Internet threat news

New BlackGuard Variant Capable Of Targeting 57 Wallets And Extensions

Security researchers for the major telecommunications company AT&T have discovered a new variant of BlackGuard, a new info stealer that is gaining popularity with threat actors using underground hacking forums.

This new variant is actively being distributed in the wild and boosts several new features, including targeting crypto wallets and related cryptocurrency extensions.

Emotet Returns With A Sneaky Way To Avoid Detection

On March 7, 2022, Bleeping Computer broke the news that Emotet activity had surged back to life and the malware was once again facilitating the sending of malicious spam emails.

After a three-month break, the malware’s operators deemed it was time to ramp up operations once more from an all too brief hiatus. Emotet’s operators have been known to take extended periods away from time to time only to resurface a few months later.

LockBit’s Ever-Increasing Victim List

Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The company generates over 5.4 billion USD in annual revenue and employs more than 6,400 people.

Phishing Campaign Targeting Eastern Europe Delivers Remcos RAT Malware

Security firm Sentinel One just published a report detailing how a phishing campaign used to target victims in Eastern Europe is being used to deliver the Remcos RAT and DBateLoader malware strains. As with so many malware distribution campaigns, things kick off with a phishing email campaign, in this instance a fake invoice sent from already compromised email accounts.

APT27 Develops Linux Version of their Malware

Chinese advanced persistent threat group, APT27, also known as Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, or TG-3390, is now developing Linux version of their custom malware payloads. The group is best known for its cyber espionage abilities by leveraging custom malware packages. With the move to developing Linux versions, security researchers believe they will be able to better target enterprise network solutions built on the operating system.

New Post-Exploit Kit Linked to LockBit

For many of the readers of this publication they will be aware of the heyday of exploit kits, effective toolsets to take advantage of vulnerable software packages. When Adobe’s Flash and Microsoft’s Internet Explorer had significant market dominance these toolkits were far more common and used to gain access to victims’ machines.

Porsche South Africa Hit by Possible Ransomware Attack

On February 21, 2023, South African publication MyBroadband published an article noting that Porshe South Africa’s headquarters in Johannesburg had possibly suffered a ransomware attack.

VMWare ESXi Servers Targeted by Ransomware Gangs

Following several reports from security firms and cyber security publications it is apparent several ransomware gangs are actively exploiting a two-year-old vulnerability that allows for remote code execution on VMWare ESXi servers. One of the initial warnings was issued by the French Computer Emergency Response Team (CERT-FR) wh warned users of the above-mentioned servers that threat actors were abusing CVE-2021-21972.

Hive Ransomware Operations Thwarted by FBI and Europol

On January 26, 2023, the Federal Bureau of Investigation (FBI), along with the US Department of Justice and Europol, announced that a successful campaign to infiltrate Hive ransomwares infrastructure and disrupt operations had been carried out. Hive ransomware had developed a reputation for targeting hospitals, school districts, financial firms, and critical infrastructure and targeted more than 1,500 victims in over 80 countries around the world.

Alleged Stolen League of Legends Code Auctioned

Riot Games, the video game developer behind the ever-popular League of Legends, announced on January 20 that it had been hacked. Following the hack, the company has received a ransom demand to return source code stolen during the hack and has the allegedly stolen source placed on auction by the threat actors.

Ransomware Revenues are Down for 2022

In several previous articles we have covered how the work done by the firm Chainalysis has provided great insight into how ransomware developers and affiliates operate. We have seen how their work has contributed to arrests of ransomware operators. We have also seen how the information generated by the firm can lead to law enforcement placing pressure on ransomware gangs.

BianLian Ransomware Decryptor Released by Avast

On January 16, 2023, cybersecurity firm Avast announced that they had released a decryptor for the BianLian ransomware, not to be confused with the Android trojan of the same name. The decryptor can be used by the victims of the ransomware strain to recover encrypted files that can no longer be accessed by the user as they require an encryption key for access.

Scattered Spider Seen Using the Bring-Your-Own-Vulnerable-Driver Tactics

Many students or young adults will be familiar with the phrase Bring-Your-Own-Booze (BYOB) to denote that the person hosting the party is certainly not providing you drinks. There is something similar in the cyber security sector but it promises even less of a good time. The Bring-Your-Own-Vulnerable-Driver, referred to here on as just BYOVD, tactic allows the attacker to use legitimately signed, but vulnerable, drivers to perform malicious actions on systems.

Dark Web Drug Dealers Moving to Android Apps

The Dark Web is not only the stomping ground of hackers and ransomware operators but several other criminal activities including drug dealing. It was estimated by the United Nations that the Dark Web drug market is now over 315 million USD annually and in 2022 it was estimated that annual sales on this illicit drug market came in at over 470 million USD. To say that using the Dark Web to sell drugs is profitable might be an understatement.


Page 4 of 52

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal