Hacks

TrickBot is one of the top  modular banking malware  that primarily targets financial information of users’ and also it acts as a dropper for other malware. The malware was first spotted in 2016 and it was mostly distributed via malvertising campaign, it evolves from a small banking trojan to an Access-as-a-Service model. Trickbot New Malware Campaign Unit 42 security researchers observed a new distribution campaign that delivered through phishing emails that has the subject lines as payroll or annual bonuses. The campaign includes embedded links points to the legitimate Google Docs document which contains links to download the malicious file from Google drive. For further obfuscation email delivered through SendGrid. According to Unit 42  research , “the email appeared to be originated from individuals at .edu email addresses and then attackers used SendGrid’s EDS to distribute the malware.” The email contains the attractive text and links, once the user...

Researchers discovered a new malicious activity that involved by Russian APT hackers to attack Government and Military officials in Ukrainian entities. The attacker’s targets are not limited but they also infect various individuals who is part of the government and Law enforcement, Journalists, Diplomats, NGO and the Ministry of Foreign Affairs. Researchers believe that the campaign attributed to Gamaredon activity in which attackers using Dynamic Domain Name Server as C2 server, VBA macro, and VBA script as a part of this attack. Threat actors using weaponized DOCX files during the intelligence collection in the target and its distributed via spearphishing emails. Gamaredon is using weaponized documents, sometimes retrieved from legitimate sources as the initial infection vector. Researchers observed the malicious sample that reveals the APT activity from at least September 2019 to November 25, 2019. Malware infection Process Researchers observed some of the lure do...

Researchers discovered a new Trojan family called “Venus” resides in the Google play store infected at least 285,000 Android users around the world. There are 8 apps involved with the malicious activities in Android user’s device and it is mainly targeting the carrier billing and advertising area. 8 Malicious apps list Threat actors developed these apps to interact with Ads and subscribe the user to premium services without any sort of notification, and it also bypasses the Google Play protect and malware detection system. There are several countries were targeted by this malware campaign including Belgium, France, Germany, Guinea, Morocco, Netherlands, Poland, Portugal, Senegal, Spain, and Tunisia. Malware Infection Process via Malicious App Researchers observed that most of the data consumed by an application called “Quick scanner” which is protected by a library that encrypts and hides files.  According to Evina  research , “The ap...

Microsoft issued a warning about the new threat groups called GALLIUM that attack Telecommunication providers by exploiting the internet-facing services vulnerabilities in WildFly/JBoss. Initially, Threat actors using publicly available exploits to attack the internet-facing services to gain persistence in the target network, later it using the common tools and techniques to steal the network credentials to move further deep into the network. GALLIUM threat group activities observed between 2018 to mid-2019, and their activities are still being observed in wide, but activity levels have dropped when compared to the previous attacks. GALLIUM groups are widely known as using publicly available tools, and malware with the small modification to attack the target, and they are not attempting to obfuscate their malware or tools. Tools and Malware used by GALLIUM Microsoft observed the following tools and malware are mainly used by the GALLIUM threat group. Tool Purpose HTRA...

Attention WordPress users! Your website could easily get hacked if you are using " Ultimate Addons for Beaver Builder ," or " Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password. What's more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access. Both vulnerable plugins, made by software development company Brainstorm Force, are currently powering over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks, helping website admins and designe...

Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world's second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider. According to  multiple   reports  from local media and social media, the police conducted searches and has also detained several employees of the company, including  Igor Sysoev , the original developer of Nginx and  Maxim Konovalov , another co-founder of the company. Over 30% of the websites on the Internet today, including many of the world's most popular sites like Netflix and Twitch, run on the Nginx server. Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been  acquired by F5 Networks , an American technology company, for $ 670 million. According to a copy of the complaint shared on Twitter, Ra...