Internet threat news

Nation-State Threat Actors Jump on the Log4j2 Bandwagon

What is rapidly turning into one of the major InfoSec talking points for the year the threat posed by potential exploitation of the Log4j2 flaw is increasing exponentially for those who have not patched the popular logging application. In our previous coverage we detailed how threat actors distributing botnets, remote access trojans, coin miners, and ransomware were already weaponizing the flaw. Now, as predicted nation-state threat actors are looking to do the same.

Apache Log4j2 Vulnerability in Time for Christmas

With the public release of information regarding vulnerability CVE-2021-4428, also known as Log4j2 or Log4Shell, on December 10, 2021, many can be forgiven just letting the news pass by. For players of videogames in the 90s, Log4j2 resembles a save code or even worse a cheat code for a pixel-defined game.

Card Skimming Malware injected into WooCommerce Plugins

Recently the potential dangers of online shopping were made apparent over the recent Black Friday period. As soon as that ended the Christmas shopping spree began, and another discovery by security firm Sucuri again shows the dangers of online shopping to both consumers and retailers.

According to a recent article published on Securi’s blog, researchers have discovered card skimming malware being injected into WooCommerce plugins.

Emotet Now Seen Dropping Cobalt Strike

In November 2021 this publication covered the return of Emotet after law enforcement agencies around the globe worked to cease the malware’s operations by seizing critical infrastructure. Since the return of the botnet, it has been incredibly active being distributed in several campaigns. Now researchers have seen the Botnet dropping the infamous penetration testing tool Cobalt Strike in an attempt to fast forward ransomware attacks.

300,000 Android Users Infected with Malware

According to a new report published by Threat Fabric, several malware distribution campaigns have infected almost 300,000 Android users. Infections were carried out by users downloading malicious apps from the Google Play Store containing malware droppers which would then drop banking trojans specifically designed for harvesting and stealing banking credentials.

The theft of credentials is primarily done via a fake banking login page that overlays a legitimate one. Threat actors then exfiltrate the credentials and either sell them on underground marketplaces or use the credentials to commit various kinds of banking fraud. While this phenomenon is certainly not new the tactics used, namely the evolution of past tactics is what has piqued the researcher’s interest in the campaigns.

Crypter Distributing Malware to Crypto and NFT Communities

To say that the cryptocurrency market, now valued at 2.5 trillion USD, has seen its fair share of scams would be an understatement. The latest to affect the cryptocurrency and Non-Fungible Token (NFT) community involves a threat actor targeting enthusiasts on the popular messaging platform Discord.

According to an article published by security firm Morphisec, Discord is being used to distribute crypter malware. Crypter malware can be seen as a specific type of malware that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. They are typically used by threat actors to pass off malware as legitimate and non-harmful software applications. Crypters broadly come in two forms, static or polymorphic.

Over 4,000 Online Retailers Impacted by Software Flaw

The UK’s National Cyber Security Centre (NCSC) was issued a warning noting that a total of 4,151 retailers had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. The retailers impacted have been informed about the vulnerabilities customers are falling victim to over the past 18 months.

According to the warning the majority of victims were impacted by hackers exploiting known vulnerabilities in the e-commerce platform Magento. The vulnerabilities when properly exploited allow the attacker to steal credit card information entered by the customer as well as possibly redirect payments to attacker-controlled bank accounts.

Emotet is Back

Once referred to as the “world’s most dangerous malware,” after almost a year hiatus Emotet is back. This is not the first time the infamous botnet has resurfaced after a long hiatus.

This time the reemergence of the botnet has happened after significant law enforcement efforts bring down the botnet’s infrastructure.

Ransomware Gangs using DDoS Threats for Extortion

Europol recently published their Internet Organised Crime Threat Assessment report for 2021 which highlights several trends relating to cyber threats, with ransomware yet again featuring prominently in their research. The report notes, among several other trends, that ransomware reports have increased over the 12 month reporting period looked into by the law enforcement organization and that Distributed Denial of Service (DDoS) attacks, or the threat thereof, are being used to place further pressure on victims.

Sodinokibi Ransomware Affiliates and Infrastructure feel the Laws Wrath

Three separate reports suggest that international law enforcement agencies are continuing to apply pressure to ransomware gangs, whether it’s the gang leaders, infrastructure, or affiliates. Last week we covered how the BlackMatter ransomware gang was experiencing a legal clampdown. Now despite ceasing operations after reports suggested that US Cyber Command successfully targeted servers used by ransomware gang, is still being targeted by law enforcement. Now it appears that there is an international effort to go after affiliates and leaders of the Sodinokibi gang.

BlackMatter Ceases Operations as Law Enforcement Cracks Down

On November 3, 2021, a Twitter post by vx-underground displayed an announcement by BlackMatter leadership that they were shutting down ransomware operations. The announcement read,

“Due to certain unsolvable circumstances associated with pressure from the authorities (part of the team is no longer available, after the latest news) -- project is closed...After 48 hours the entire infrastructure will be turned off, allowing: Issue mail to companies for further communication [and] Get decryptor. For this write 'give a decryptor' inside the company chat, where necessary. We wish you all success, we were glad to work.”

FBI Warns that Ransomware Gangs are Targeting Significant Financial Events

When a company is involved in a merger, acquisition, or listing on an internationally respected stock exchange it is a significant financial event in that organization’s history. The Federal Bureau of Investigation (FBI) is now warning that such events are now being targeted by ransomware gangs in a variety of ways in order to place more pressure on victims to pay the ransom lest the financial event is derailed by ransomware revelations.

NRA Suffers a Potential Grief Ransomware Attack

According to the threat actors behind the Grief ransomware strain, they have successfully compromised the National Rifle Association (NRA) network, stolen data, and encrypted their data. Bleeping Computer reports that the ransomware group posted the announcement to their leak site along with data stolen from the NRA. The site now boasts images of Excel spreadsheets containing tax and investment information allegedly belonging to the NRA. Further, the group leaked a zip file, “National”, which is reported to contain information relating to grant applications done by the NRA.

Coding Mistake Results in Million Dollar Loss for BlackMatter

In a recent article published by Emisoft, it was revealed how researchers discovered a bug in the BlackMatter ransomware’s code.  This bug was exploited by researchers to create decryption keys that were secretly handed out to victims of the ransomware gang, potentially losing the gang millions of dollars worth of ransom payments.

DarkSide, the threat group strongly believed to be behind BlackMatter and previously behind the DarkSide ransomware, was initially best known for committing other financially motivated cybercrimes, seeing the profit margins ransomware, and the ransomware-as-a-service business model could unlock they quickly pivoted.


Page 10 of 53

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal