Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new
Tag: malware
WolfRAT malware targets WhatsApp, Messenger
A new malware called “WolfRAT is targeting messaging apps, such as WhatsApp, Facebook Messenger and Line on Thai Android devices. WolfRAT, according to the Cisco Talos intelligence team, is based on a leak of the previously leaked DenDroid malware family. Talos said in a blog post it highly believes that this modified
Reports of COVID-19 malware threats heavier in states with increased testing
Newly published telemetry data collected by the researchers at Bitdefender suggests that U.S. reports of coronavirus-themed malware threat activity have been heaviest in states where testing has increased and the total number of confirmed infections has grown. Among U.S. states, California reported the most threats in both March and April, followed
Coronavirus news being used to sneak malware past AV programs
In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions. Padding malware with fake news is not new but Bleeping Computer has found Trickbot and Emotet now being used in
Malicious coronavirus map hides AZORult info-stealing malware
Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing,
Years-long malware operation hides njRAT in cracked hacking tools
Malicious actors have been secretly embedding the njRAT remote access trojan in free hacking tools as well as cracks of those tools, in a bid to compromise anyone who downloads this software from various websites and forums. Essentially, this adversary is trying to turn other hackers into victims, taking over their machines
Hidden Cobra adds to its malware arsenal: CISA
The DHS Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation have released a report on six new or upgraded malware variants being used by North Korea. The malware types included are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, Buffetline and Hoplight. Hoplight is a previously recorded malware believed to be used by the North Korean
Cybercriminals abuse Bitbucket to infect users with potpourri of malware
A newly discovered attack campaign has been abusing the online storage platform Bitbucket to maintain and update a wide assortment of malware, in a plot to infect computer users who download free, cracked versions of commercial software from the internet. Researchers at Cybereason’s Nocturnus team, who uncovered the threat, estimate that
Federally funded Unimax smartphone pre-loaded with malware
The Unimax UMX U686CL is a Chinese-made smartphone distributed by the federally funded Assured Wireless by Virgin Mobile has been found to come pre-loaded with two malicious applications. Malwarebytes researchers found the malware every owner finds on their phone is Wireless Update and amazingly the device’s own Settings app, neither of which can be removed from the
Attackers distill essence of Mirai IoT botnet into LiquorBot malware
Researchers recently uncovered another descendant of the Mirai Internet of Things botnet, this one featuring Monero cryptocurrency mining capabilities. Dubbed LiquorBot, the botnet malware is written in Go programming language and seems to use the same command-and-control infrastructure as Mirai. Sometimes, attack campaigns have even paired both LiquorBot and Mirai together