Last week, the FBI and NSA released a joint security alert containing details about Drovorub malware, a new utility in APT28’s hands. This is a Linux malware that is used to deploy backdoors in compromised networks. The malware is a multi-component system that consists of a kernel module rootkit, an implant, a C&C server, a […]
Mekotio is one more Latin American banking trojan that is targeted at users mainly in Brazil, Mexico, Spain, Chile, Peru, and Portugal. This is persistent malware that is distributed via phishing emails and ensures persistence either by creating an LNK file in the startup folder or using a Run key. It is capable of stealing […]
By today’s post, we want to inform you about several vulnerabilities recently discovered in Artica Proxy, a system enabling users with basic technical skills to manage a proxy server in a transparent mode, as well as connection to AD and OpenLDAP, version 4.30. The freshly reported CVE-2020-17506 vulnerability of Artica Proxy enables hackers to abuse […]
Today, we would like to put a notice about the CVE-2019-16759 vulnerability in vBulletin, the most extensively used forum software, observed for version 5 and higher. The vulnerability affords hackers an opportunity to run remote commands via the widgetConfig[code] parameter in an HTTP POST request and depending on the user’s permissions in vBulletin, receive control […]
In today’s post, we want to remind our readers about LokiBot infostealer that provides backdoors to the victim Windows OS and enables fraudsters to steal sensitive data and even bring in place different payloads. LokiBot infostealer comes to the victims via malspam campaigns often masquerading as a trusted sender, containing an attached document luring the […]
Today, we want to draw your attention to another ransomware targeting at Italian-speaking users. First spotted by the researchers back in 2013, FTCode is PowerShell based ransomware that is distributed via spam. In the recent attacks, the FTCode ransomware was delivered to the victim machines with an email containing an attachment pretending to be an […]
Arkei Stealer is a variant of infostealer malware and its functionality is similar to Azorult malware: it steals sensitive information, credentials, and private keys to cryptocurrency wallets. The malware is sold on underground forums, and anyone can acquire and use both the “legitimate” version and the cracked version of Arkei Stealer, making it difficult to […]
This fall has brought another challenge to the guardians of corporate infrastructures. Earlier this year, in late April, developers of TrickBot used a new stealthy backdoor in a phishing campaign targeted at professional services, healthcare, manufacturing, IT, logistics, and travel companies across the United States and Europe. Many advanced threat actors including the infamous Lazarus […]
Last week, researchers reported on the latest notorious Lazarus APT tool, which has been used in the group’s attacks since spring 2018. Their new ‘toy’ was named MATA, it is a modular cross-platform framework with several components including a loader, orchestrator, and multiple plugins that can be used to infect Windows, Linux, and macOS systems. […]
Last week, researchers published details of the attacks targeted at Middle Eastern telecommunications carried out by APT34 (aka OilRig and Helix Kitten), and updated tools in the arsenal of this group. Of course, participants in the Threat Bounty Program did not pass by and published a couple of rules for detecting RDAT Backdoor, but more […]