progress in creating a working exploit for BlueKeep flaw (CVE-2019-0708) due to the publication of a detailed technical analysis of the critical vulnerability and incomplete PoC exploit to attack WinXP systems. We recall that this ‘wormable’ vulnerability allows cybercriminals […]

Read More
FIN8 Starts to Use New Malware After Returning to Business

Delaware, USA – July 24, 2019 – The financially motivated cybergang has returned after a two-year absence with a new backdoor and is actively attacking targets in the hospitality and retail sectors. The FIN8 group, which appeared in early 2016, uses backdoors to gain access to the victims’ network and to install POS-malware on key […]

Read More
HelixKitten APT Registers on LinkedIn

Delaware, USA – July 23, 2019 – Sharpness on the Middle East is reflected in cyberspace: the HelixKitten cyber espionage group (aka APT34, and OilRig) associated with the Iranian government, in the last campaign discovered, began to use new tweaks and tools. FireEye managed to stop the attack and analyze the malware used in it. […]

Read More
MegaCortex Ransomware Simplifies Infection Process

Delaware, USA – July 22, 2019 – The threat actor behind the frequent Megacortex ransomware attacks continues to work on malware increasing its effectiveness in infecting corporate networks. The victims of this ransomware strain are usually also infected with Emotet or Qakbot malware, and it can be assumed that the initial compromise of the organization […]

Read More
Ke3chang APT Spies on Diplomats Using Okrum Malware

Delaware, USA – July 19, 2019 – The Chinese APT group with a nearly ten-year history of attacks added the Okrum backdoor to its arsenal, which is quite different in functionality from the rest of the group’s tools. ESET researchers track the activity of the Ke3chang group (aka APT15, Vixen Panda, Royal APT, and Playful […]

Read More
EvilGnome: New Linux Malware Targeting Desktop Users

Delaware, USA – July 18, 2019 – A new modular backdoor for desktop Linux systems is developed by the Russian Gamaredon group and is not detectable by antivirus solutions. Intezer Labs researchers discovered the backdoor this month and published the analysis of the capabilities of EvilGnome malware, the modules of which, apparently, are still being […]

Read More