#malware
Hosting von #Malware, #BotnetController #DDoS-for-hire-Infrastruktur... FlyHosting hat ein neues Rechenzentrum - nun im Keller deutscher Behörden. 😂
Hessens LKA hat dicht gemacht und die Server beschlagnahmt.
https://www.presseportal.de/blaulicht/pm/43563/5476672
Mehr hier
https://krebsonsecurity.com/2023/03/german-police-raid-ddos-friendly-host-flyhosting/
Windows kernel drivers for red team tools development Introduction series by @idov31
Part 1: https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
Part 2: https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
Part 3: https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
#windows #kernel #redteam #malware #infosec #cybersecurity #learning
"Vulkan Files": Hinter den Kulissen von Putins Cyberkrieg | heise online https://www.heise.de/news/Vulkan-Files-Geheimdokumente-enthuellen-Russlands-Cyberwaffen-8267980.html #CyberWar #VulkanFiles #Russia #Russland #Hacking #Malware
I’m seeing an uptick of malvertising using the windows notification feature in chrome. Looking at the sites and browsing history this very much smells like an ad network got popped or is distributing malware. Happy Friday Infosec?
Find and remove Malware with Microsoft Defender Offline
#AntiMalware, #AntiVirus, #FindAndRemoveMalware, #Malware, #MicrosoftDefenderAntivirus, #MicrosoftMalwareProtection, #MicrosoftWindows, #PerformMicrosoftDefenderScans, #Quarantine, #Scan, #Viruses, #Windows, #Windows10, #Windows11, #WindowsDefender, #WindowsDefenderAntivirus
Tax season brings tax-related scams - The latest malspam attack infects targeted devices with the nasty #Emotet malware.
https://hackread.com/irs-tax-forms-w-9-email-scam-emotet-malware/
Since WHEN did #Government types figure out that #SocialMedia had #backdoors built in and #malware capabilities so that they _JUST_ are starting to #Ban them from #GovernmentDevices? 👨💻👩💻💻🤦♂️🤦🤦♂️🤦
In 2023?!?!
Didn't anyone see the #MarkTheVirus documentary on #Racketeering via #SocialMedia with the awful #PsyTrance music list he overpaid for called #TheSocialNetwork and the hit follow up #TheSocialDilemma, all on #Netflix btw.
#TheSocialDilemma is also available on #YouTube, fyi.
L’#application de #3CX pour Windows et macOS est infectée par un #malware : des millions de postes sont exposés !
ça c'est fait...
https://www.3cx.com/blog/news/desktopapp-security-alert/
https://www.it-connect.fr/lapplication-de-3cx-pour-windows-et-macos-est-infectee-par-un-malware-des-millions-de-postes-sont-exposes/
L’application de 3CX pour Windows et macOS est infectée par un malware : des millions de postes sont exposés ! https://www.it-connect.fr/lapplication-de-3cx-pour-windows-et-macos-est-infectee-par-un-malware-des-millions-de-postes-sont-exposes/ #Sécurité #Malware
#Development #Findings
One in two new npm packages is SEO spam right now · Just README files with links to various malicious websites https://ilo.im/120gj2
_____
#Npm #PackageManager #WebDevelopment #WebDev #JavaScript #NodeJS #Security #Malware #Spam
Google und Amnesty International decken internationale Spyware-Kampagnen auf | heise online https://www.heise.de/news/Google-und-Amnesty-International-decken-internationale-Spyware-Kampagnen-auf-8222319.html #CyberCrime #Phishing #Malware #Spyware #Tracking
#APT hacker group SideCopy, known for targeting India & Afghanistan government agencies, has launched a new phishing campaign delivering Action RAT and AuTo Stealer.
https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html
RedGolf, a highly-likely Chinese state-sponsored threat group, is using a new custom backdoor called #KEYPLUG to target multiple sectors, including US government entities.
https://thehackernews.com/2023/03/chinese-redgolf-group-targeting-windows.html
This is what we currently know about the #3cx compromise. Awesome job @JohnHammond @Embee_research and team from @huntress !
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
"One document links a Vulkan cyber-attack tool with the notorious hacking group Sandworm, which the #US government said twice caused blackouts in #Ukraine, disrupted the #Olympics in South Korea and launched NotPetya, the most economically destructive #malware in history."
"A third Vulkan-built system – Crystal-2V – is a training program for cyber-operatives in the methods required to bring down rail, air and sea infrastructure."
🐍 #Python developers, beware! #Malicious package on #PyPI uses #Unicode to evade detection and deploy info-stealing #malware!
Learn more: https://thehackernews.com/2023/03/malicious-python-package-uses-unicode.html
#cybersecurity #hacking #infosecurity #coding #py #sec #security #infosec
"Trojanized Windows and Mac apps rain down on 3CX users in massive supply chain attack" https://arstechnica.com/information-technology/2023/03/massive-supply-chain-attack-with-ties-to-north-korea-hits-users-of-3cx-voice-app/ #malware
"The macOS version, according to macOS security expert Patrick Wardle, was also notarized by Apple, indicating that the company analyzed the app and detected no malicious functionality."
📢 Tax season brings tax-related scams - The latest malspam attack infects targeted devices with the nasty #Emotet malware.
