Malware

Pierluigi Paganini October 11, 2018
Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware. A few months ago, researchers from ESET discovered a new piece of malware that further demonstrates the existence of a link between Industroyer and the NotPetya wiper. In June 2017, researchers at antivirus firm ESET […]

Pierluigi Paganini October 10, 2018
CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East

A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as […]

Pierluigi Paganini October 10, 2018
Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector. […]

Pierluigi Paganini October 04, 2018
Canadian restaurant chain Recipe suffered a network outage, is it a ransomware attack?

The Canadian restaurant chain Recipe Unlimited that operates over 20 restaurant brands has suffered a major IT outage over the weekend in a “malware outbreak.” The company operates nearly 1,400 restaurants under 19 different brands in Canada, Recipe Unlimited has suffered a major malware-based attack that impacted several of its brands. On Monday the company Monday […]

Pierluigi Paganini October 03, 2018
Researchers associated the recently discovered NOKKI Malware to North Korean APT

Security experts from Palo Alto Networks have collected evidence that links the recently discovered NOKKI malware to North Korea-Linked APT. Researchers from Palo Alto Networks have spotted a new variant of the KONNI malware, tracked as NOKKI. that was attributed to North Korea-linked attackers. NOKKI borrows the code from the KONNI malware, the latter is a remote access Trojan […]

Pierluigi Paganini October 03, 2018
Z-LAB Report – Analyzing the GandCrab v5 ransomware

Experts at the Cybaze Z-Lab have analyzed the latest iteration of the infamous GandCrab ransomware, version 5.0. Malware researchers at Cybaze ZLab analyzed the latest version of the infamous GandCrab ransomware, version 5.0. Most of the infections have been observed in central Europe, but experts found evidence that the malicious code doesn’t infect Russian users. […]

Pierluigi Paganini October 02, 2018
The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Checkpoint experts discovered in the Dark Web an online builder, dubbed Gazorp, that allows crooks to create customized binaries for the Azorult malware. Security researchers from Checkpoint have discovered in the Dark Web an online builder, dubbed Gazorp, that allows crooks to easily create customized binaries for the Azorult info-stealing malware. The Gazorp builder allows generating for free the malicious code […]

Pierluigi Paganini October 01, 2018
GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic […]

Pierluigi Paganini September 29, 2018
Torii botnet, probably the most sophisticated IoT botnet of ever

Avast spotted a new IoT botnet, tracked as Torii, that appears much more sophisticated and stealth of the numerous Mirai variants previously analyzed. Security researchers spotted a new IoT botnet, tracked as Torii, that appears much more sophisticated and stealth of the numerous Mirai variants previously analyzed. According to experts from Avast, the Torii bot has been active since […]

Pierluigi Paganini September 28, 2018
QRecorder app in the Play Store was hiding a Banking Trojan that targets European banks

The QRecorder app in the Play Store impersonating a phone call and voice recording utility embedded a banking malware used to target European banks. Security experts from ESET have discovered a malicious app in the official Google Play Store that impersonates a phone call and voice recording utility, it was hiding a banking malware used to […]