Malware

Pierluigi Paganini April 08, 2017
Brickerbot botnet, the thingbot that permanently destroys IoT devices

Security researchers have spotted a new threat dubbed Brickerbot botnet that causes permanent damage to Internet of Things (IoT) devices. Months ago we anticipated the possible spike in the number of IoT botnets, at the beginning it was Mirai, but later other dangerous thingbot appeared in the wild such as the Leet Botnet and the Amnesia botnet. Now a […]

Pierluigi Paganini April 08, 2017
Sathurbot botnet, over 20,000 bots launched a distributed WordPress password attack

Experts observed a new threat targeting WordPress install, the Sathurbot botnet attempts to bruteforce WordPress accounts. Once compromised a WordPress website, the Sathurbot botnet uses it to spread the malware. The Sathurbot leverages torrents as a delivery mechanism, once a website is compromised it is used to host fake movie and software torrents. When victims search for […]

Pierluigi Paganini April 07, 2017
IoT Amnesia Botnet puts at risk hundreds of thousands of DVRs due to unpatched flaw

Security experts at Palo Alto Networks have discovered a new Linux/IoT botnet dubbed Amnesia botnet that has been targeting digital video recorders (DVRs). Amnesia exploited an unpatched remote code execution vulnerability that was disclosed more than one year ago by security researcher Rotem Kerner. “fraudsters are adopting new tactics in order to attack retailers. This new […]

Pierluigi Paganini April 07, 2017
Philadelphia Ransomware, a new threat targets the Healthcare Industry

“Philadelphia” Ransomware Targets Healthcare Industry Security experts from Forcepoint have discovered a new strain of ransomware dubbed Philadelphia that is targeting organizations in the healthcare industry. The Philadelphia ransomware is a variant of the Stampado ransomware, a very cheap malware offered for sale on the Dark Web since June 2016 at just 39 USD for a lifetime license. Last month the popular expert Brian […]

Pierluigi Paganini April 07, 2017
Apache Struts 2 vulnerability exploited to deliver the Cerber ransomware

Cyber criminals exploited the recently patched Apache Struts 2 vulnerability CVE-2017-5638 in the wild to deliver the Cerber ransomware. A recently patched Apache Struts 2 vulnerability, tracked as CVE-2017-5638, has been exploited by crooks in the wild to deliver the Cerber ransomware. The remote code execution vulnerability affected the Jakarta-based file upload Multipart parser under Apache […]

Pierluigi Paganini April 05, 2017
ClearEnergy ransomware aim to destroy process automation logics in critical infrastructure, SCADA and industrial control systems.

Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware. Researchers at CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group have demonstrated this week a new proof of concept ransomware attack aiming to erase (clear) the ladder logic diagram in Programmable Logic Controllers (PLCs). The ransomware a.k.a ClearEnergy affects a massive […]

Pierluigi Paganini April 05, 2017
South Korean users targeted with a new stealthy malware, the ROKRAT RAT

Security experts at CISCO Talos have spotted a new insidious remote access tool dubbed ROKRAT that implements sophisticated anti-detection measures. The ROKRAT RAT targets Korean users, people using the popular Korean Microsoft Word alternative Hangul Word Processor (HWP). In the past, we saw other attacks against people using the HWP application. The ROKRAT RAT was used […]

Pierluigi Paganini April 04, 2017
Android Chrysaor spyware went undetected for years

Chrysaor spyware is an Android surveillance malware that remained undetected for at least three years, NSO Group Technology is suspected to be the author. Security experts at Google and Lookout spotted an Android version of one of the most sophisticated mobile spyware known as Chrysaor that remained undetected for at least three years. due to its […]

Pierluigi Paganini April 02, 2017
Forcepoint spotted the modular Felismus RAT, it appears the work of skilled professionals

Malware researchers at Forcepoint have discovered a new modular malicious code, dubbed Felismus RAT, that appears the work of skilled professionals. Malware researchers at Forcepoint have discovered a new modular malicious code dubbed Felismus RAT. The malware has been used in highly targeted campaigns, experts believe the Felismus RAT is the work of skilled professionals. […]

Pierluigi Paganini March 31, 2017
Owners of GitHub repositories targeted by the Dimnie data-stealer malware

Since mid-January, attackers have targeted owners of GitHub repositories with the Dimnie data-stealer malware. It is a relatively unknown threat actor. Attackers have targeted developers having Github repositories with a data-stealing malware called Dimnie. The malicious code includes keylogging features and modules that capture screenshots. The Dimnie malware was spotted by researchers at Palo Alto Networks in mid-January when an […]