SPYWARE Archives - Page 13 of 15 - Cybersecurity News Everyday

Threat Research

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

December 5, 2023May 24, 2024 ESET-welivesecurity

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds.

Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information to blackmail them, and in the end gain their funds.…

Cyber Security News

Kaspersky malware report for Q3 2023

December 1, 2023January 25, 2025 SecureList

Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike

Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons.…

Threat Research

The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits – NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

November 13, 2023May 24, 2024 Securonix

Overview

In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational name, named this APT group DarkCasino.…

Threat Research

Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan

November 9, 2023May 24, 2024 ESET-welivesecurity

UPDATE (November 13th, 2023): The website has removed the “DOWNLOAD APP” button, although the malicious app is still hosted on its servers.

ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan.…

Threat Research

Analysis of a spy module inside a WhatsApp mod

November 2, 2023May 24, 2024 SecureList

It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some of these mods contain malware alongside legitimate enhancements.…

Threat Research

Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan

October 12, 2023May 24, 2024 Securonix

A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan.

A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S.,…

Threat Research

PurpleFox Resurfaces Via Spam Emails: A Look Into Its Recent Campaign – Cyble

September 26, 2023May 24, 2024 Securonix

Key TakeawaysCyble Research and Intelligence Labs (CRIL) came across a Word document file that spreads via spam email, employing an infection method for disseminating PurpleFox malware. In this malspam campaign, a VBA macro is employed to fetch the initial stage PowerShell script payload. The initial stage PowerShell script functions as a downloader responsible for retrieving a PNG image that conceals hidden content using a form of steganography technique.…

Threat Research

EvilBamboo Targets Mobile Devices in Multi-year Campaign

September 22, 2023May 24, 2024 Volexity

Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent three of the Five Poisonous Groups of Chinese Communist Party (CCP).

Volexity has tracked the activities of EvilBamboo for more than five years and continues to observe new campaigns from this threat actor.…

Threat Research

Lookout Discovers Surveillance Campaigns Targeting Uyghurs | Threat Intel

September 20, 2023May 24, 2024 Lookout

SummaryThe BadBazaar malware family is tied to Chinese hacking group APT15. In January 2024, Lookout published an in-depth analysis of the iOS variant of BadBazaar. Previously, Lookout researchers uncovered the Android version in November 2022. BadBazaar, alongside MOONSHINE spyware, have been known to target Tibetan and Uyghur minorities within China.…

Threat Research

IT threat evolution Q2 2023

August 30, 2023May 24, 2024 SecureList

Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack

Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, was used in a high-supply-chain attack. The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers.…

Threat Research

New open-source infostealer, and reflections on 2023 so far

August 29, 2023May 24, 2024 Securonix

Welcome to this week’s edition of the Threat Source newsletter.

I’m covering for Jon this week whilst he takes some well-deserved holiday. What’s on my mind this week? Well, apart from a new horror film that I just read about called “Slotherhouse” where the killer is, um, a sloth (I predict nothing but a masterpiece), there are a couple of things on my mind relating to open-source.…

Threat Research

The Persistent Danger of Remcos RAT – CYFIRMA

August 18, 2023May 24, 2024 Securonix

Published On : 2023-08-23

EXECUTIVE SUMMARY

At Cyfirma, we are dedicated to providing you with up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this comprehensive analysis, we delve into an ongoing campaign orchestrated by the Remcos Remote Access Trojan (RAT).…

Threat Research

Common TTPs of attacks against industrial organizations. Implants for uploading data | Kaspersky ICS CERT

August 7, 2023May 24, 2024 Securonix

This is the third part of our research based on an investigation of a series of attacks against industrial organizations in Eastern Europe.

The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.

In total we have identified over 15 implants and their variants planted by the threat actor(s) in various combinations.…

Threat Research

SpyNote continues to attack financial institutions | Cleafy Labs

July 31, 2023May 24, 2024 admin

Key pointsStarting from the end of 2022, an Android Spyware called SpyNote was observed to carry out bank fraud due to its many features. SpyNote abuses Accessibility services and other Android permissions in order to:– Collects SMS messages and contacts list;– Record audio and screen;– Keylogging activities;– Bypass 2FA;– Tracking GPS locations.…

Threat Research

Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers

July 27, 2023May 24, 2024 Securonix

The Halcyon Research and Engineering Team has published new research that details novel techniques used to unmask yet another Ransomware Economy player that is facilitating ransomware attacks and state-sponsored APT operations: Command-and-Control Providers (C2P) who sell services to threat actors while assuming a legal business profile.…

Threat Research

Fruity trojan downloader performs multi-stage infection of Windows computers

July 27, 2023May 24, 2024 Securonix

July 27, 2023

Doctor Web has uncovered an attack on Windows users involving a modular downloader trojan dubbed Trojan.Fruity.1. With its help, threat actors can infect computers with different types of malware, depending on the attackers’ goals. To conceal an attack and increase the chances of it being successful, they use a variety of tricks.…

Threat Research

Android SpyNote attacks electric and water public utility users in Japan | McAfee Blog

July 21, 2023May 24, 2024 McAfee

Authored by Yukihiro Okutomi

McAfee’s Mobile team observed a smishing campaign against Japanese Android users posing as a power and water infrastructure company in early June 2023. This campaign ran for a short time from June 7. The SMS message alerts about payment problems to lure victims to a phishing website to infect the target devices with a remote-controlled SpyNote malware.…

Threat Research

WyrmSpy and DragonEgg: Lookout Attributes Android Spyware to China’s APT41 | Threat Intel

July 19, 2023May 24, 2024 Lookout

What are WyrmSpy and DragonEgg surveillanceware?

WyrmSpy and DragonEgg are two advanced Android surveillanceware that Lookout attributes to high-profile Chinese threat group APT41, also known as Double Dragon, BARIUM, and Winnti.

While APT41 is mostly known for exploiting web-facing applications and infiltrating traditional endpoint devices, these malware are rare reported instances of the group exploiting mobile platforms.…

Threat Research

Letscall – new sophisticated Vishing toolset

July 8, 2023May 24, 2024 Securonix

Introduction to Letscall

In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers.…