Police seize over 100 malware loader servers, arrest four cybercriminals
    May 30, 2024   04:35 AM   0 An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. The action, which occurred between May 27 and 29, 2024, involved 16 location searches across Europe and led to the arrest of four individuals, one in Armenia and three in Ukraine. Additionally, the...
    By AFFA 2024-05-30 18:38:54 0 51
    New Latrodectus malware attacks use Microsoft, Cloudflare themes
    April 30, 2024   06:08 PM   0 Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. Latrodectus (aka Unidentified 111 and IceNova) is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team...
    By AFFA 2024-05-01 15:32:49 0 187
    CoralRaider attacks use CDN cache to push info-stealer malware
    April 23, 2024   05:27 PM   0 A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Researchers believe that behind the campaign is CoralRaider, a financially motivated threat actor focused on stealing credentials, financial data, and social media accounts. The hackers deliver LummaC2, Rhadamanthys, and Cryptbot info...
    By AFFA 2024-04-24 17:46:32 0 102
    GitLab affected by GitHub-style CDN flaw allowing malware hosting
    April 22, 2024   11:05 AM   0 BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner. While most of the malware-associated activity was based around the Microsoft GitHub...
    By AFFA 2024-04-22 15:48:06 0 78
    Malware dev lures child exploiters into honeytrap to extort them
    April 21, 2024   02:49 PM   0 You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. Since 2012, threat actors have been creating a variety of malware and ransomware that pretend to be government agencies warning infected Windows users that they were viewing CSAM. The malware tells victims they must pay a "penalty" to prevent their information from being sent to law enforcement. One...
    By AFFA 2024-04-21 19:28:48 0 129
    Malicious PowerShell script pushing malware looks AI-written
    April 10, 2024   12:12 PM   0 A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot. The adversary used the script in an email campaign in March that targeted tens of organizations in Germany to deliver the Rhadamanthys information stealer. AI-based PowerShell deploys infostealer Researchers at cybersecurity company...
    By AFFA 2024-04-11 15:54:30 0 108
    New Latrodectus malware replaces IcedID in network breaches
    April 4, 2024   04:38 PM   0 A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. The malware was spotted by researchers at Proofpoint and Team Cymru, who worked together to document its capabilities, which are still unstable and experimental. IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan...
    By AFFA 2024-04-05 18:42:50 0 104
    Fake Facebook MidJourney AI page promoted malware to 1.2 million people
    April 5, 2024   12:47 PM   0 Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. The malvertising campaigns are created by hijacked Facebook profiles that impersonate popular AI services, pretending to offer a sneak preview of new features. Users tricked by the ads become members of...
    By AFFA 2024-04-05 18:38:18 0 168
    The Biggest Takeaways from Recent Malware Attacks
    April 4, 2024   10:01 AM   0 Among the never-ending list of malicious software that threat actors use in cyber attacks are viruses, worms, trojans, ransomware, spyware, and adware. Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks.  A prime example is a recently found malicious...
    By AFFA 2024-04-04 16:07:06 0 97
    DinodasRAT malware targets Linux servers in espionage campaign
    March 31, 2024   10:35 AM   0 Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. The Linux variant of the malware has not been described publicly, although the first version has been tracked to 2021. Cybersecurity company ESET has previously seen DinodasRAT compromising Windows systems in an espionage campaign dubbed...
    By AFFA 2024-03-31 15:01:03 0 123
    Vultur banking malware for Android poses as McAfee Security app
    March 30, 2024   11:56 AM   0 Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. Researchers at fraud detection company ThreatFabric first documented the malware in March 2021, and in late 2022, they observed it being distributed over Google Play through dropper apps. At the end of 2023, mobile security platform Zimperium included...
    By AFFA 2024-03-30 17:18:57 0 115
    New WogRAT malware abuses online notepad service to store malware
    March 5, 2024   03:25 PM   0 A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. According to AhnLab Security Intelligence Center (ASEC) researchers, who named the malware from a string reading 'WingOfGod,' it has been active since at least late 2022, targeting Japan, Singapore, China, Hong Kong, and other Asian countries. The...
    By AFFA 2024-03-07 16:23:56 0 150
    Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
    February 15, 2024   06:05 PM   1 Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. Penchukov (also known as 'tank' and 'father') was arrested in Switzerland in October 2022 while traveling to meet his wife in Geneva and extradited to the United States in 2023. The U.S. Department of...
    By AFFA 2024-02-16 18:46:02 0 256
    New Qbot malware variant uses fake Adobe installer popup for evasion
    February 15, 2024   08:27 AM   0 The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. One of the variants observed uses on Windows a fake installer for an Adobe product to trick the user into deploying the malware. Also named QBot, the malware has served for many years as a loader for various malicious...
    By AFFA 2024-02-15 18:14:28 0 194
    FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
    January 16, 2024   12:34 PM   0 CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. This botnet was first spotted by Lacework Labs in 2022 and was controlling over 40,000 devices almost one year ago, according to Fortiguard Labs data. It scans for websites and servers vulnerable to...
    By AFFA 2024-01-17 18:43:27 0 343
More Articles
Read More
Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
May 16, 2024   10:25 AM   0 ​Microsoft has acknowledged a new...
By AFFA 2024-05-16 19:10:05 0 78
Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack
April 3, 2024   08:21 PM   0 The U.S. Department of Homeland...
By AFFA 2024-04-04 16:09:08 0 112
Hacker claims Giant Tiger data breach, leaks 2.8M records online
April 13, 2024   10:00 AM   0 Canadian retail chain Giant Tiger...
By AFFA 2024-04-13 15:31:10 0 100
The Biggest Takeaways from Recent Malware Attacks
April 4, 2024   10:01 AM   0 Among the never-ending list of...
By AFFA 2024-04-04 16:07:06 0 97
KuCoin charged with AML violations that let cybercriminals launder billions
March 27, 2024   10:08 AM   2 The U.S. Department of Justice (DoJ)...
By AFFA 2024-03-28 15:44:44 0 112