ViperSoftX malware covertly runs PowerShell using AutoIT scripting
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.
CLR is a key component of Microsoft’s .NET Framework, serving as the execution engine and runtime environment for .NET applications.
ViperSoftX uses CLR to load code within AutoIt, a scripting language for automating Windows tasks that are typically trusted by security solutions.
In addition, researchers...
Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes
Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update.
"This issue was resolved in updates released July 9, 2024 (KB5040442) and later," the company said in an update added to the Windows release health page on Tuesday.
"We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one."
The known issue...
Infostealer malware logs used to identify child abuse website members
Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations.
The novel use of the dataset was conducted by Recorded Future's Insikt Group, who shared a report explaining how they identified 3,324 unique accounts that accessed illegal portals known for distributing CSAM.
By leveraging...
Police seize over 100 malware loader servers, arrest four cybercriminals
May 30, 2024
04:35 AM
0
An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
The action, which occurred between May 27 and 29, 2024, involved 16 location searches across Europe and led to the arrest of four individuals, one in Armenia and three in Ukraine.
Additionally, the...
New Latrodectus malware attacks use Microsoft, Cloudflare themes
April 30, 2024
06:08 PM
0
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
Latrodectus (aka Unidentified 111 and IceNova) is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team...
CoralRaider attacks use CDN cache to push info-stealer malware
April 23, 2024
05:27 PM
0
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
Researchers believe that behind the campaign is CoralRaider, a financially motivated threat actor focused on stealing credentials, financial data, and social media accounts.
The hackers deliver LummaC2, Rhadamanthys, and Cryptbot info...
GitLab affected by GitHub-style CDN flaw allowing malware hosting
April 22, 2024
11:05 AM
0
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.
It now turns out, GitLab is also affected by this issue and could be abused in a similar manner.
While most of the malware-associated activity was based around the Microsoft GitHub...
Malware dev lures child exploiters into honeytrap to extort them
April 21, 2024
02:49 PM
0
You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims.
Since 2012, threat actors have been creating a variety of malware and ransomware that pretend to be government agencies warning infected Windows users that they were viewing CSAM. The malware tells victims they must pay a "penalty" to prevent their information from being sent to law enforcement.
One...
Malicious PowerShell script pushing malware looks AI-written
April 10, 2024
12:12 PM
0
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer.
AI-based PowerShell deploys infostealer
Researchers at cybersecurity company...
New Latrodectus malware replaces IcedID in network breaches
April 4, 2024
04:38 PM
0
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.
The malware was spotted by researchers at Proofpoint and Team Cymru, who worked together to document its capabilities, which are still unstable and experimental.
IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan...
Fake Facebook MidJourney AI page promoted malware to 1.2 million people
April 5, 2024
12:47 PM
0
Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.
The malvertising campaigns are created by hijacked Facebook profiles that impersonate popular AI services, pretending to offer a sneak preview of new features.
Users tricked by the ads become members of...
The Biggest Takeaways from Recent Malware Attacks
April 4, 2024
10:01 AM
0
Among the never-ending list of malicious software that threat actors use in cyber attacks are viruses, worms, trojans, ransomware, spyware, and adware. Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks.
A prime example is a recently found malicious...
DinodasRAT malware targets Linux servers in espionage campaign
March 31, 2024
10:35 AM
0
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022.
The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021.
Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed...
Vultur banking malware for Android poses as McAfee Security app
March 30, 2024
11:56 AM
0
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism.
Researchers at fraud detection company ThreatFabric first documented the malware in March 2021, and in late 2022, they observed it being distributed over Google Play through dropper apps.
At the end of 2023, mobile security platform Zimperium included...
New WogRAT malware abuses online notepad service to store malware
March 5, 2024
03:25 PM
0
A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code.
According to AhnLab Security Intelligence Center (ASEC) researchers, who named the malware from a string reading 'WingOfGod,' it has been active since at least late 2022, targeting Japan, Singapore, China, Hong Kong, and other Asian countries.
The...
More Articles
Read More
Interpol operation Synergia takes down 1,300 servers used for cybercrime
February 2, 2024
07:56 AM
0
An international law enforcement...
HP Smart is auto installing on Windows 11 and Windows 10 on non HP-machines
HP Smart is auto installing on Windows 11 and Windows 10 on non HP-machines
By...
Owner of Incognito dark web drugs market arrested in New York
May 20, 2024
03:36 PM
0
The owner and operator of Incognito...
Microsoft shares temp fix for Outlook encrypted email reply issues
May 16, 2024
01:28 PM
0
​Microsoft has shared a temporary fix...
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
January 17, 2024
10:32 AM
0
A new vulnerability dubbed...