Malware

Pierluigi Paganini May 07, 2020
Brazilian trojan banker is targeting Portuguese users using browser overlay

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. The modus operandi of this piece of malware is not new in Portugal. At least since the year of 2014 that new variants have been observed, with minor changes, and with the objective of collecting bank details […]

Pierluigi Paganini May 06, 2020
Shipping Giant Toll suffered a second ransomware attack in a few months

Australian shipping giant Toll informed its customers that it has shut down some IT systems due to a new ransomware attack. The Australian transportation and logistics giant Toll Group informed its customers that it has shut down some IT systems after a new ransomware attack, it is the second infection disclosed by the company this […]

Pierluigi Paganini May 05, 2020
Kaiji, a new Linux malware targets IoT devices in the wild

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target […]

Pierluigi Paganini May 04, 2020
Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns of threat actors targeting organizations with malware-laced ISO and IMG files aimed at delivering a remote access trojan. Microsoft advanced machine learning threat detection models detected multiple malspam campaigns distributing malware-laced ISO. Last week experts from Microsoft detected a COVID-19-themed spam campaign, the messages are crafted to trick users into downloading and mounting […]

Pierluigi Paganini May 04, 2020
Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. Experts warn of hacking campaign that is targeting organization using the Salt platform for the management of their infrastructure, the last victim is the Ghost blogging platform. The attackers […]

Pierluigi Paganini May 03, 2020
Coronavirus-themed attacks April 26 – May 02, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 26 to May 02, 2020. Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERShttps://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below […]

Pierluigi Paganini May 03, 2020
Cyber Threats Observatory Gets Improvements

Today I am so happy to announce a big improvement in the cyber threats observatory (available for here). The main improvement sees the introduction of clustering stereotypes for each tracked malware family in three different behaviors: Domains, Files and Processes. Every malware does specific actions on domains, files and processes realms by meaning that every sample contacts several domain names, spawns specific processes and […]

Pierluigi Paganini May 02, 2020
TrickBot operators exploit COVID-19 as lures

IBM X-Force researchers spotted a new COVID-19-themed campaign spreading the infamous TrickBot trojan through fake messages. IBM X-Force researchers uncovered a new COVID-19-themed campaign that is spreading the infamous TrickBot trojan through fake messages. The spam messages pretend to be sent by the Department of Labor’s Family and Medical Leave Act (FMLA) and attempt to […]

Pierluigi Paganini May 01, 2020
Maze Ransomware operators claim to have stolen millions of credit cards from Banco BCR

Maze Ransomware operators claim to have gained access to the network of Banco BCR of Costa Rica and stolen 11 million credit card credentials. Maze Ransomware operators claim to have hacked the network of the state-owned Bank of Costa Rica Banco BCR and to have stolen internal data, including 11 million credit card credentials. Banco BCR […]

Pierluigi Paganini April 30, 2020
Crooks spread malware via pirated movies during COVID-19 outbreak

Microsoft warns of a spike in malware spreading via pirate streaming services and movie piracy sites during the COVID-19 pandemic. With most people forced to stay at home due to the ongoing COVID-19 pandemic, the popularity of pirate streaming services and movie piracy sites is rocketed. Crooks are attempting to take advantage of COVID-19 pandemic […]