Tag: Spyware

Decoy Dog Malware Uncovered: Next-Gen Spyware

Sometimes cyber criminals make non-obvious decisions in malware they use

A group of hackers, presumably state-sponsored, is actively developing and beginning to use a sophisticated Decoy Dog toolkit. It has likely been used for over a year in cyber intelligence operations. It utilizes the Domain Name System (DNS) to manage and control a narrowly focused and minimal number of active clients. What is Decoy Dog… Continue reading Decoy Dog Malware Uncovered: Next-Gen Spyware

Trojanized TeamViewer Installer Spreads njRAT

Hackers exploit third-party software sources to distribure a dangerous remote-access trojan

Threat actors reportedly started using fake TeamViewer to distribute malware. Their particular favourite for the final payload is the infamous njRAT trojan – an old-timer of the scene. Through the tricky spreading scheme, hackers run a multi-stage attack. njRAT Hides in Trojanized TeamViewer App For some reason, people show high levels of trust towards downloading… Continue reading Trojanized TeamViewer Installer Spreads njRAT

PlugX malware attacks European diplomats

European diplomats are being targeted by a new type of malware called PlugX.

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign… Continue reading PlugX malware attacks European diplomats

Ducktail Infostealer Malware Targeting Facebook Business Accounts

If you use Facebook Business, you should be more cautious about Ducktail malware.

Researchers discovered Ducktail Malware, which targets individuals and organizations on the Facebook Business/Ads platform. The malware steals browser cookies and uses authenticated Facebook sessions to access the victim’s account. As a result, the scammers gain access to Facebook Business through the victim’s account, which has sufficient access to do so. It is a particularly interesting… Continue reading Ducktail Infostealer Malware Targeting Facebook Business Accounts

RedLine Stealer Issues 100,000 Samples – What is Happening?

There could be quite a lot of applications for 100,000 samples of malware

Throughout the entire early May 2023, GridinSoft analysts team observed an anomalous activity of RedLine stealer. It is, actually, an activity different from what we used to know. Over 100,000 samples of this malware appeared through the first 12 days of the month – that is too much even for more massive threats. Needless to… Continue reading RedLine Stealer Issues 100,000 Samples – What is Happening?

The FBI Disrupted the Cyberspyware “Snake” that the Russian FSB Used for 20 Years

The US Federal Bureau of Investigation on Tuesday reported the disruption of a massive spying program by the Russian Federal Security Service (FSB) using cyberspyware codenamed “Snake”. This is stated in a press release from the US Department of Justice. Let me remind you that we also talked about the fact that Europe’s largest private… Continue reading The FBI Disrupted the Cyberspyware “Snake” that the Russian FSB Used for 20 Years

LOBSHOT malware steals cryptowallets, exploits Google Ads

Hidden VNC function may be useful for money stealing without triggering alarms

LOBSHOT, a recently-detected malware family, appears to be a new strong player in the malware market. Carrying a combination of backdoor and spyware functionality, it uses novice spreading ways that make it more effective. Its ability to provide Hidden VNC connections may be a go-to point for numerous cybercriminals. Let’s analyse this malware and see,… Continue reading LOBSHOT malware steals cryptowallets, exploits Google Ads

Genesis Market Seized by FBI

Federal Bureau of Investigations managed to shut down several resources related to Genesis Market

Genesis Market, a Darknet marketplace for stolen information, was reportedly seized by the FBI on Tuesday, April 4, 2023. The operation was likely preceded by the detainment of the market’s significant actors. The overall operation is called “Cookie Monster”. What is Genesis Market? Genesis is a Darknet marketplace that has been active since 2018. Aside… Continue reading Genesis Market Seized by FBI

3CX Phone System is Struck With Chain Supply Attack

Over 12 million people around the world are targeted with 3CX attack

3CX Phone System, a desktop app for business phone communication, fell victim to a supply chain attack. Recent updates deliver a forged version of the application that makes it possible to install stealer malware. The actual payload is getting delivered in a 3-stage manner, which makes it harder to track. What is the 3CX Phone… Continue reading 3CX Phone System is Struck With Chain Supply Attack

Qakbot Malware Applies New Distribution Methods

Qakbot malware exploits new spreading ways following recent changes in macros execution policies

Today there is an arms race between cybercriminals and antimalware manufacturers. While some release a fix for an existing threat, others must develop new loopholes. Recently, cybersecurity experts noticed that many malware families were using OneNote attachments to infect their victims. Since OneNote is considered a robust application that Microsoft has developed for easy note-taking,… Continue reading Qakbot Malware Applies New Distribution Methods