Tag: infection
-
New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT
A recently uncovered cyberattack campaign has brought steganography back into the spotlight, showcasing the creative and insidious methods attackers employ to deliver malware. This operation, dubbed the >>Stego-Campaign,
-
When AI moves beyond human oversight: The cybersecurity risks of self-sustaining systems
Tags: access, ai, attack, authentication, automation, breach, business, control, credentials, crowdstrike, cybersecurity, data, detection, email, exploit, firewall, fraud, government, identity, infection, login, malware, mfa, monitoring, network, phishing, risk, software, technology, threat, update, vulnerabilityautopoiesis, allows AI systems to adapt dynamically to their environments, making them more efficient but also far less predictable.For cybersecurity teams, this presents a fundamental challenge: how do you secure a system that continuously alters itself? Traditional security models assume that threats originate externally, bad actors exploiting vulnerabilities in otherwise stable systems. But with AI capable…
-
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
Researchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to appear legitimate and relevant to the recipient. These emails carry an archive attachment, which typically…
-
DOGE ‘Big Balls’ Ransomware Utilizes ZIP-Based LNK Shortcuts and BYOVD Techniques for Stealthy Attacks
A new and highly sophisticated ransomware campaign, dubbed “DOGE BIG BALLS Ransomware,” has recently come to light, demonstrating a blend of technical innovation and psychological manipulation. This operation stands out for its multi-stage infection chain, which begins with a seemingly innocuous ZIP file and culminates in the deployment of a customized ransomware payload, all while…
-
Malicious ‘mParivahan’ App Circulates on WhatsApp, Skimming Sensitive Mobile Data
A new variant of the fake NextGen mParivahan app has emerged, exploiting the trust users place in official government notifications to distribute malware. This malicious software is distributed through seemingly legitimate traffic violation alerts via WhatsApp, luring victims into installing what they believe is the official app. Infection Vector and Deceptive Tactics The malware spreads…
-
GOFFEE Deploys PowerModul in Coordinated Strikes on Government and Energy Networks
The threat actor known as GOFFEE has launched a series of targeted attacks against critical sectors within the Russian Federation, utilizing advanced malware and phishing techniques. The group’s latest campaign involves the deployment of PowerModul, a PowerShell-based implant, to escalate their intrusion capabilities and carry out coordinated strikes effectively. PowerModul and Initial Infection Vectors PowerModul…
-
Attackers Exploit SourceForge Platform to Distribute Malware
Tags: attack, cyber, cybercrime, cybersecurity, exploit, infection, malicious, malware, russia, softwareA recent malware distribution scheme has been uncovered on SourceForge, the popular software hosting and distribution platform. Cybercriminals have leveraged SourceForge’s subdomain feature to deceive users with fake downloads of software applications, embedding malicious files into the infection chain. This attack, primarily targeting Russian-speaking users, has raised alarms within the cybersecurity community for its level…
-
News alert: SpyCloud study shows gaps in EDR, antivirus, 66% of malware infections missed
Austin, TX, USA, April 7, 2025, CyberNewswire, SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/news-alert-spycloud-study-shows-gaps-in-edr-antivirus-66-of-malware-infections-missed/
-
SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
Austin, TX, USA, 7th April 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/spycloud-research-shows-that-endpoint-detection-and-antivirus-solutions-miss-two-thirds-66-of-malware-infections/
-
EDR Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections SpyCloud Research
Deep visibility into malware-siphoned data can help close gaps in traditional defenses before they evolve into major cyber threats like ransomware and account takeover SpyCloud, the leading identity threat protection company, today released new analysis of its recaptured darknet data repository that shows threat actors are increasingly bypassing endpoint protection solutions: 66% of malware infections…
-
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
Organizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada.”More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded between…
-
New Triada Trojan comes preinstalled on Android devices
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking…
-
Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware
A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek LLM and popular remote desktop applications to distribute the Trojan-Downloader.Win32.TookPS malware. The attackers targeted both individual users and organizations by disguising malicious software as legitimate business tools, including UltraViewer, AutoCAD, and SketchUp. Malicious Infrastructure and Infection Chain The TookPS malware…
-
For healthcare orgs, disaster recovery means making sure docs can save lives during ransomware infection
Organizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
KoiLoader Exploits PowerShell Scripts to Drop Malicious Payloads
Cybersecurity experts at eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign leveraging KoiLoader, a malicious loader designed to deploy information-stealing payloads. This campaign utilized PowerShell scripts and obfuscation techniques to bypass security measures and infect systems. The investigation revealed a multi-stage infection chain, highlighting the evolving tactics of cybercriminals. Infection Chain and Delivery…
-
Infostealer malware poses potent threat despite recent takedowns
How CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Multistage Info-Stealer SnakeKeylogger Targets Individuals and Businesses to Steal Login Credentials
SnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect. The attack begins with a malicious spam email containing a .img file attachment, which, when…
-
Nation-State ‘Paragon’ Spyware Infections Target Civil Society
Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/nation-state-paragon-spyware-infections
-
Infostealers Fuel 2.1B Credentials and 23M Host Infections
Cybercrime surged with a 33% spike in credential theft and 200 million credentials stolen in early 2025, signaling a daunting threat landscape for organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/trends/infostealers-2-1b-credentials-23m-hosts/
-
SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware
SocGholish, a sophisticated malware-as-a-service (MaaS) framework, has been identified as a key enabler in the distribution of RansomHub ransomware. This malicious framework exploits compromised websites by injecting them with obfuscated JavaScript loaders, which redirect users to fake browser update notifications. These notifications trick users into downloading and executing malicious files, thereby initiating the infection process.…
-
New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers
A recent cybersecurity threat has emerged in the form of a steganographic campaign that uses seemingly harmless JPG files to distribute multiple types of malware, including password stealers like Remcos and AsyncRAT. This sophisticated attack begins with a phishing email containing a malicious Excel document that exploits a known vulnerability, CVE-2017-0199, to initiate the infection…
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.”The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis.”More than 1,600 victims were affected during one…
-
APT ‘Blind Eagle’ Targets Colombian Government
The South American-based advanced persistent threat group is using an exploit with a high infection rate, according to research from Check Point. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government
-
Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
Cybersecurity researchers at G DATA have uncovered a sophisticated malware campaign utilizing fake booking websites to deliver the LummaStealer malware through deceptive CAPTCHA prompts. This new attack vector, discovered in January 2025, marks a significant shift in LummaStealer’s distribution methods, moving from traditional channels like GitHub and Telegram to malvertising techniques. The infection chain begins…
-
How New AI Agents Will Transform Credential Stuffing Attacks
Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks, including those frequently performed by attackers.Stolen credentials: The…