Financial Malware

Financial Malware Page 1

WebLogic Server Flaws Vulnerability Targeted Kinsing Malware

WebLogic server flaws targeted by the Kinsing malware operators

Kinsing malware operators are exploiting the security vulnerabilities in the WebLogic Server to expand their attack scope and rapidly multiply their crypto miners. According to researchers, the Kinsing operators are extremely financially motivated in each attack. They were recently seen abusing a particular flaw to deploy Python scripts to deactivate several OS service agents and...
Continue Reading
US School Districts Threat Warning Vice Society Ransomware

US school districts warned about Vice Society ransomware attacks

In a joint advisory from the FBI, CISA, and MS-ISAC, school districts in the US are warned about the increase in the observed cyberattacks conducted by the Vice Society ransomware gang. As the new school year is coming closer, federal law authorities expect these ransomware attacks to propagate more. Network defenders were also provided with...
Continue Reading
James Webb Telescope Vector Malware Propagation

James Webb telescope becomes a vector for malware propagation

The James Webb telescope becomes the newest vector for another malware campaign, dubbed GO#WEBBFUSCATOR, wherein its operators spread malware through phishing emails, malicious files, and space images captured by the world-renowned optical telescope. Based on the investigations, the malware is a Golang-based payload that can affect cross-platform of multiple operating systems and could effectively evade...
Continue Reading
Quantum Ransomware Campaign Dominican Republic

Quantum ransomware campaign hits the Dominican Republic

The Ministry of Agriculture in the Dominican Republic has suffered from a Quantum ransomware campaign that encrypted several workstations and services. This attack has caused significant disruptions throughout the government agency. The Ministry of Agriculture, called The Instituto Agrario Dominicano (IAD), oversees Agrarian Reform programs in the Dominican Republic. Based on reports, the ransomware attack...
Continue Reading
Wiper Malware Variants Nations Geopolitical

Different wiper malware variants deployed against other nations

The geopolitical conflict between Ukraine and Russia has caused the emergence of different wiper malware variants that caused havoc in other countries. Cybersecurity researchers noticed that although some variants did not originate from Russia, they still align with the country’s interests. Several malware strains are utilised to lay waste in Ukraine and compromise entities worldwide....
Continue Reading
Malware Infected SEO Poisoning Malvertising Piracy Cracked Software RedLine Stealer InfoStealer

Malware-infected software spread online via SEO poisoning tactics

Numerous malware-infected software is being promoted on search engines as threat actors take advantage of people searching for copies of pirated computer applications and software online. These campaigns have been going on and disrupted by cybersecurity authorities ever since, although some continue to operate to victimise people. In usual scenarios, the threat actors in these...
Continue Reading
BlackByte Ransomware Extortion Scheme

BlackByte ransomware employs new extortion strategies

The BlackByte ransomware introduced a new upgrade for their cybercriminal activity after researchers spotted an unknown sample from them. In this report, the BlackByte operators used a new extortion tactic adopted from LockBit. After a quick hiatus, the BlackByte ransomware operation is endorsing their new data leak website on several hacking forums, and through social...
Continue Reading
Clop Ransomware Gang Extortion Cyberattack

The Clop gang mistakenly extorted another company in an attack

The South Staffordshire Water company that supplies over 300 million litres of drinking water to 1.6 million consumers daily has confirmed that the Clop ransomware gang has disrupted their IT systems. Fortunately, the company’s safety and water distribution systems are still ongoing. South Staffordshire Water assured that all their service teams operate like a standard...
Continue Reading
Threat Actors Exploit Vulnerabilities Spread SmokeLoader Malware

Threat actors exploit old vulnerabilities to spread SmokeLoader

Several malicious threat actors have been spreading SmokeLoader by exploiting previously known vulnerabilities, including two known flaws CVE-2017-11882 and CVE-2017-0199. Reports stated that researchers had fixed these vulnerabilities, but some threat actors still manage to find a method to abuse it for attacks, especially malware delivery. Several researchers said SmokeLoader was available on the underground...
Continue Reading

Clipper malware used by threat actors to swap IBAN accounts

Malicious threat actors are conducting a fraud campaign that takes advantage of the complex structure of the International Bank Account Number (IBAN) numbering system. Reports reveal that the hackers use IBAN clipper malware to substitute legitimate IBAN accounts with attacker-controlled ones. A couple of months ago, a researcher monitored a group of threat actors on...
Continue Reading
1 2 3 50