Malware

Pierluigi Paganini July 15, 2018
Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Researchers from the Z-Lab at CSE Cybsec analyzed a new collection of malware allegedly part of a new espionage campaign conducted by the APT28 group. It was a long weekend for the researchers from the Z-Lab at CSE Cybsec that completed the analysis a number of payloads being part of a new cyber espionage campaign […]

Pierluigi Paganini July 14, 2018
A few days after discovery of GandCrab ransomware ver 4.0, experts found 4.1 version

Security experts from Fortinet recently detected a new version of the GandCrab ransomware, ver 4.1, that is being distributed through compromised websites A few days ago, I wrote about the return of the GandCrab ransomware (v4), a new version appeared in the threat landscape and experts at BleepingComputer first reported it. GandCrab ransomware is a young threat, it first […]

Pierluigi Paganini July 13, 2018
Mobile Malware Campaign targets users in India through rogue MDM service

Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware distributed through a bogus MDM service Security experts from Talos Team have uncovered a “highly targeted” campaign leveraging a mobile malware that has been active at least since August 2015. The researchers believe that cyberspies are operating from China and they found spying […]

Pierluigi Paganini July 13, 2018
Ukraine ‘s SBU Security Service reportedly stopped VPNFilter attack at chlorine station

Ukraine ‘s SBU Security Service reportedly stopped VPNFilter attack at chlorine station, the malware infected the network equipment in the facility that supplies water treatment and sewage plants. According to the Interfax-Ukraine media outlet, the VPNFilter hit the LLC Aulska station in Auly (Dnipropetrovsk region), according to the experts the malware aimed at disrupting operations at the chlorine station. […]

Pierluigi Paganini July 12, 2018
Popular software VSDC official website was hacked and used to distribute malware

Hackers have compromised the website of VSDC, (http://www.videosoftdev.com), a popular company that provides free audio and video conversion and editing software. Experts from Chinese security firm Qihoo 360 Total Security discovered that attackers hijacked the download links of the popular audio and video editor, VSDC. The experts discovered that hackers hijacked download links on the websites […]

Pierluigi Paganini July 12, 2018
China-based TEMP.Periscope APT targets Cambodia’s elections

FireEye uncovered a large-scale Chinese phishing and hacking campaign powered by Temp.periscope APT aimed at Cambodia’s elections. Security researchers at FireEye have uncovered a large-scale Chinese phishing and hacking campaign aimed at Cambodia’s elections. The hackers distributed a remote access trojan (RAT) and data exfiltration operation targeting the poll. The experts from FireEye attributed the attacks to an APT group tracked […]

Pierluigi Paganini July 11, 2018
A tainted version of Arch Linux PDF reader package found in a user-provided AUR

Hackers have poisoned the Arch Linux PDF reader package named “acroread” that was found in a user-provided Arch User Repository (AUR), Hackers have poisoned the Arch Linux PDF reader package, this means that users who have downloaded recently a PDF viewer named “acroread” may have been compromised. ThePDF reader package has been tainted with a malware and Arch […]

Pierluigi Paganini July 10, 2018
BlackTech APT using stolen D-Link certificates to spread malware

A cyber-espionage group tracked as BlackTech is abusing code-signing certificates stolen from D-Link for the distribution of their malware. Security experts from ESET discovered that an APT group tracked as BlackTech is using code-signing certificates stolen from Taiwanese-based tech firm D-Link and the security company Changing Information Technology Inc. According to the experts, the cyber espionage group […]

Pierluigi Paganini July 09, 2018
Hacker hijacked original LokiBot malware to sell samples in the wild

An expert found evidences that demonstrate the current distributed LokiBot malware samples were “hijacked” by a third actor. According to the researcher who goes online by the Twitter handle “d00rt,” samples of the LokiBot malware samples being distributed in the wild are modified versions of the original sample. I just released an article where are […]

Pierluigi Paganini July 08, 2018
HNS Botnet evolves and targets cross-platform database solutions

The HNS IoT botnet (Hide and Seek) originally discovered by BitDefender in January evolves and now targets cross-platform database solutions. Do you remember the Hide ‘N Seek (HNS) botnet? The IoT botnet Hide ‘N Seek botnet appeared in the threat landscape in January, when it was first spotted on January 10th by malware researchers from Bitdefender. It was first discovered […]