A Mexican hacker uses Android malware to attack global banks

An e-crime actor, known as Neo_Net, has been identified as the perpetrator of an Android mobile malware campaign targeting global financial institutions, with a specific focus on Spanish and Chilean banks. The campaign, which occurred between June 2021 and April 2023, resulted in the theft of over 350,000 EUR and the compromise of Personally Identifiable

Tagged under:

Diicot expands tactics with Cayosin Botnet, from crypto-jacking to DDoS attacks

Cybersecurity researchers have uncovered new information about the Romanian threat actor Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. Diicot, also known as Mexals, was initially discovered in July 2021 and was linked to a cryptojacking campaign. Recent analysis shows that Diicot is now using an off-the-shelf botnet agent called Cayosin, indicating its

Tagged under:

More than 1,000 fake cryptocurrency sites trap users in bogus reward schemes

A large-scale cryptocurrency scam has been uncovered, involving over 1,000 fraudulent websites that have deceived users since January 2021. Trend Micro researchers have linked this scam to a Russian-speaking threat actor called “Impulse Team.” The scam operates through an advanced fee fraud scheme, where victims are tricked into believing they have won cryptocurrency rewards but

Tagged under: ,

Cryptocurrency is stolen through a new malware campaign using Satacom Downloader

A recent malware campaign has been discovered that utilizes the Satacom downloader to distribute stealthy malware for cryptocurrency theft. The malware aims to steal BTC from victims’ accounts by injecting malicious code into targeted cryptocurrency websites. The campaign primarily targets users of popular cryptocurrency platforms such as Coinbase, Bybit, KuCoin, Huobi, and Binance, with a

Tagged under: ,

Millions of WordPress sites are affected by an urgent WordPress update that fixes a critical flaw in the Jetpack plugin

WordPress Releases Automatic Update to Fix Critical Jetpack Plugin Vulnerability WordPress has taken immediate action to address a critical flaw in the widely used Jetpack plugin, which is installed on over five million websites. The automatic update was prompted by the discovery of a vulnerability during an internal security audit. The flaw stems from an

Tagged under:

Stealthy Bandit Stealer: A New Malware Targeting Web Browsers and Cryptocurrency Wallets

A sophisticated and stealthy information-stealing malware called Bandit Stealer has recently emerged, posing a significant threat to web browsers and cryptocurrency wallets. Trend Micro, a leading cybersecurity company, highlighted the malware’s capability to potentially expand to other platforms due to its development using the Go programming language. Currently, Bandit Stealer primarily focuses on Windows systems,

Tagged under: ,

Critical OAuth Vulnerability in Expo Framework Raises Account Hijacking Concerns

A significant security vulnerability has been exposed in the Open Authorization (OAuth) implementation of Expo.io, a popular application development framework. Assigned the CVE identifier CVE-2023-28131, this vulnerability carries a high severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs has reported that the flaw leaves services utilizing the Expo framework

Tagged under:

Advanced Reconnaissance Malware strikes again by North Korean Kimsuky Hackers

Kimsuky, a North Korean advanced persistent threat (APT) group, has been using custom malware called RandomQuery as part of its reconnaissance and information exfiltration operation. The group’s ongoing targeted campaign, primarily geared towards information services and organizations supporting human rights activists and North Korean defectors, uses phishing emails that purport to be from a prominent

Tagged under:

The Python Package Index Repository is under attack: Registrations and uploads have been halted temporarily

Python Package Index (PyPI), the official repository for third-party software in the Python programming language, has temporarily disabled user sign-ups and the ability to upload new packages until further notice. The PyPI administrators made this decision due to a recent surge in malicious users and projects on the platform, which has overwhelmed their response capacity,

Tagged under: ,

There are 85% of ransom payments going to affiliates from Qilin Ransomware

New findings from Group-IB shed light on the payment structure within the Qilin ransomware-as-a-service (RaaS) scheme, revealing that ransomware affiliates receive a significant share of each ransom payment, ranging from 80% to 85%. Group-IB managed to infiltrate the group in March 2023, leading to insights into the payment structure and inner workings of the RaaS

Tagged under: