Hacks

Currently, the whole world is in lockdown due to the deadly COVID-19 pandemic, but, for the cybercriminals, this is the most luring opportunity. And as a result, recently, the cyber attackers have targeted all the co-operative banks in India. Researchers uncovered a new campaign in which the attackers have used the renewed wave of the “ Adwind Java RAT ” to initiate the attacks against the co-operative banks in India. Don’t know about the co-operative banks? The co-operative banks are small banks that are small in size, and they generally don’t have any large trained IT and cybersecurity team to handle such types of cyberattacks. Just like the other popular COVID-19 themed cyber-attacks, this Java RAT campaign also starts its operation with a spear-phishing email. But, here, the difference is that the phishing emails that the attacker send to its victims, claims to be from the Reserve Bank of India or any other large banking institution in the country. According to the Qu...

Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps. Researchers from Trend Micro observed a  new campaign  that leverages several popular messaging apps including Zoom. WebMonitor RAT Campaign In the new campaign, attackers repackaged the legitimate zoom installer with WebMonitor RAT. The infection starts with downloading the malicious file ZoomIntsaller.exe from malicious sources. While running the malicious file it drops a copy of itself named Zoom.exe and to execute the Zoom.exe it opens the process notepad.exe. Once executed it connects with the remote C2 server and executes following commands. Add, delete, and change files and registry information Close connections Get software and hardware information Get webcam drivers/snapshot Record audio and log keystrokes Start, suspend, and terminate processes and services Start/stop screen stream Start/stop Wire...

Researchers uncovered a new wave of an APT campaign that target the Indian financial institutions with the powerful Crimson RAT to compromise the network devices and exfiltrate the sensitive data. Crimson RAT was initially observed in 2016 that targeted the Indian diplomatic and military resources on behalf of APT attack, since then threat actors are continuously targeting the financial, healthcare, and space technology sectors. The recently observed campaign has specifically targeted the Indian Financial institutions with  spear-phishing  emails. Crimson RAT Infection Process  A Phishing email campaign contains a malicious attachment and the email send to a targeted organization in two different ways. A first method malformed Email campaign hit the target with a malicious link that pointed to PE (executable) file that contains two ZIP files with an embedded document. Once the payload executed by the victim, it automatically checks the OS version of the ...

Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a  golden opportunity for threat actors  to capitalize on fear, spread misinformation, and generate mass hysteria—all while compromising victims with scams or malware campaigns. Profiting from global health concerns,  natural disasters , and other extreme weather events is nothing new for cybercriminals. Scams related to SARS,  H1N1 (swine flu) , and avian flu have circulated online for more than a decade. According to  reports from ZDnet , many state-sponsored threat actors have already started to distribute coronavirus lures, including: Chinese APTs: Vicious Panda, Mustang Panda North Korean APTs: Kimsuky Russian APTs: Hades group (believed to have ties with APT28), TA542 ( Emotet ) Other APTs: Sweed (Lokibot) Recently, the Red Drip team  reported  that APT36 ...

Europol Today in a coordinated International law enforcement operation, announced to shut down the global organized cybercrime network behind Imminent Monitor RAT, yet another hacking tool that allows cybercriminals to gain complete control over a victim's computer remotely. The operation targeted both buyers and sellers of the IM-RAT (Imminent Monitor Remote Access Trojan), which was sold to more than 14,500 buyers and used against tens of thousands of victims across 124 countries. The infrastructure and front-end sale website of the Imminent Monitor has also been seized as part of this operation, making the Trojan unusable for those who already bought it, as well as unavailable for the new users Promoted as a legitimate remote administration framework, the hacking tool was widely used to unauthorisedly access targeted users' computers and steal their login credentials for online banking and other financial accounts. According to Europol's press release, auth...