The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. CLR is a key component of Microsoft’s .NET Framework, serving as the execution engine and runtime environment for .NET applications. ViperSoftX uses CLR to load code within AutoIt, a scripting language for automating Windows tasks that are typically trusted by security solutions. In addition, researchers...

Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. "This issue was resolved in updates released July 9, 2024 (KB5040442) and later," the company said in an update added to the Windows release health page on Tuesday. "We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one." The known issue...

Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. The novel use of the dataset was conducted by Recorded Future's Insikt Group, who shared a report explaining how they identified 3,324 unique accounts that accessed illegal portals known for distributing CSAM. By leveraging...

May 30, 2024   04:35 AM   0 An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. The action, which occurred between May 27 and 29, 2024, involved 16 location searches across Europe and led to the arrest of four individuals, one in Armenia and three in Ukraine. Additionally, the...

April 30, 2024   06:08 PM   0 Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. Latrodectus (aka Unidentified 111 and IceNova) is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team...

April 23, 2024   05:27 PM   0 A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Researchers believe that behind the campaign is CoralRaider, a financially motivated threat actor focused on stealing credentials, financial data, and social media accounts. The hackers deliver LummaC2, Rhadamanthys, and Cryptbot info...

April 22, 2024   11:05 AM   0 BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner. While most of the malware-associated activity was based around the Microsoft GitHub...

April 21, 2024   02:49 PM   0 You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. Since 2012, threat actors have been creating a variety of malware and ransomware that pretend to be government agencies warning infected Windows users that they were viewing CSAM. The malware tells victims they must pay a "penalty" to prevent their information from being sent to law enforcement. One...

April 10, 2024   12:12 PM   0 A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer. AI-based PowerShell deploys infostealer Researchers at cybersecurity company...

April 4, 2024   04:38 PM   0 A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. The malware was spotted by researchers at Proofpoint and Team Cymru, who worked together to document its capabilities, which are still unstable and experimental. IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan...

April 5, 2024   12:47 PM   0 Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. The malvertising campaigns are created by hijacked Facebook profiles that impersonate popular AI services, pretending to offer a sneak preview of new features. Users tricked by the ads become members of...

April 4, 2024   10:01 AM   0 Among the never-ending list of malicious software that threat actors use in cyber attacks are viruses, worms, trojans, ransomware, spyware, and adware. Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks.  A prime example is a recently found malicious...

March 31, 2024   10:35 AM   0 Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021. Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed...

March 30, 2024   11:56 AM   0 Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. Researchers at fraud detection company ThreatFabric first documented the malware in March 2021, and in late 2022, they observed it being distributed over Google Play through dropper apps. At the end of 2023, mobile security platform Zimperium included...

March 5, 2024   03:25 PM   0 A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. According to AhnLab Security Intelligence Center (ASEC) researchers, who named the malware from a string reading 'WingOfGod,' it has been active since at least late 2022, targeting Japan, Singapore, China, Hong Kong, and other Asian countries. The...