North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

The Kimsuky/Hidden Cobra APT is going after the commercial sector, according to CISA. North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn. Author: Tara Seals. October 28, 2020 8:32 am.

IoT Device Takeovers Surge 100 Percent in 2020

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

InterPlanetary Storm Botnet Infects 13K Mac, Android Devices

InterPlanetary Storm Botnet Infects 13K Mac, Android Devices. In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.

Mobile Browser Bugs Open Safari, Opera Users to Malware

A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.

Malware Analysis 101 — Emotet MalDoc a behavioral approach

This article is a part of a miniseries of two articles that I will demonstrate how I (dirty) went from the malicious down-loader to the unpacked version, of an Emotet botnet sample that fell in my hands, by pure luck.

HEH P2P Botnet Sports Dangerous Wiper Function

The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.

Software AG Data Released After Clop Ransomware Strike

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

Black-T Malware Emerges From Cryptojacker Group TeamTNT

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.

Android Spyware Variant Snoops on WhatsApp, Telegram Messages

The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims

RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims. Collectively, 240 fraudulent Android apps — masquerading as retro game emulators — account for 14 million installs. ... Most were simple retro games like Nintendo NES emulators, and used “packer” software to bypass protections.

How to Avoid Spyware

Spyware is a type of software that gets installed sneakily on a computer and sends information to its creator, as the name suggests, it serves as a spy. That information can be anything from your browsing history to system details and even login information with a password. That’s why Spyware is really dangerous and should be avoided, especially if you use your computer to buy stuff online.

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia.

QR Codes: A Sneaky Security Threat

What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.Add a contact listing: Hackers can add a new contact listing on the user's phone and use it to launch a spear phishing or other personalized attack. Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.

Malware Families Turn to Legit Pastebin-Like Service

Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions. Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint.

Spammers Smuggle LokiBot Via URL Obfuscation Tactic

Spammers have started using a tricky URL obfuscation technique that sidesteps detection – and ultimately infects victims with the LokiBot trojan. The tactic was uncovered in recent spear-phishing emails with PowerPoint attachments, which contain a malicious macro.

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack. The Magecart spinoff group targeted the wireless service provider in an odd choice of victim. Boom! Mobile's U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said.

LatAm Banking Trojans Collaborate in Never-Before-Seen Effort

Virus Bulletin 2020 — A loose affiliation of cybercriminals are working together to author and distribute multiple families of banking trojans in Latin America – a collaborative effort that researchers say is highly unusual.