Tag: malware operations
239 articles
CPUID Compromised, Trojanized Software Deploys STX RAT
For one day in April, unsuspecting users who visited CPUID.com, a trusted site for hardware-monitoring tools, unknowingly downloaded trojanized software that deployed a malicious remote access trojan called STX RAT. The compromised software, including CPU-Z and HWMonitor, turned a trusted resource into a malware delivery vehicle.
Malware Poisons Open Source Tools in Dual Supply Chain Attacks
Imagine trusting a tool, only to have it secretly turned against you - that's what happened in March when two massive supply chain attacks infected popular open source tools with malware, putting tens of thousands of organizations at risk. The full extent of the damage may not be known for months, but one thing is clear: the threat is real and far-reaching.
CPUID Website Compromised, Serves Malware via HWMonitor Downloads
For six hours, unsuspecting visitors to the CPUID website were put at risk of having their passwords stolen when malicious malware was served in place of the HWMonitor tool they were trying to download. This alarming security breach highlights the vulnerability even trusted sites can have, leaving users to wonder if their sensitive information is safe.
CPUID Compromised in Supply Chain Attack
A recent supply chain attack on the CPUID project has raised alarming questions about trust in software downloads, after hackers manipulated the official website to serve malware-infected versions of popular tools like CPU-Z and HWMonitor. Can users, defenders, and policymakers be certain that their software sources are safe?
German Police Unmask REvil Leader in Cyber Crackdown
In a major cyber crackdown, German police have unmasked the leader of the notorious REvil gang, dealing a significant blow to the ransomware group, but also highlighting the ever-shifting threat landscape. As one threat subsides, new ones emerge, leaving defenders to prioritize scarce resources against an array of evolving threats.
LucidRook Malware Targets NGOs, Universities in Taiwan
A sneaky new malware called LucidRook has set its sights on non-governmental organizations and universities in Taiwan, using spear-phishing to catch its victims off guard. This Lua-based threat is the latest cyber attacker to target these vulnerable sectors.
VENOM Phishing Attacks Target C-Suite Microsoft Logins
A new phishing-as-a-service platform called VENOM is making it alarmingly easy for hackers to target senior executives, specifically seeking their Microsoft logins. This compact toolkit is putting the keys to the corner office within reach of any motivated adversary, leaving security teams scrambling to respond.
Google Chrome Bolsters Defenses Against Session Cookie Theft
Google Chrome just got a major security boost with the introduction of Device Bound Session Credentials (DBSC) protection, designed to block info-stealing malware from harvesting session cookies and putting your online credentials at risk. This move is a key step in the ongoing cat-and-mouse game between defenders and cyber threats.
UAT-10362 Launches LucidRook Malware in Taiwanese NGO Spear-Phishing Attacks
A mysterious threat cluster, UAT-10362, has launched a targeted spear-phishing attack on Taiwanese NGOs and universities, deploying a newly discovered malware called LucidRook. This sophisticated attack raises urgent concerns for Taiwanese civil-society groups, highlighting the need for heightened vigilance and robust defenses.
Hackers Exploit Smart Slider Plugin to Deploy Malicious Code
Hackers have hijacked the update system for the popular Smart Slider 3 Pro plugin, deploying a malicious release that lets them take control of affected websites. This alarming breach highlights the vulnerability of even trusted software update channels to exploitation.
New Trojan STX RAT Targets Finance Sector with Sophisticated Stealth Methods
Meet STX RAT, a sneaky new remote access trojan that's got its sights set on the finance sector, using advanced stealth methods and command-and-control capabilities to evade detection. This latest threat is a wake-up call for defenders, testing their readiness to respond to increasingly sophisticated attacks.
Malware Delivers ClipBanker Through Sophisticated Infection Chain
Beware of a sneaky malware that can swap out the cryptocurrency wallet address you copied with a fake one, just by pasting a malicious software masquerading as Proxifier - putting your digital assets at risk. This Trojan uses a multi-stage infection chain to deliver ClipBanker, a stealthy threat that hijacks your clipboard.
Adobe Reader Zero-Day Exploits PDFs to Profile Targets
Malicious PDFs are being used to secretly profile targets, leveraging legitimate features to harvest system data and decide which victims are worthy of a second, more invasive attack. This sneaky tactic uses booby-trapped PDFs to quietly gather intel and determine if you're a high-value target.
MacOS ClickFix Attack Exploits Script Editor to Evade Apple Warnings
The cat-and-mouse game continues: after Apple added security warnings to Terminal, attackers behind the Atomic Stealer family adapted their ClickFix attack to exploit Script Editor instead. This latest move shows how adversaries constantly evolve to evade detection.
Malicious Code Infiltrates Python Package Index
A recent supply-chain attack on a popular Python package has raised a critical question: how much trust do you really have in the software that quietly powers your work? A malicious .pth file hidden in the litellm package version 1.82.8 can automatically execute malicious code on every Python startup.
Malware Targets Gamers with Dubious Software Offers
Malware is taking aim at gamers with sneaky software offers that promise enticing perks, like "+15 armor protection" - but beware, these deals come with a hidden catch. Cyber threats are disguising themselves as tempting game enhancements, putting players at risk.
Amateur Hackers Emerge as Growing Ransomware Threat
Ransomware is now the biggest threat today, and a growing concern is amateur hackers who may not know what they're doing - which can make it even harder to recover your data. According to Cynthia Kaiser, a cybersecurity veteran with two decades of FBI experience, these newcomers pose a particularly worrisome risk.
Hackers Conceal Credit Card Stealer in Tiny SVG Images
One tiny pixel can cause massive damage: hackers have successfully hidden credit card-stealing code inside a nearly invisible, one-pixel Scalable Vector Graphics (SVG) image, putting almost 100 Magento-based online stores at risk. This sneaky tactic allowed the malicious code to blend in with normal site assets, evading detection.
macOS Users Targeted in ClickFix Malware Campaign
macOS users are being targeted in a sneaky new malware campaign called ClickFix, which tricks them into executing malicious commands by abusing the Script Editor and Terminal tools. This latest attack raises a pressing question: how can we trust our trusted tools when they're being exploited by hackers?
Chaos Malware Expands to Target Misconfigured Cloud Deployments
Malware previously confined to home routers has now set its sights on cloud infrastructure, specifically targeting misconfigured cloud deployments and expanding its botnet territory. This alarming evolution in Chaos malware attacks demands attention from those responsible for securing cloud infrastructure.
APT28 Targets Ukraine, NATO Allies with PRISMEX Malware
Russian threat actor APT28 has launched a new campaign, deploying a previously unknown malware suite called PRISMEX to target Ukraine and its NATO allies, using clever concealment techniques to evade detection. This sophisticated attack combines steganography, COM hijacking, and legitimate cloud services to stay under the radar.
FBI Disrupts Russian Hacker Network with DNS Hijacking Takedown
In a major cyber takedown, the FBI has successfully disrupted a Russian hacker network by pulling the plug on compromised US-based routers, effectively cutting off the threat actor's malicious infrastructure. This bold move allowed authorities to neutralize the threat without relying on individual device owners to take action.
North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems
Beware of the Trojan horse in your code: North Korean hackers have quietly infiltrated multiple package ecosystems, publishing around 1,700 malicious packages that masquerade as legitimate developer tools but act as malware loaders. This sneaky campaign, linked to the Contagious Interview group, puts developers and organizations relying on shared code on high alert.