Malware

Pierluigi Paganini May 25, 2020
Ragnar Ransomware encrypts files from virtual machines to evade detection

Ransomware encrypts from virtual machines to evade antivirus Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Crooks always devise new techniques to evade detection, the Ragnar Locker is deploying Windows XP virtual machines to encrypt victim’s files while bypassing security measures. The Ragnar […]

Pierluigi Paganini May 25, 2020
Maze ransomware operators leak credit card data from Costa Rica’s BCR bank

Maze ransomware operators published credit card details stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week. Maze ransomware operators have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week. Early May, Maze Ransomware operators claimed to have hacked the […]

Pierluigi Paganini May 24, 2020
Coronavirus-themed attacks May 17 – May 23, 2020

This post includes the details of the Coronavirus-themed attacks launched from May 17 to May 23, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. May 19 – Hackers Target Oil Producers During […]

Pierluigi Paganini May 23, 2020
Experts observed a spike in COVID-19 related malspam emails containing GuLoader

Security experts observed a spike in the use of the GuLoader since March 2020 while investigating COVID-19-themed malspam campaigns. Researchers from Vipre Labs observed a spike in the use of GuLoader in COVID-19-themed campaign since March 2020. The discovery confirms that crooks continue to use COVID-19 lures in malspam campaigns. In the campaign monitored by […]

Pierluigi Paganini May 23, 2020
Silent Night Zeus botnet available for sale in underground forums

Experts reported the existence of a botnet, tracked as Silent Night based on the Zeus banking Trojan that is available for sale in several underground forums. This week researchers from Malwarebytes and HYAS published a report that included technical details on a recently discovered botnet, tracked as Silent Night, being distributed via the RIG exploit kit and COVID-19 malspam […]

Pierluigi Paganini May 22, 2020
Cyber-Criminal espionage Operation insists on Italian Manufacturing

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. Introduction During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain. The group behind this activity is […]

Pierluigi Paganini May 22, 2020
Microsoft warns of “massive campaign” using COVID-19 themed emails

Experts from the Microsoft Security Intelligence team provided some details on a new “massive campaign” using COVID-19 themed emails. Researchers from the Microsoft Security Intelligence team provided some details on a new massive phishing campaign using COVID-19 themed emails. The messages used weaponized Excel documents, the IT giant observed a spike in the number of […]

Pierluigi Paganini May 22, 2020
Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. The Winnti group was first spotted by Kaspersky […]

Pierluigi Paganini May 21, 2020
Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued […]

Pierluigi Paganini May 21, 2020
Iran-linked Chafer APT group targets governments in Kuwait and Saudi Arabia

Cybersecurity researchers uncovered an Iranian cyber espionage campaign conducted by Chafer APT and aimed at critical infrastructures in Kuwait and Saudi Arabia. Cybersecurity researchers from Bitdefender published a detailed report on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. The cyber espionage campaigns were carried out by Iran-linked Chafer […]