Internet threat news

New Backdoor Malware Targets Windows, Mac, and Linux

A group of cybersecurity researchers at Intezer have discovered a new malware strain that is capable of creating backdoors on Windows, Mac, and Linux machines. The malware was discovered in December 2021 and hints at a trend of new malware being developed that is capable of targeting multiple operating systems.

   
Brewery Illustrates how Destructive Ransomware Can Be

Towards the end of the holiday season Portland, Oregon-based brewery McMenamins confirmed it had suffered a ransomware attack dating back to December 12, 2021. On December 16, 2021, Bleeping Computer reported that the Brewery has suffered a ransomware incident.

   
Pysa Ransomware Ramps Up Attacks

In the NCC Groups monthly threat pulse article it was discovered that the Pysa ransomware strain took the dubious honor of becoming one of the most prolific ransomware strains for the month of November. Attacking businesses has always been on the agenda for those behind Pysa, in the past the publication covered how the gang was targeting organizations within the education sector.

   
Nation-State Threat Actors Jump on the Log4j2 Bandwagon

What is rapidly turning into one of the major InfoSec talking points for the year the threat posed by potential exploitation of the Log4j2 flaw is increasing exponentially for those who have not patched the popular logging application. In our previous coverage we detailed how threat actors distributing botnets, remote access trojans, coin miners, and ransomware were already weaponizing the flaw. Now, as predicted nation-state threat actors are looking to do the same.

   
Apache Log4j2 Vulnerability in Time for Christmas

With the public release of information regarding vulnerability CVE-2021-4428, also known as Log4j2 or Log4Shell, on December 10, 2021, many can be forgiven just letting the news pass by. For players of videogames in the 90s, Log4j2 resembles a save code or even worse a cheat code for a pixel-defined game.

   
Card Skimming Malware injected into WooCommerce Plugins

Recently the potential dangers of online shopping were made apparent over the recent Black Friday period. As soon as that ended the Christmas shopping spree began, and another discovery by security firm Sucuri again shows the dangers of online shopping to both consumers and retailers.

According to a recent article published on Securi’s blog, researchers have discovered card skimming malware being injected into WooCommerce plugins.

   
Emotet Now Seen Dropping Cobalt Strike

In November 2021 this publication covered the return of Emotet after law enforcement agencies around the globe worked to cease the malware’s operations by seizing critical infrastructure. Since the return of the botnet, it has been incredibly active being distributed in several campaigns. Now researchers have seen the Botnet dropping the infamous penetration testing tool Cobalt Strike in an attempt to fast forward ransomware attacks.

   
300,000 Android Users Infected with Malware

According to a new report published by Threat Fabric, several malware distribution campaigns have infected almost 300,000 Android users. Infections were carried out by users downloading malicious apps from the Google Play Store containing malware droppers which would then drop banking trojans specifically designed for harvesting and stealing banking credentials.

The theft of credentials is primarily done via a fake banking login page that overlays a legitimate one. Threat actors then exfiltrate the credentials and either sell them on underground marketplaces or use the credentials to commit various kinds of banking fraud. While this phenomenon is certainly not new the tactics used, namely the evolution of past tactics is what has piqued the researcher’s interest in the campaigns.

   
Crypter Distributing Malware to Crypto and NFT Communities

To say that the cryptocurrency market, now valued at 2.5 trillion USD, has seen its fair share of scams would be an understatement. The latest to affect the cryptocurrency and Non-Fungible Token (NFT) community involves a threat actor targeting enthusiasts on the popular messaging platform Discord.

According to an article published by security firm Morphisec, Discord is being used to distribute crypter malware. Crypter malware can be seen as a specific type of malware that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. They are typically used by threat actors to pass off malware as legitimate and non-harmful software applications. Crypters broadly come in two forms, static or polymorphic.

   
Over 4,000 Online Retailers Impacted by Software Flaw

The UK’s National Cyber Security Centre (NCSC) was issued a warning noting that a total of 4,151 retailers had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. The retailers impacted have been informed about the vulnerabilities customers are falling victim to over the past 18 months.

According to the warning the majority of victims were impacted by hackers exploiting known vulnerabilities in the e-commerce platform Magento. The vulnerabilities when properly exploited allow the attacker to steal credit card information entered by the customer as well as possibly redirect payments to attacker-controlled bank accounts.

   
Emotet is Back

Once referred to as the “world’s most dangerous malware,” after almost a year hiatus Emotet is back. This is not the first time the infamous botnet has resurfaced after a long hiatus.

This time the reemergence of the botnet has happened after significant law enforcement efforts bring down the botnet’s infrastructure.

   
Ransomware Gangs using DDoS Threats for Extortion

Europol recently published their Internet Organised Crime Threat Assessment report for 2021 which highlights several trends relating to cyber threats, with ransomware yet again featuring prominently in their research. The report notes, among several other trends, that ransomware reports have increased over the 12 month reporting period looked into by the law enforcement organization and that Distributed Denial of Service (DDoS) attacks, or the threat thereof, are being used to place further pressure on victims.

   
Sodinokibi Ransomware Affiliates and Infrastructure feel the Laws Wrath

Three separate reports suggest that international law enforcement agencies are continuing to apply pressure to ransomware gangs, whether it’s the gang leaders, infrastructure, or affiliates. Last week we covered how the BlackMatter ransomware gang was experiencing a legal clampdown. Now despite ceasing operations after reports suggested that US Cyber Command successfully targeted servers used by ransomware gang, is still being targeted by law enforcement. Now it appears that there is an international effort to go after affiliates and leaders of the Sodinokibi gang.

   
BlackMatter Ceases Operations as Law Enforcement Cracks Down

On November 3, 2021, a Twitter post by vx-underground displayed an announcement by BlackMatter leadership that they were shutting down ransomware operations. The announcement read,

“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) -- project is closed...After 48 hours the entire infrastructure will be turned off, allowing: Issue mail to companies for further communication [and] Get decryptor. For this write 'give a decryptor' inside the company chat, where necessary. We wish you all success, we were glad to work.”

   

Page 1 of 44

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal