Year: 2019

Iranian APT Groups Use ZeroCleare Wiper Against Energy Companies

Delaware, USA ā€“ December 5, 2019 ā€“ The joint development of two Iranian APT groups, xHunt and APT34, has similarities to the latest versions of Shamoon data-wiping malware and is used in attacks on energy companies in the Middle East. For the first time, researchers from IBM X-Force encountered ZeroCleare malware in late September, and […]

Read More
New MacOS Fileless Malware by Lazarus Group

Delaware, USA ā€“ December 4, 2019 ā€“ One of the units of the Lazarus group continues to prepare cryptocurrency-related attacks similar to AppleJeus operation. This week security researcher Dinesh Devadoss found ā€˜filelessā€™ MacOS malware with a very low detection rate and which is capable of loading a mach-O executable file from memory and executing it. […]

Read More
PyXie RAT Targets Healthcare and Education Organisations

Delaware, USA ā€“ December 3, 2019 ā€“ Python-based Remote Access Trojan is active at least from 2018 remaining under the radar of security researchers. PyXie RAT was uncovered by Blackberry Cylance researchers who revealed that this malware is used in an ongoing sophisticated cyber-criminal operation, and adversaries already managed to compromise over 30 organizations in […]

Read More
CStealer Trojan Stores Stolen Credentials on MongoDB Database

Delaware, USA ā€“ December 2, 2019 ā€“ New malware collects credentials saved in the Google Chrome and abuses MongoDB instead of connecting to command-and-control infrastructure. CStealer is a simple trojan discovered by MalwareHunterTeam and analyzed by security researcher @James_inthe_box. What makes it special is the way of exfiltrating stolen information: the malware leverages hardcoded credentials […]

Read More
RevengeHotels Campaign Targets Hospitality Sector Across the Globe

Delaware, USA ā€“ November 29, 2019 ā€“ The RevengeHotels campaign is conducted by several separate cybercriminal groups that have been able to compromise more than 20 hotels in South and Central America, Europe and Thailand. Kaspersky Lab experts found two groups with similar Tactics, Techniques, and Procedures that have been active since at least 2015 […]

Read More
Prosegur Security Company Hit by Ryuk Ransomware

Delaware, USA ā€“ November 28, 2019 ā€“ Another Spanish company was forced to interrupt operations this month due to a ransomware attack. Wednesday morning Prosegur, a worldwide private security company, faced a cybersecurity incident disrupting its telecommunication platform. The attack affected all companyā€™s locations in Europe; Prosegur shut down its network and restricted communications with […]

Read More
Dexphot Coinminer Uses Advanced Techniques to Stay Ahead of AV Solutions

Delaware, USA ā€“ November 27, 2019 ā€“ At the peak of activity, Dexphot polymorphic malware was spotted on about 80,000 systems. The Microsoft Defender ATP Research Team tracked this threat for more than a year, noting that the malware uses advanced techniques that are often used by APT groups. Dexphot is delivered to systems previously […]

Read More
Exploit Kits Adopt Fileless Attacks

Delaware, USA ā€“ November 26, 2019 ā€“ At least a third of active Exploit Kits have started using fileless attacks to spread malware. Malwarebytes monitors the EK landscape and their recent report sheds fresh light on changes in techniques used. Even though experts have long been predicting a decline in Exploit Kits, they are not […]

Read More
TrickBot Operators are Interested in Data from OpenSSH and OpenVPN

Delaware, USA ā€“ November 25, 2019 ā€“ TrickBot authors have been testing the possibility of stealing OpenSSH and OpenVPN sensitive data: passwords, private keys, and configuration files since the beginning of the month. The first infection with trojan using the updated password grabber module occurred on November 8, Palo Alto Network researchers analyzed the discovered […]

Read More
SectopRAT Trojan can Run Chrome, Firefox, and IE on Invisible Desktop

Delaware, USA ā€“ November 22, 2019 ā€“ The fresh Remote Access Trojan was first discovered a week ago by MalwareHunterTeam, prompting researchers from G Data to search for other samples and analyze them. SectopRAT malware is still in an active stage of development, but already has interesting functions, and the detected samples are more likely […]

Read More