Hackers deploying Telegram bot to steal troves of data from WooCommerce websites have been found. These malicious adversaries used credit card skimmers, leading to several cases of credit card theft reported on an eCommerce site. The first scenario is that a website owner received numerous complaints from customers who reported faulty transactions on their cards...Continue Reading
Italy and Spain were targeted by a new cyberattack campaign that utilises a new Android banking malware dubbed MaliBot. The new malware variant has been observed imitating cryptocurrency mining apps and the Chrome internet browser to target its victims. The studies conducted on the MaliBot banking malware show how the new variant could steal the...Continue Reading
A highly sophisticated Chinese threat gang called SeaFlower has been infecting iOS and Android users as part of its cybercriminal campaign that pretends to be an official cryptocurrency wallet website. The campaign is intended to spread backdoored applications that can potentially drain their target’s crypto funds. The chain of activity was said to be first...Continue Reading
A Chinese-speaking advanced persistent threat group called Gallium has been discovered utilising a newfound remote access trojan, PingPull malware, for its cyber-espionage campaigns. The group is known for attacking different industries in Europe, Africa, and Southeast Asia (SEA). The PingPull malware is a very challenging backdoor for researchers to detect since it uses the Internet...Continue Reading
A surge in the malicious activities of the Hello XD ransomware was recently identified, with new ransomware samples deployed to execute stronger encryption on the compromised networks. Experts explained that the ransomware variant has stemmed from the leaked source code of the Babuk ransomware. Based on its first observed activities last November, Hello XD had...Continue Reading
Researchers have monitored spam attacks spread by a new malware variant called SVCReady. The campaign has been operating since April, utilising an unorthodox malware delivery method via MS Word. According to the researchers, the operators behind it deployed numerous updates in May and noticed that the malware appears to be in the development stage and...Continue Reading
The Qbot hacking group and the Black Basta ransomware have joined forces to gain initial access to numerous targets such as corporate environments. Qbot is notorious for stealing banking credentials and Windows domain and launching additional payloads. Researchers have reported the ongoing partnership between the two groups after the traces of them were found present...Continue Reading
From the earlier reports about a newly discovered zero-day vulnerability affecting Windows OS, tracked Follina (CVE-2022-30190), security experts had been reporting to have seen threat operators abuse the flaw via phishing attacks to spread the Qbot malware. Included in the recent bug exploit was the TA413 threat group targeting the Tibetan diaspora. Furthermore, the TA570...Continue Reading
The operators of the Magniber have upgraded their ransomware with new capabilities. The ransomware operation of the group has not changed much, but researchers explained that it can now target Windows 11 operating system. This progress is a considerable upgrade for the Magniber operators as they can now exploit all systems on Windows, significantly increasing...Continue Reading
A coordinated DDoS or distributed denial-of-service attack had been recently detected, which experts attribute to the notorious ransomware gang dubbed REvil. Based on an intelligence team’s report, the recently detected DDoS attack had targeted Akamai Technologies’ customers, involving an HTTP GET request that demanded the victims a BTC payment for them to stop launching attacks....Continue Reading