Ooda Loop

OCTOBER 9, 2024

Gamers searching for game cheats are unknowingly downloading a Lua-based malware. This malware can establish persistence on the user’s system and then deliver additional payloads. Lua gaming engine supplements are very popular among student gamers, and these attacks are capitalizing on the popularity.

Malware 59

Malware Engineering Games Research 59

Ooda Loop

SEPTEMBER 3, 2024

Researchers have uncovered a widespread malware campaign against entities in several countries. Researchers have uncovered a new malware campaign that makes use of several complex techniques to infiltrate victim’s systems.

Malware 59

Malware Organization Insurance Research 59

Aqua Security

JUNE 5, 2024

Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform.

Malware 87

Malware Applications 87

Ooda Loop

SEPTEMBER 16, 2024

Doctor Web has discovered a new Android malware family which has infected around 1.3 The malware is called “Vo1d” and is a backdoor that can install additional software. million TV boxes. The infected TVs are running older versions of the operating system. Vo1d has infected Android TV boxes in 197 […]

Malware 59

Malware Operating System System Software 59

Aqua Security

AUGUST 21, 2024

Aqua Nautilus researchers have uncovered PG_MEM, a new PostgreSQL malware, that brute forces its way into PostgreSQL databases, delivers payloads to hide its operations, and mines cryptocurrency. In this blog, we explain this attack, the techniques used by the threat actor, and how to detect and protect your environments.

Malware 82

Malware Research How To 82

Ooda Loop

SEPTEMBER 13, 2024

Central Asian banking customers have been targeted by a new malware. Customers of central Asian banks have been targeted by a new Android malware. Researchers have said the new malware has been spread through telegram channels.

Malware 59

Malware Data Banking Authentication 59

Ooda Loop

AUGUST 6, 2024

Investigators have found that Chinese groups have successfully delivered malware via DNS poisoning. Attacks carried out by an APT known as StormBamboo have successfully delivered malware via DNS poisoning. StormBamboo was accessing automatic update systems to upload the malware.

Malware 59

Malware Groups System 59

Aqua Security

DECEMBER 1, 2022

Aqua Nautilus discovered new Go based malware that targets Redis servers. Our investigation revealed new undetected malware written in Golang designed to target Redis servers to allow the attacking server to dominate the compromised machine. Therefore, the malware received the name Redigo.

Malware 141

Malware 141

Ooda Loop

OCTOBER 10, 2024

These attackers are delivering malware tracked as BeaverTail and InvisibleFerret. North Korean threat actors are targeting job seekers in the tech industry. The operations are part of a campaign called “Contagious Interview” which was first discovered by Palo Alto in November 2023. In an attack, the victim is first invited […]

Malware 59

Malware Development Industry Data 59

Ooda Loop

JULY 24, 2024

A new piece of malware has been connected to a January 2024 attack which disrupted water-heating services in Ukraine. The malware is called “FrostyGoop” and is the first ICS malware which can use the Modbus protocol to communicate with technology systems.

Malware 59

Malware System Industry Technology 59

Palo Alto Networks

MAY 15, 2024

In a thought-provoking interview on the Threat Vector podcast , Palo Alto Networks researchers Bar Matalon and Rem Dudas shed light on their groundbreaking research into AI-generated malware and shared their predictions for the future of AI in cybersecurity. And there is a bit of a longer version for that answer.

Malware 92

Malware Artificial Inteligence Software Review Technical Advisors 92

Ooda Loop

AUGUST 23, 2024

The malware is called “Cthulhu Stealer” and is written in Golang but disguised as legitimate software. A new information stealer is being used to target Apple users. Victims who launch the unsigned file are asked to enter various passwords. Cthulhu Stealer can then harvest system information and access iCloud Keychain […]

Malware 64

Malware Data Software System 64

Ooda Loop

JUNE 19, 2024

Attackers are tricking people into cutting and pasting malware, infecting their own machines. These actors are using fake browser updates and software fixes to trick users into copying and pasting PowerShell scripts containing malware strains. There […]

Malware 59

Malware Software 59

Ooda Loop

AUGUST 20, 2024

An IRGC linked group has been found to be using a modular Trojan horse malware. APT 42, an Iranian linked IRGC group, has been found to be using a modular Trojan horse malware. This was discovered after the group deployed the malware as part of phishing attacks against Israeli citizens. […]

Malware 59

Malware Groups 59

Ooda Loop

AUGUST 28, 2024

Kadariya is a Belarusian national who is allegedly a mass malware distributor. Department of State announced that it is offering a $2.5 million reward for information which leads to the arrest of Volodymyr Kadariya. He was indicted in June 2023 with multiple charges including wire fraud […]

Malware 59

Malware 59

Ooda Loop

AUGUST 1, 2024

Japanese firms have been targeted by Chinese hackers with malware in order to steal sensitive information. Cyber security researchers have identified that Japanese firms are being targeted by a new malware campaign. This campaign is being orchestrated by APT10 and is employing new backdoors to access to sensitive information.

Malware 59

Malware Research 59

Ooda Loop

JULY 10, 2024

GuardZoo malware is being used to target military personnel from the Middle East. Over 450 victims have been impacted by the malware, with the primary country of infection appearing to […] This ongoing surveillanceware campaign may have started as early as October 2019. It has been connected to a Houthi-aligned actor.

