HackDig : Dig high-quality web security articles for hackers

Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers

By Raphael Centeno and Llallum Victoria With additional insights from Bren Matthew Ebriega Cybercriminals are taking advantage of “the new normal” — involving employees’ remote working conditions and the popularity of user-friendly online tools — by abusing and spoofing popular legitimate applications to infect systems with malicious routines. We found two m
Publish At:2020-05-24 07:47 | Read:122 | Comments:0 | Tags:Bad Sites Botnets Malware application backdoor botnet Devil

Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems

By Jindrich Karasek (Threat Researcher) As we’ve observed with cybercriminal groups that aim to maximize profits for every campaign, silence doesn’t necessarily mean inactivity. It appears hacking group Outlaw, which has been silent for the past few months, was simply developing their toolkit for illicit income sources. While they have been quiet since our J
Publish At:2020-02-10 17:25 | Read:613 | Comments:0 | Tags:Bad Sites Exploits Malware Targeted Attacks Vulnerabilities

(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing

By Arianne Dela Cruz, Jay Nebre and Augusto Remillano II As the value of cryptocurrencies increased (after a short dip in 2018), we observed increased activity from cryptocurrency mining malware this year, particularly infections and routines involving Monero miners. Over a span of a few months, we came across an infection routine that exploited vulnerabilit
Publish At:2019-12-12 14:35 | Read:1112 | Comments:0 | Tags:Bad Sites Malware cryptocurrency cryptominer Monero process

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download the malicious
Publish At:2019-12-02 14:35 | Read:1250 | Comments:0 | Tags:Bad Sites Mobile android APK cyberespionage spyware

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a
Publish At:2019-11-30 07:35 | Read:909 | Comments:0 | Tags:Bad Sites Exploits Internet of Things Malware Open source Sp

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market.
Publish At:2019-10-09 22:00 | Read:1003 | Comments:0 | Tags:Bad Sites Malware credit card ecommerce FIN6 Magecart Skimme

New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign

By Jaromir Horejsi and Joseph C. Chen (Threat Researchers) We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequen
Publish At:2019-10-01 08:20 | Read:2217 | Comments:0 | Tags:Bad Sites Botnets Malware botnet KovCoreG malvertising Nodst

‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

By Johnlery Triunfante and Earle Earnshaw (Threat Analysts) Exploit kits may no longer be as prolific as it was back when their activities were detected in the millions, but their recurring activities in the first half of 2019 indicate that they won’t be going away any time soon. The Rig exploit kit, for instance, is known for delivering various payloads — s
Publish At:2019-09-19 14:50 | Read:1923 | Comments:0 | Tags:Bad Sites Exploits Malware Vulnerabilities fileless malware

When PSD2 Opens More Doors: The Risks of Open Banking

By Feike Hacquebord, Robert McArdle, Fernando Mercês, and David Sancho As more industries adapt to cater to the increasingly mobile market, the financial industry is the latest to experience a shake-up. The Revised Payment Service Directive (PSD2) – also known as Open Banking – is a new set of rules for the European Union (EU) that’s expected to affect
Publish At:2019-09-19 14:50 | Read:940 | Comments:0 | Tags:Bad Sites Internet of Things Malware Mobile Ransomware Vulne

ChessMaster’s New Strategy: Evolving Tools and Tactics

by MingYen Hsieh, CH Lei, and Kawabata Kohei A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware such as ChChes and remote access trojans like RedLeaves and PlugX to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with nota
Publish At:2017-11-06 17:10 | Read:5236 | Comments:0 | Tags:Bad Sites Targeted Attacks ChessMaster

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:6343 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware

A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A and TROJ.Win32.TRX.XXPE002FF019), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware paylo
Publish At:2017-10-21 18:05 | Read:5490 | Comments:0 | Tags:Bad Sites Exploits Ransomware CERBER CVE-2016-0189 Locky Ran

Business Process Compromise and the Underground’s Economy of Coupon Fraud

by Vladimir Kropotov and Fyodor Yarochkin (Senior Threat Researchers) The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year. And where there’s money to be made, there are cybercriminals rustling up schemes to take advantage of it. Unsurprisingly, that was the cas
Publish At:2017-09-29 00:50 | Read:4679 | Comments:0 | Tags:Bad Sites Deep Web Social Business Process Compromise Coupon

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:6858 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner

We’ve uncovered the notorious EITest campaign delivering a JavaScript (JS) cryptocurrency miner (detected by Trend Micro as HKTL_COINMINE) using tech support scams as a social engineering lure. These are fraud activities impersonating legitimate technical support services, conning unwitting victims to avail/pay for these services (or hand out financial data)
Publish At:2017-09-22 21:10 | Read:4253 | Comments:0 | Tags:Bad Sites cryptocurrency cryptocurrency miner EITest Tech Su

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud