malware
-
Blog
Why ‘malware as a service’ is becoming a serious problem
There was a distinct surge in separate malware campaigns delivering the same payload last year, research shows, suggesting hackers are increasingly procuring tools from ‘malware as a service’ platforms. The malware as a service model is becoming the dominant mode of cyber attacks as the cyber crime space continues to mature into a lucrative ecosystem for hackers for hire. New…
Read More » -
Blog
Chinese hackers use custom malware to spy on US telecom networks
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. Salt Typhoon (aka Earth Estries, GhostEmperor, and UNC2286) is a sophisticated hacking group active since at least 2019, primarily focusing on breaching government entities and telecommunications companies. Recently, the U.S. authorities have…
Read More » -
Blog
Macs under threat from new info-stealing malware spread through fake browser updates — how to stay safe
When it comes to staying safe online, one thing I always recommend is to keep your computer updated along with the software you use everyday. The problem now though, is that hackers are capitalizing on this advice and as you might have guessed, are using it to spread dangerous info-stealing malware targeting Macs, PCs and even Android phones. As reported…
Read More » -
Blog
Microsoft spots XCSSET macOS malware variant used for crypto theft
A new variant of the XCSSET macOS modular malware has emerged in attacks that target users’ sensitive information, including digital wallets and data from the legitimate Notes app. The malware is typically distributed through infected Xcode projects. It has been around for at least five years and each update represents a milestone in XCSSET’s development. The current improvements are the first ones…
Read More » -
Blog
New FinalDraft malware abuses Outlook mail service for stealthy comms
A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. The attacks were discovered by Elastic Security Labs and rely on a complete toolset that includes a custom malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation utilities. The abuse of Outlook, in this case, aims to…
Read More » -
Blog
PirateFi game on Steam caught installing password-stealing malware
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. The title was present in the Steam catalog for almost a week, between February 6th and February 12th, and was downloaded by up to 1,500 users. The distribution service is sending notices to potentially impacted users, advising them to reinstall Windows…
Read More » -
Blog
Check Your PC for This Steam Game Infected With Malware
Scammers are getting increasingly clever about injecting apps with malware. Certainly it’s nothing new that malicious apps are littered across the internet, but lately they’ve been popping up with alarming frequency even in theoretically safe spots like the Google Play Store and even Apple’s App Store. Malware is even showing up on Steam, serving as a reminder that we all…
Read More » -
Blog
Malicious PirateFi game infects Steam users with Vidar malware
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. The title was present in the Steam catalog for almost a week, between February 6th and February 12th, and was downloaded by up to 1,500 users. The distribution service is sending notices to potentially impacted users, advising them to reinstall Windows…
Read More » -
Blog
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 and were reported as potentially actively exploited by Arctic Wolf last week. However, the cybersecurity firm could not confirm for sure if the flaws were used. Cybersecurity firm Field Effect has confirmed…
Read More » -
Blog
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software. However, threat actors also use…
Read More »