malware Archives - Page 10 of 57 - Cyber Security Minute

New Chinese Cyberespionage Group WIP19 Targets Telcos, IT Service Providers

Issued by: Security Week

The activities of this advanced persistent threat (APT), which SentinelOne tracks as WIP19, show overlaps with Operation Shadow Force, but it is unclear whether this is a new iteration of the campaign or the work of a different, more mature adversary using new malware and techniques. Mainly focused on entities in the Middle East and…

Malware & Threats

QBot Malware Infects Over 800 Corporate Users in New, Ongoing Campaign

Issued by: Security Week

Also known as Qakbot and Pinkslipbot, QBot is an information stealer with backdoor and self-spreading capabilities that has been around since 2009 and which is often used as the initial infection vector in malicious attacks. Earlier this year, QBot was distributed in attacks exploiting Follina, a Microsoft Support Diagnostic Tool (MSDT) vulnerability tracked as CVE-2022-30190,…

Malware & Threats

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

Issued by: Security Week

Likely operating out of Brazil, LofyGang appears to be an organized crime group focused on multiple hacking activities, including credit card data theft and Discord premium upgrades, as well as the hacking of games and streaming service accounts. LofyGang has been observed abusing multiple public cloud services for command and control (C&C) purposes, including Discord,…

Malware & Threats

US Government Details Tools Used by APTs in Defense Organization Attack

Issued by: Security Week

The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year….

Malware & Threats

Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors

Issued by: Security Week

The new technique, spotted by Mandiant in April, involves using malicious vSphere Installation Bundles (VIBs). A VIB is a collection of files packaged into a single archive to facilitate distribution — they are similar to a tarball or ZIP archive. VIB packages can be used to create startup tasks, custom firewall rules, or to deploy…

Malware & Threats

Ukraine Cracks Down on Group Selling Hacked Accounts to Pro-Russia Propagandists

Issued by: Security Week

Ukrainian authorities say they have taken down a pro-Russia hacking group that compromised user accounts and then sold them for profit on dark web portals. According to the cyber department of Ukraine’s Security Service (SSU), the hackers targeted user accounts of individuals in Ukraine and across Europe. Leveraging the unauthorized access, the hackers harvested the…

Malware & Threats

VMware Warns of ‘ChromeLoader’ Delivering Ransomware, Destructive Malware

Issued by: Security Week

ChromeLoader was initially observed targeting Windows users in January 2022 – a macOS variant was spotted in March – when it was being dropped as an ISO file and could leak users’ browser credentials, collect data on their online activities, and display ads by hijacking browser searches. The threat is being distributed as pirated or…

Malware & Threats

Malware Infects Magento-Powered Stores via FishPig Distribution Server

Issued by: Security Week

Specialized in Magento optimizations and Magento-WordPress integrations, FishPig offers various Magento extensions that have gathered over 200,000 downloads. On Tuesday, FishPig warned of an intrusion to its extension license system, which resulted in a threat actor injecting malicious PHP code into the Helper/License.php file. “This file is included in most FishPig extensions so it is…

Malware & Threats

Ransomware Attacks Target Government Agencies in Latin America

Issued by: Security Week

Several government agencies in Latin America were targeted in ransomware attacks in the past months, and the latest victims are Chile and the Dominican Republic. read moreChile’s Ministry of Interior reported last week that a government agency had its systems and online services disrupted by a piece of ransomware that targeted Windows and VMware ESXi…

Malware & Threats

Malicious Plugins Found on 25,000 WordPress Websites: Study

Issued by: Security Week

An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) continue to be in use today. Over 3,600 of the identified malicious plugins were purchased from legitimate marketplaces…