Malware

Pierluigi Paganini October 03, 2019
6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. Security experts linked a number of cyber-espionage campaigns observed over the years to the same Chinese threat actor, tracked as PKPLUG. The name comes from the threat actor using PlugX inside ZIP archives containing […]

Pierluigi Paganini October 03, 2019
FBI warns about high-impact Ransomware attacks on U.S. Organizations

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) warns organizations about high-impact ransomware attacks. In a wake of the recent string of attacks against cities, school districts and hospitals, the U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued organizations about high-impact ransomware attacks. “Ransomware attacks are becoming more targeted, […]

Pierluigi Paganini October 03, 2019
Dutch police shut down bulletproof service hosting tens of DDoS botnets

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks. A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof […]

Pierluigi Paganini October 02, 2019
Ten hospitals in Alabama and Australia have been hit with ransomware attacks

A new wave of ransomware attacks hit US and Australian hospitals and health service providers causing the paralysis of their systems. Several hospitals and health service providers from the U.S. and Australia were hit by ransomware attacks that forced the administrators to shut part of their IT infrastructure. “Ten hospitals—three in Alabama and seven in […]

Pierluigi Paganini October 01, 2019
A new Adwind variant involved in attacks on US petroleum industry

Adwind is back, a new variant of the popular RAT is targeting US petroleum industry entities with new advanced features. A new variant of the popular Adwind RAT (aka jRAT, AlienSpy, and JSocket) is targeting entities in the US petroleum industry. The new variant implements advanced features such as multi-layer obfuscation. The malware is distributed via a […]

Pierluigi Paganini October 01, 2019
Frequent VBA Macros used in Office Malware

The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […]

Pierluigi Paganini October 01, 2019
Gucci IOT Bot Discovered Targeting European Region

Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. Analysis The discovery came to exist during our reconnaissance and intelligence collection process.  The IOT threat detection engine picked the infection IP has shown below hosting number of bins […]

Pierluigi Paganini September 30, 2019
Exclusive: MalwareMustDie analyzes a new IoT malware dubbed Linux/ AirDropBot

After 2 years of waiting, MalwareMustDie returns with an excellent page of malware analysis of a new IoT malware: Linux/AirDropBot. Yes, I have to confess, it was hard to wait all this time, but the reward it was worth it: unixfreaxjp is return, with a new, great page of reverse engeeniring published on the MalwareMustDie […]

Pierluigi Paganini September 30, 2019
Arcane Stealer V, a threat for lower-skilled adversaries that scares experts

Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a .net information-stealing malware that is easy to acquire in the dark web. The author […]

Pierluigi Paganini September 29, 2019
Security Affairs newsletter Round 233

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 0patch will provide micropatches for Windows […]