The Retefe banking Trojan has returned, targeting German and Swiss victims again. The malicious software is propagated through an abused shareware document converter. On the macOS, the crooks are deploying a fake Adobe Cloud installer, signed by the developer. Following a year of inactivity, the Retefe banking...
Three fake Firefox extensions have found their way into the Mozilla store. The add-ons are malicious data loggers that capture keyboard input and send it to the C&C server. The extensions are still available, highlighting the ineffectiveness of Mozilla’s checking process. According to ghacks.net, there’s a new wave...
Proofpoint says BrushaLoader is still used by malicious actors, one year after its release. The particular loader is good at bringing in a wide range of payloads in multi-staged phases. The group that uses BrushaLoader the most is TA544, but there are many others as well. Proofpoint...
A new batch of malicious apps is discovered, and it has already been ousted from the Play Store. More than three million people downloaded the adware apps in total, so some are still running them. The apps come with heavy obfuscation and detection evasion techniques, especially...
Multiple Android app developers were tricked into using a malicious ad-serving SDK. The malware communicates with a C2 server and gets commands on what action to follow. The possible actions include opening a browser ad, visiting the play store, or downloading an app. The “Mobile Threat Team”...
The Buckeye hackers were using Equation Group tools before the Shadow Brokers leak. The cyber-criminals were targeting organizations from around the globe at least a year prior to the disclosure. Someone continues to use and develop their tools to this day, but Buckeye disappeared in mid-2017. An...
Hackers try to trick iPhone users through a jailbreak promise, installing a fake profile on their devices. Instead of a jailbreak, the victims help the actors make money via a click fraud campaign. Already, there are thousands of victims spread across the globe, with most of...
The Retadup crypto miner-dropping worm has been stopped after Avast replaced its C&C. The security company worked together with the FBI and the French police to stop the worm. The authorities know who the actor is, as he has been bragging about Retadup on social media. Retadup...
Malwarebytes reports an astonishing increase in the number of Web skimming attacks in July, with this trend likely to continue to rise. Web skimming is oriented toward stealing your personal and payment information by infecting websites, primarily related to e-commerce. Be safe when shopping online, use a trustworthy...
The Dutch Police took down Mirai network operator and hosting provider in Amsterdam. The network was targeting a million devices per month, so expect a notable decline from now on. The Police seized five command and control servers and arrested two young men. According to a report...