Banks In Attackers' Crosshairs, Via Open Source Software Supply Chain
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and steal credentials.
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and steal credentials.
A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office
A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. [...]
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems. [...]
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor. [...]
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg
The cybercrime group has given its backdoor malware a facelift in an attempt to evade detection, making some bug fixes and setting itself up to deliver its latest crimeware toy, BlackCat.
Two separate threat actors are using poisoned USB drives to distribute malware in cyber-espionage campaigns targeting organizations across different sectors and geographies.
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version. [...]
An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews
Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web
The group utilize malware like GAMMASTEEL to rapidly exfiltrate files within 30-50 minutes
Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023, That's according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems