malware
-
Blog
US authorities just purged malware from thousands of devices across the world
The US Justice Department and FBI have revealed a joint operation with international partners was able to delete malware injected by Chinese threat actors to thousands of devices around the world. Announced on 14 January, the months-long operation was conducted in collaboration with French law enforcement in which the PlugX malware was removed from more than 4,200 computers worldwide. According…
Read More » -
Blog
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. The threat actor takes advantage of an improperly configured DNS record for the sender policy framework (SPF) used for listing all the servers authorized to send emails on behalf of a domain.…
Read More » -
Blog
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. Researchers at webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector. After compromising a…
Read More » -
Blog
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to use the…
Read More » -
Blog
Docker Desktop blocked on Macs due to false malware alert
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. The first reports of the malware alerts surfaced on January 7, 2025, when macOS users received an unexpected ‘Malware Blocked’ message preventing them from opening the Docker containers management app. “Malware Blocked. “com.docker.vmnetd” was not…
Read More » -
Blog
New malware justifies Apple’s locked-down security strategy – Computerworld
What this attack exposed is that platforms can be undermined, and while Macs (and Apple’s other products) are — unlike others — secure by design, that doesn’t mean they are infallible. The introduction of Lockdown Mode demonstrates that Apple knows attacks happen. Within that context, it becomes super-important to ensure every user understands that if software they usually pay for is…
Read More » -
Blog
New macOS malware uses Apple’s own code to quietly steal credentials and personal data — how to stay safe
While Apple’s Macs aren’t targeted by hackers as often as Windows PCs, they’re far from impenetrable. Security researchers at Check Point Research recently pushed out an alert warning 100 million Apple users that a new variant of the infamous Banshee malware has been detected, capable of stealing browser credentials, cryptocurrency wallets, and other personal data. Check Point first uncovered the…
Read More » -
Blog
New FireScam Android data-theft malware poses as Telegram Premium app
A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. RuStore launched in May 2022 by the Russian internet group VK (VKontakte) as an alternative to Google Play and Apple’s App Store, following Western sanctions that impacted Russian…
Read More » -
Blog
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. For initial access, the two pieces of malware use known exploits for CVE-2015-2051,…
Read More » -
Blog
New ‘OtterCookie’ malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret. A report from NTT Security…
Read More »