malware

Pierluigi Paganini May 07, 2018
SynAck ransomware Employs Many Novel Techniques to Avoid Detection

The latest variant of the SynAck ransomware now includes a number of novel and complex anti-detection techniques, including one that was only made published by security researchers in December 2017. When it originally appeared on the scene, SynAck ransomware didn’t seem unique or outstanding. It was marginally effective, but it wasn’t going to force enterprises […]

Pierluigi Paganini May 06, 2018
New ZooPark APT targets Android users in Middle East since 2015

Security researchers from Kaspersky Lab have uncovered a new cyber-espionage APT group tracked ZooPark that targeted entities in the Middle East during the past three years. ZooPark APT has been active at least since 2015 and has shown a growing level of sophistication across the years. “ZooPark is a cyberespionage operation that has been focusing on Middle […]

Pierluigi Paganini May 04, 2018
A bug in GandCrab ransomware V3 accidentally locks systems running Windows 7

The latest variant of the dreaded GandCrab ransomware,version 3, locks the infected systems running on Windows 7. A few days ago, experts from security firm Fortinet uncovered a new spam campaign delivering a new version of the GandCrab ransomware, the version v3. Like other ransomware, such as Locky and Sage, the GandCrab ransomware v3 also changes the wallpapers of the infected […]

Pierluigi Paganini May 01, 2018
FacexWorm targets cryptocurrency users and spreads through Facebook Messenger

Social networks could be a privileged attack vector to rapidly spread a malware to a huge audience, FacexWorm targets cryptocurrency users by spreading through Facebook Messenger. Social networks could be a privileged attack vector to rapidly spread a malware to a huge audience. In the last hours, a new threat is spreading through leveraging an apparently […]

Pierluigi Paganini April 30, 2018
SamSam operators switch tactic and are more focused on targeted organizations

SamSam ransomware made the headlines again, crooks now spreading thousands of copies of the ransomware at once into individual targeted organizations. Ransomware continues to be one of the most dangerous cyber threat and incident like the one suffered by the city of Atlanta demonstrates that their economic impact on victims could be severe. SamSam ransomware […]

Pierluigi Paganini April 30, 2018
Op GhostSecret – ThaiCERT seized a server used by North Korea Hidden Cobra APT group in the Sony Picture hack

The Thai authorities with the support of the ThaiCERT and security first McAfee have seized a server used by North Korean Hidden Cobra APT as part of the Op GhostSecret campaign. The Thai authorities with the support of the ThaiCERT have seized a server used by North Korean hackers in the attack against Sony Picture. […]

Pierluigi Paganini April 27, 2018
Necurs Spam Botnet operators adopt a new technique to avoid detection

Operators behind the Necurs botnet, the world’s largest spam botnet, are currently using a new evasion technique attempting to surprise the unprepared defenses. Necurs is the world’s largest spam botnet, it is composed of millions of infected computers worldwide. Necurs was not active for a long period at the beginning of 2017 and resumed its activity in April […]

Pierluigi Paganini April 27, 2018
Rubella Macro Builder Crimeware Kit gains popularity on cybercrime underground

A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground, experts already spotted its malware in the wild. A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground. The Rubella Macro Builder allows crooks to generate a malicious payload for social-engineering […]

Pierluigi Paganini April 22, 2018
Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind RAT

Security experts at Trend Micro have spotted spam campaigns delivering XTRAT and DUNIHI Backdoors and Loki malware bundled with the Adwind RAT. Malware researchers at Trend Micro have uncovered a spam campaign that delivers the infamous Adwind RAT (aka jRAT) alongside the XTRAT backdoor (aka XtremeRAT) and the Loki info stealer. In a separate Adwind RAT spam campaign, the researchers observed the use […]

Pierluigi Paganini April 22, 2018
Unscrupulous crooks behind the RansSIRIA Ransomware try to exploit attentions on Syrian refugee crisis

Researchers at MalwareHunterTeam have discovered a new strain of ransomware called RansSIRIA that encrypts victim’s files and then states it will donate the ransom to Syrian refugees. Unscrupulous cybercriminals try to exploit every situation, even the most dramatic incidents. In the past, crooks attempted to exploits the media attention on dramatic events such as the Boston Marathon, the […]