Apr 26, 2024NewsroomMobile Security / Cybercrime Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. “Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be […]
Apr 17, 2024NewsroomRansomware / Cyber Espionage A previously undocumented “flexible” backdoor called Kapeka has been “sporadically” observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka […]
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka,” or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at […]
First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the remote machine. Based on our telemetry, this batch file launches commands to gather system information. Among the commands executed are: powershell.exe -command “Get-NetAdapter |select InterfaceGuid” arp -a ipconfig /all fsutil fsinfo drives query user net […]
Mar 29, 2024NewsroomNetwork Security / IoT Security A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. “TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries […]
Mar 06, 2024NewsroomCyber Attack / Malware A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that’s believed to have been active since at least 2022. The exact specifics […]
Feb 29, 2024NewsroomCyber Espionage / Malware A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, […]
A previously unpublished interview with the former Can frontman Fortune favours the brave, they say. Although they also say that you should never meet your idols. Luckily, in retrospect, when you’re a journalist scouring a backstage bar with your director and camera person in tow, and you bump into the lead singer of one of […]
Feb 13, 2024NewsroomCryptocurrency / Rootkit The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. “This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that […]