Malware 59

Malware 59

Ooda Loop

SEPTEMBER 12, 2024

The campaign is using the Veaty and Spearal malware families. The attacks have focused on different government networks such as the Prime Minister’s Office and the Ministry of Foreign Affairs. The attackers first […]

Malware 59

Malware Government Groups Network 59

Ooda Loop

JUNE 4, 2024

European authorities have revealed the identities of eight individuals linked to several disrupted malware loader families. The suspects were involved in the distribution and administration of several campaigns that are known to steal user data and distribute malware, including Bumblebee, IcedID, Pikabot, Smokeloader, and Trickbot.

Malware 59

Malware Data 59

Ooda Loop

JULY 18, 2024

Researchers have found that North Korean Hackers have updated previously used malware to target MacOS Users. Researchers have found an updated variant of the BeaverTail Malware that is being used to target MacOS Users. This update also marks an important shift in the delivery method as the package is now […]

Malware 59

Malware Research 59

Ooda Loop

SEPTEMBER 3, 2024

Hackers have manipulated Google’s search results to trick victims into downloading malware. Malicious actors have spoofed GlobalProtect VPN software and manipulated Google’s search engage process to trick users into downloading malware. They […]

Malware 59

Malware Research Software 59

Ooda Loop

JULY 22, 2024

Individuals and organizations have been warned that threat actors are leveraging the CrowdStrike incident for phishing, scams, and malware delivery. Many organizations across the world suffered major disruptions on Friday after cybersecurity giant CrowdStrike pushed out a faulty update.

Malware 59

Malware Organization 59

Aqua Security

AUGUST 11, 2022

In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected.

Malware 118

Malware 118

Tenable

MAY 1, 2024

Tenable Cloud Security is enhancing its capabilities with malware detection. Even though cloud adoption has become mainstream, many threats and attack tactics still rely on malware payloads. Tenable Cloud Security can now find malware in many different cloud workloads. The addition of malware detection enhances this approach.

Malware 71

Malware Cloud Linux Analysis 71

Aqua Security

SEPTEMBER 15, 2022

The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Over the past week we observed three different attacks on our honeypots. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure.

Malware 139

Malware Cloud Infrastructure 139

Ooda Loop

JULY 30, 2024

Greek prosecutors have dropped a case alleging misuse of malware by the Greek intelligence service. Greek prosecutors have dropped a case against the Greek intelligence agency after finding a lack of evidence. The case was dropped by prosecutors after finding there was not enough evidence to support the claims made […]

Malware 59

Malware 59

Ooda Loop

APRIL 15, 2024

The US Cybersecurity and Infrastructure Security Agency (CISA) has given organizations a new resource for analyzing suspicious and potentially malicious files, URLs, and IP addresses by making its Malware Next-Gen Analysis platform available to everyone earlier this week.

Malware 59

Malware Analysis Infrastructure Resources 59

Ooda Loop

APRIL 1, 2024

The average malware detections rose 80% in Q4 2023. Most of the increased malware instances affected the Americas and Asia-Pacific.

Malware 59

Malware Research Software System 59

Ooda Loop

JUNE 18, 2024

Threat actors have been observed utilizing malware called NiceRAT as a means of co-opting infected devices into a botnet. The attacks have targeted South Korean users and are designed to deploy the malware using the cover of cracked software. Cracked software can include Microsoft Windows and other tools that license […]

Malware 59

Malware Software Windows Tools 59

CIO

AUGUST 24, 2022

The “sting” of a ransomware or malware attack is removed quickly, efficiently, and comprehensively. Who would have thought that the latest answer to cyberattacks was actually found in guaranteed cyber recovery on primary storage?

Malware 246

Malware Enterprise Disaster Recovery Storage 246

Ooda Loop

MARCH 22, 2024

Sucuri, a website security firm, has issued a warning about a new malware family called Sign1 that has infected more than 39,000 websites. The malware, found in WordPress custom HTML widgets or the Simple Custom CSS and JS WordPress plugin, redirects visitors to scam domains and displays unwanted ads. Unlike […]

Malware 59

Malware 59

Aqua Security

AUGUST 29, 2023

Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment.

Malware 91

Malware Examples 91

Ooda Loop

JUNE 7, 2024

An espionage campaign named “SickSync” is using cyber attacks to target defense forces in Ukraine using a malware called SPECTR. The Computer Emergency Response Team of Ukraine (CERT-UA) has determined the actor behind these attacks to be a group called Vermin which is associated with security agencies of the Luhansk […]

Malware 59

Malware Groups 59

Aqua Security

FEBRUARY 1, 2023

Known as HeadCrab , this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

Malware 136

Malware Research Cloud 136

Aqua Security

JULY 19, 2023

Lately, we have seen a rise in the number of eBPF based tools used for malicious goals such as rootkits ( ebpfkit, TripleCross ) and malwares ( pamspy ). It is widely used by many security tools for monitoring kernel activity to detect and protect organizations.

Malware 72

Malware Linux Tools Organization 72

SecureWorks

APRIL 20, 2023

Type: Blogs Bumblebee Malware Distributed Via Trojanized Installer Downloads Restricting the download and execution of third-party software is critically important. Learn how CTU™ researchers observed Bumblebee malware distributed via trojanized installers for popular software such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.

Malware 91

Malware ChatGPT Research Software 91

Ooda Loop

MAY 15, 2024

A novel cyber campaign by Russian speaking actors abused legitimate internet services, such as GitHub and FileZilla, to deploy multiple malware variants, Recorded Future has reported. This includes the deployment of Atomic macOS Stealer (AMOS), the current version of which is capable of infecting both Intel-based and ARM-based Macs.

Malware 59

Malware Internet Report 59