New attacks use Windows security bypass zero-day to drop malware
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...]
The Malware tag covers malware families, infrastructure analysis, incident impact, disruption efforts, and defensive guidance to reduce cybersecurity risk.
Search across headline titles and summaries.
Background for this topic.
Malware is software intentionally created or modified to perform unauthorized or harmful actions on a computer, device, or network. The term covers distinct families and functions, including viruses, worms, trojans, spyware, botnet clients, and ransomware; a single sample may combine several capabilities. Its behavior—not its label—determines the security concern: it may execute code, persist, alter or encrypt data, steal credentials, or provide unauthorized remote access.
For practitioners, malware reporting is most useful when it identifies the family or tool conservatively and provides evidence such as affected platforms, samples, infrastructure, or observed behavior. Defenses include promptly patching vulnerable software, restricting execution and privileges, monitoring endpoints and networks, maintaining tested backups, and isolating suspected systems for analysis. Detection should use behavior and verified indicators rather than names alone, since variants change. If malware processes personal or regulated data, investigations should also address privacy, evidence preservation, and applicable reporting obligations.
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...]
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. [...]
The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date
We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD.
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. [...]
A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims' bank accounts using malware called Zeus
And it's been sending out hundreds of thousands of malicious emails a day The Emotet malware-delivery botnet is back after a short hiatus, quickly ramping up the number of malicious emails it's sending and sporting additional capabilities, including changes to its binary and delivering a new version of the IcedID malware dropper.…
Access to digital certificates would allow the Chinese-speaking espionage group to sign its custom malware and skate by security scanners.
The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers. [...]
Info-stealing trojan is hidden in malicious PyPI packages on GitHub WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.…
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. [...]
Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service (DDoS) attacks against game servers
Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.
North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America. [...]
An in-depth analysis of system-destroying malware families presented at Black Hat Middle East & Africa shows a growing nuance in terms of how they're deployed.
Operation designed to spread malware and generate ad revenue
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.