news

Emotet Returns With Old Tricks, Malware Partners

A malspam campaign involving Emotet saw a resurgence after five months of laying low, Malwarebytes detected on Friday, July 17. This operation used the well-known method of sending attack emails as a reply within an existing email thread. From there, the emails invited the recipient to open an attachment. Named “Form – Jul 17, 2020.doc,” the attachment opened a Microsoft Word document that informed the user of the need to enable...

news

Conti Ransomware Identified as Ryuk’s Potential Successor

According to Bleeping Computer, Advanced Intel’s Vitali Kremez analyzed Conti and found ransomware based off the code for Ryuk, another crypto-malware family. He also discovered that Conti was using the same ransom note template that early versions of Ryuk employed in their attack campaigns. Finally, Kremez revealed that Conti appeared to be using the same TrickBot infrastructure as Ryuk for its ransomware attack campaigns. The...

news

Fake DNS Security Upgrade Scam Compromises WordPress Websites

In late June, Naked Security received a scam email that pretended to originate from WordPress.com. It leveraged this cover to inform the recipient that their website was eligible to receive security upgrades under the Domain Name System Security Extensions (DNSSEC). The message provided a short overview of DNSSEC and how it factored into the growth of the internet over time. When the recipient clicked on the email’s embedded link,...

news

Ransomware News Roundup: Maze Gang Forms Extortion Cartel

In early June 2020, the Maze gang teamed up with other crypto-malware actors to extort non-paying victims using its shared data leaks platform. Maze wasn’t the only strain that made news. Those behind the REvil family also attracted the security community’s attention when it began auctioning off data stolen by their creation. Additionally, security researchers discovered two new crypto-malware groups: Kupidon and Avaddon. Top...

news

Trickbot Using BazarBackdoor to Gain Full Access to Targeted Networks

Security researchers observed the Trickbot operators using a new backdoor called “BazarBackdoor” to gain full access to targeted networks. Panda Security explained that Trickbot’s attempts to deliver BazarBackdoor began with a spear phishing campaign. That operation’s attack emails leveraged employee termination notices, customer complaints and other themes to trick recipients into clicking on a link for a file hosted on Google...

news

Weekly Security News Roundup: Average Ransomware Demand Grew 14 Times in One Year

Last week in security news, researchers revealed that the average ransomware demand grew 14 times over a one-year period from 2018 to 2019. Ransomware wasn’t the only malware category that made headlines this past week. A strain of Android malware caught researchers’ attention by limiting its malicious activity to a single capability. Yet another threat received some attention for its growing interest in creating backdoor...

news

Discord Client Modified to Steal Users’ Plaintext Passwords

Security researchers observed the “AnarchyGrabber3” malware modifying the Discord client to steal its victims’ plaintext passwords. As reported by Bleeping Computer, a threat actor released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This Trojan variant modified a Discord client’s %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation so it could...

news

Magento Plugin Flaw Leaves Online Shoppers Open to E-Skimming Attacks

A Magento plugin vulnerability that dates back at least three years could allow e-skimming attacks on unsuspecting online shoppers, the FBI warns. In an alert sent out earlier this month, the FBI said hackers are using the exploit to take over e-commerce stores powered by Magento software and steal payment card data from customers. The attacks work by embedding malware into Magento Mass Import, also known as MAGMI. The cross-site...

news

Mandrake Espionage Platform Selects Android Devices for Exploitation

Security researchers observed the newly documented Mandrake espionage platform carefully selecting Android devices for further exploitation. Bitdefender discovered Mandrake in early 2020 while the espionage platform was in the process of conducting phishing attacks against cryptocurrency wallet applications, mobile banking programs and other financial software on Android devices. The security firm subsequently analyzed the threat and...