Cactus Ransomware Attacks – Microsoft Alerts

Hear this out loud Microsoft warns of Cactus ransomware actors using malvertising to infect victims

Microsoft has raised the alarm about a growing wave of ransomware attacks utilizing malvertising tactics to spread Cactus ransomware. The sophisticated malware campaign hinges on deploying DanaBot as an initial access vector, orchestrated by the ransomware operator Storm-0216, also known as Twisted Spider or UNC2198. Cactus Ransomware Deployed by DanaBot Microsoft’s Threat Intelligence team has… Continue reading Cactus Ransomware Attacks – Microsoft Alerts

InfectedSlurs Botnet Exploits Zero-Days to Spread Mirai Malware

InfectedSlurs Botnet deploys Mirai malware using unpatched vulnerabilities

The “InfectedSlurs Botnet,” a sophisticated cyber threat, has been uncovered by the Akamai SIRT in a recent development. This malware campaign utilizes zero-day exploits to propagate the notorious Mirai malware, posing a significant risk to vulnerable devices worldwide. InfectedSlurs Helps Mirai Botnet to Resurface The InfectedSlurs Botnet has strong ties to the infamous Mirai malware,… Continue reading InfectedSlurs Botnet Exploits Zero-Days to Spread Mirai Malware

DarkGate and Pikabot Copy the QakBot Malware

Recent behavior of DarkGate and PikaBot makes analysts think about them being a return of QakBot

According to researchers, the phishing campaign promoting the DarkGate and PikaBot malware is carried out by the authors or successors of the QBot Trojan (aka QakBot). Information security specialists believe that this is currently the most complex phishing campaign that has appeared since the liquidation of QBot. Is Pikabot A New QakBot? In its report,… Continue reading DarkGate and Pikabot Copy the QakBot Malware

Rude Stealer Targets Data from Gamer Platforms

Java-based stealer target gaming platforms

A newly discovered Java-based stealer named Rude has emerged, encapsulated within a Java Archive (JAR) file. It employs a range of sophisticated functionalities and focuses on stealing sensitive data from gaming platforms such as Steam, Discord, and other browsers. Rude Stealer Overview In early November 2023, researchers identified a malicious JAR file labeled “Stealer.jar” on… Continue reading Rude Stealer Targets Data from Gamer Platforms

Phobos Ransomware Mimics VX-Underground Researchers

Ransomware criminals from Phobos group released ransomware that masquerades as the development of VX-Underground community

A new version of Phobos ransomware claims to be developed by VX-Underground, a malware info sharing community. Hackers again disguise themselves as information security specialists, ruining their image. How funny or serious is this all? What is Phobos ransomware? Phobos ransomware emerged in 2018 as a ransomware-as-a-service (RaaS), an offshoot of the Crysis ransomware family.… Continue reading Phobos Ransomware Mimics VX-Underground Researchers

LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

LitterDrifter USB worm is a cyber threat targeting Ukrainian entities, emphasizing the need for robust cybersecurity defenses worldwide.

LitterDrifter USB worm, intricately linked to the notorious Gamaredon group and originating from Russia. It has set its sights on Ukrainian entities, adding a concerning layer to the already complex world of state-sponsored cyber espionage. This USB worm, believed to be orchestrated by Russian actors, not only showcases the adaptability and innovation of Gamaredon but… Continue reading LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

IPStorm Botnet Stopped by the FBI, Operator Detained

The IPStorm is quiet now

The FBI has successfully dismantled the notorious IPStorm botnet and apprehended its operator. The operation took place back in September, with the key operator, Sergei Makinin, detained around this time. FBI Dismantles IPStorm Botnet The Federal Bureau of Investigation has successfully suspended the activity of the notorious IPStorm botnet. As a result, they have ended… Continue reading IPStorm Botnet Stopped by the FBI, Operator Detained

Malicious CPU-Z Copy Is Spread In Google Search Ads

Attackers are again abusing the Google Ads platform to distribute malicious advertising and Redline information stealer. This time, the ads advertised a trojanized version of the CPU-Z tool. CPU-Z Malware in the WindowsReport Page Clone Recently, a wave of malicious ads on Google Search results page offered users a Trojan-infected version of the popular CPU-Z… Continue reading Malicious CPU-Z Copy Is Spread In Google Search Ads

SecuriDropper Bypasses Google Play & Android Defenses

SecuriDropper circumvents security, jeopardizing Android devices with malware.

SecuriDropper is a rare example of the Android dropper malware that operates under the dropper-as-a-service (DaaS) model. This malware is raising significant concerns among experts due to its ability to bypass Google’s enhanced security measures and deliver a variety of malicious payloads. What is SecuriDropper Malware? SecuriDropper represents the latest evolution in the ever-changing world… Continue reading SecuriDropper Bypasses Google Play & Android Defenses

Socks5Systemz Proxy Service Infects 10,000 Systems Worldwide

A proxy botnet using PrivateLoader and Amadey has been infecting devices around the world since 2016

A proxy botnet, “Socks5Systemz”, uses malware loaders to infiltrate computers across the globe. Attackers have infected about 10,000 devices and organized a full-fledged proxy service based on it. Socks5Systemz Dropper Malware Overview A recent analysis from Bitsight has revealed the existence of a new malware sample called the Socks5Systemz proxy botnet. Although it has been… Continue reading Socks5Systemz Proxy Service Infects 10,000 Systems Worldwide