Malware

Pierluigi Paganini September 07, 2020
Epic Manchego gang uses Excel docs that avoid detection

A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that are able to bypass security checks Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since […]

Pierluigi Paganini September 06, 2020
Netwalker Ransomware hit Argentina’s official immigration agency

Argentina’s official immigration agency, Dirección Nacional de Migraciones, is the last victim of the Netwalker ransomware operators. Argentina’s official immigration agency, Dirección Nacional de Migraciones, was hit by a Netwalker ransomware attack that caused the interruption of the border crossing into and out of the country for four hours. The ransomware operators also exfiltrated sensitive […]

Pierluigi Paganini September 06, 2020
Visa warns of new sophisticated credit card skimmer dubbed Baka

Visa issued a warning regarding a new credit card JavaScript skimmer, tracked as Baka, that implements new features to evade detection. Visa issued a warning regarding a new e-skimmer known as Baka that removes itself from memory after having exfiltrating payment card details. The e-skimmer was first spotted by experts with Visa’s Payment Fraud Disruption […]

Pierluigi Paganini September 05, 2020
FBI issued a second flash alert about ProLock ransomware in a few months

FBI issued a second flash alert about ProLock ransomware stealing data, four months after the first advisory published by the feds on the same threat. The FBI has issued the 20200901-001 Private Industry Notification about ProLock ransomware stealing data on September 1st. The fresh alert is the second one related to this threat, the first […]

Pierluigi Paganini September 04, 2020
SunCrypt Ransomware behind North Carolina school district data breach

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The ransomware attack took place on August 24th, 2020, but at the […]

Pierluigi Paganini September 04, 2020
Evilnum APT used Python-based RAT PyVil in recent attacks

The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware […]

Pierluigi Paganini September 03, 2020
Is the Belarusian government behind the surveillance Android app banned by Google?

Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. Google has removed the app NEXTA LIVE (com.moonfair.wlkm) from the official Play Store because it was used by the Belarusian government to spy on anti-government protesters. The malicious app remained in the store for almost […]

Pierluigi Paganini September 02, 2020
Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it […]

Pierluigi Paganini September 01, 2020
Iran-linked APT group Pioneer Kitten sells access to hacked networks

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has […]

Pierluigi Paganini August 31, 2020
Qbot uses a new email collector module in the latest campaign

QBot Trojan operators are using new tactics in their campaign to hijack legitimate email conversations to steal sensitive data from the victims. Researchers from Check Point are warning of a new trend observed in QBot Trojan campaign targeting Microsoft Outlook users, QBot Trojan operators are using new tactics to hijack legitimate email conversations and steal […]