Android banking Trojan Xenomorph has resurfaced in a new campaign targeting cryptocurrency wallets and various financial institutions. The malware has been actively targeting users in Europe and is now focused on institutions in the United States, Canada, Spain, Italy, Portugal and Belgium.
Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a .NET assembly.
The Snatch ransomware group is targeting a wide range of critical infrastructure sectors, including the defense industrial base, food and agriculture, and information technology sectors, according to a new alert issued by U.S. authorities. The group operates on a ransomware-as-a-service model.
Chinese-speaking hackers associated with criminal activity have redoubled efforts to target compatriots with malware to remotely control victim computers, pointing to a worrying surge in financially driven activity in the Sino cyber underworld, say researchers at Proofpoint.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
A cyberespionage campaign by a well-funded but lesser-known hacking group is using previously unknown backdoors to hack government agencies and tech companies. The group, dubbed Earth Estries by Trend Micro, appears well practiced in cA cyberespionage campaign by a well-funded but lesser-known hacking group is using...
Hackers are deploying a novel Android malware using an uncommon communication method to steal banking login data from compromised devices primarily in Southeast Asia. Users download the malware from phishing websites disguised as app stores that target Vietnamese and Thai speakers.
A backdoor Trojan known as SmokeLoader is deploying a customized Wi-Fi scanning executable to triangulate the location of infected Windows devices. The malware, dubbed "Whiffy Recon," uses nearby Wi-Fi access points as a data point for Google's geolocation API.
Chinese state hackers are targeting Taiwanese organizations, likely for espionage, in a difficult-to-detect campaign that relies on Windows utilities. Microsoft dubbed the threat actor Flax Typhoon in a Thursday blog post and said the hackers seek persistence, lateral movement and credential access.
The Cuba ransomware group is exploiting a bug in data backup software exposed in March, warn BlackBerry security researchers. The firm says the Cuba group in June attacked a critical infrastructure organization in the United States and an IT integrator in Latin America.
U.S. intelligence agencies are warning about unnamed foreign intelligence entities targeting the private space sector to steal sensitive data related to satellite payloads and disrupting and degrading U.S. satellite capabilities. They say space-related innovation is a valuable target.
Microsoft identified a new variant of BlackCat ransomware malware that uses an open-source communication framework tool to facilitate lateral movement. BlackCat, also known as Alphv, is a Russian-speaking criminal group suspected of being a successor to DarkSide and BlackMatter.
Researchers say a proxy service is routing internet traffic through unsuspecting users' systems that it turns into residential exit nodes, luring them into downloading the proxy application through offers of cracked software and games. Antivirus engines don't detect the application.
The Play ransomware group is targeting security managed service providers to gain initial access and using up to a half-decade-old vulnerabilities in security appliances, warn security researchers with Adlumin. The gang is also using intermittent encryption in a bid to avoid setting off defenses.
Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities to gain full access to data center systems.