The Dridex Trojan continues to pose a significant threat to user data and its operators are expected to continue using it in attacks targeting the financial services sector, the Department of Homeland Security warns.A successor of the Cridex Trojan, Dridex has been around since 2012 and has been considered one of the most prevalent financial threats for more

Two Romanian nationals have been sentenced to prison in the United States for their roles in a multi-million dollar online fraud operation.The two, Bogdan Nicolescu, 37, and Radu Miclaus, 37, of Bucharest, Romania, will go to prison for developing and operating the Bayrob malware, infecting over 400,000 computers, and stealing credit card and other sensitive

Whether it be that their shoes are too tight, their heads aren’t screwed on just right, or they’re expressing a little bit of “Bah Humbug,” cyber-grinches and cyber-scrooges everywhere view the holiday season as a perfect opportunity to exploit users. In fact, McAfee recently conducted a survey of over 1,000 adults over the age of 18 in the U.S. from October

’Tis the season for giving and who better to give a giant headache to than the digital scammers working overtime to wreck our holidays? Can we spot and unravel every scam out there? Probably not. But, by taking a few minutes to get equipped to click, we can dodge common traps laid by cybercrooks and wreck their holidays before they get a chance to wreck ours

It’s a classic issue for BotConf attendees, the last day is always a little bit stronger due to the social event organized every Thursday night. This year, we are in the French area where good wines are produced and the event took place at the “Cité du Vin”. The night was short but I was present at the first talk! Ready as usual! The first talk was “

A new piece of macOS malware linked to the North Korean hacking group Lazarus employs in-memory execution of payloads, researchers revealed this week.Active since at least 2009, Lazarus was first observed using macOS malware in attacks in August last year, but continued to do so as part of a campaign that was active in 2019.Recent Lazarus campaigns focused o

by William Gamazo Sanchez and Joseph C. Chen In November 2019, we published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristic

Researchers at IBM X-Force have come across what appears to be a new piece of malware that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East.Dubbed ZeroCleare based on a path in its binary file, the malware has been described by IBM as a destructive wiper and it has been linked to Iranian hacker groups.

A new Python-based remote access Trojan (RAT) has been used in campaigns targeting a wide range of industries, BlackBerry Cylance revealed this week.Dubbed PyXie, the malware has been active since last year, but received little attention, although it has been observed in conjunction with Cobalt Strike beacons and a downloader seemingly linked to the Shifu ba

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w

Norwegian app security company Promon on Monday disclosed the existence of a vulnerability that has been exploited by tens of malicious Android apps, and warned that hundreds of popular applications are at risk of being targeted.Promon has dubbed the flaw StrandHogg, which is an old Norse term describing a Viking tactic that involved raiding coastal areas to

A worldwide law enforcement operation has resulted in the Imminent Monitor Remote Access Trojan (IM-RAT) being taken down completely, Europol has announced.Designed to provide its users with full control over the victim computers, IM-RAT was being used across 124 countries and over 14,500 people paid to use it.The takedown, Europol announced, was the result

Tex-Mex restaurant chain On The Border has informed customers this week that their payment card information may have been stolen by hackers.The breach was discovered on November 14 and at this point in the investigation the company believes the incident impacts restaurants in 27 states, including Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Il

Malware that Microsoft has been tracking for over a year has been leveraging numerous techniques for evasion, including random file names, fileless installation, and polymorphism. Microsoft, which calls the malware Dexphot, noticed that it attempted to deploy files that changed two or three times per hour. Targeting thousands of devices, the polymorphic

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a