Learn more: https://www.hackread.com/irs-tax-forms-w-9-email-scam-emotet-malware/
3CX DesktopApp Security Alert - Mandiant Appointed to Investigate
https://www.3cx.com/blog/news/desktopapp-security-alert-updates/
Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency https://grahamcluley.com/clipboard-injecting-malware-disguises-itself-as-tor-browser-steals-cryptocurrency/ #cryptocurrency #clipboard #Malware #Tor
Make Use Of: How to Check for and Remove a Keylogger on Your Windows PC https://www.makeuseof.com/how-to-check-for-keyloggers-on-windows-pc/ #Tech #MakeUseOf #TechNews #IT via @morganeogerbc #OnlineSecurity #Keylogger #Security #Malware #Spyware
The first reflective loader used in the 3CX supply chain attack is based on sRDI (DAVESHELL). Here is an Intezer gene analysis of the shellcode: https://analyze.intezer.com/analyses/7153edf9-7d0f-4892-a1b0-342baf7c14ee
Here is the DLL it loads: https://analyze.intezer.com/analyses/e48d000e-9a87-4cd6-b587-4fad1654e75e
Some of the "additional code" that was added to ffmpeg was extracted and analyzed here: https://analyze.intezer.com/analyses/198ca441-017a-4657-ad87-43956a174b50. Under the code tab, you generate a yara rule that can be used to hunt for similar compromised files.
Clipboard-injecting malware disguises itself as Tor browser, steals cryptocurrency.
Chinese Cyberspies Use ‘Melofee’ #Linux #Malware for Stealthy Attacks #cybersecurity https://www.securityweek.com/chinese-cyberspies-use-melofee-linux-malware-for-stealthy-attacks/ @SecurityWeek
If you missed this: Nexus #Android #malware targets 450 financial applications #cybersecurity https://www.techrepublic.com/article/nexus-android-malware-finance-targets/
Malicious apps either fool users to grant accessibility services or use weaknesses in the phone, particularly on rooted devices, to bypass the android security/permission model and grant it to themselves.
#^https://www.lookout.com/blog/hermit-spyware-discovery
Evidence found suggesting this malware has likely been active in campaigns targeting the #Rojava area of #Syria, #Italy and #Kazakhstan.
More info of campaigns #^https://www.bleepingcomputer.com/news/security/google-finds-more-android-ios-zero-days-used-to-install-spyware/
Info about implications of Android #AccessibilityServices and how to combat this exploit vector can be found via our wiki #^https://hub.libranet.de/wiki/and-priv-sec/wiki/apps#Accessibility_services
#Android #Malware
3CX DesktopApp compromised by supply chain attack - 3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, user... - https://www.csoonline.com/article/3692250/3cx-desktopapp-compromised-by-supply-chain-attack.html#tk.rss_all #applicationsecurity #malware #voip
Some college students and others who used AudienceView ticketing service to purchase concert or campus event tickets between February 17 and February 21 have been reporting credit card compromises. AudienceView has confirmed that they had a malware incident that has affected students at a number of colleges nationwide.
I'm surprised I haven't seen more headlines and coverage of this one. I just noticed it this morning because The Ithacan was one of the college publications that reported on it:
https://theithacan.org/news/students-bank-accounts-hacked-because-of-ticketing-software-breach/
3CX has been hacked in an supply chain attack and are spreading trojans on devices.
@WithSecure has already stopped this on a customer device.
#infosec #malware #cybersecurity
https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html
#Commercial #spyware vendors that facilitate the spread of #malware by government-backed threat actors. These vendors are arming countries that would otherwise not be able to develop these tools. https://tchlp.com/3nvpf1A
Creating a malware analysis lab doesn't have to be complicated or expensive.
Explore different options like virtualization, dedicated hardware, or cloud labs in this helpful article: https://thehackernews.com/2023/03/how-to-build-research-lab-for-reverse.html
For fear of blaming the people who would fall for this, please be careful when downloading apps.
MacStealer malware grabs iCloud passwords, files, and credit card details https://9to5mac.com/2023/03/28/macstealer-malware/
#Malware #iCloud #Passwords #Credentials #macOS #Apple #Vulnerabilities #InfoSec #TechNews
#APT group SideCopy, known for targeting India & Afghanistan government agencies, has launched a new phishing campaign delivering Action RAT and AuTo Stealer.
https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html
Malicious #Python Package uses #Unicode to evade detection:
#SupplyChain #security firm Phylum discovered a malicious Python package on the Python Package Index (#PyPI) repository that uses Unicode to evade detection and deliver information #stealing #malware.
:python: https://securityaffairs.com/144070/malware/malicious-python-package-uses-unicode.html
Android malware sample of the recent trojan.boogr/bankbot...
PancakeSwap
📦com.card.gift
🦠VirusTotal • 🏺️Pithus
sha256:f3fc80a8793e60a901da44b9ab315931699e64a4f3eddb8aba839fe860de46dc
#sova #sova_v5 #Trojan
GBWhatsApp
📦com.gbwhatsapp
🦠VirusTotal • 🏺️Pithus
sha256:10f568434cfa0f900dbe72dc0428f76b79c660a9e64322b5f0ec0974f3308f98
#InfoStealer #Android #Malware
Emotet just won't go away. The latest campaign we saw used binary padding to pad the payloads up to 500 MiB to try to evade detection. https://www.netskope.com/blog/emotet-comeback-new-campaign-using-binary-padding-to-evade-detection
Lately, artificial intelligence chatbots like #ChatGPT are getting all the attention, but there’s another type of bot posing an immediate and serious threat to your university’s #cybersecurity. Old-school bots are pieces of #malware that infiltrate your environment and infect devices on your networks. Attackers can then remotely control the bots on those devices to steal data and launch a staggering variety of additional attacks directed at either other university systems or third parties.
#Bots continue to become more capable and harder to detect, so it’s more important than ever that you know how to prepare for them, spot them and stop them.
Europe's transport sector terrorised by ransomware, data theft, and denial-of-service attacks.
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/europes-transport-sector-terrorised-ransomware-data-theft-and-denial-service
#cybersecurity #transport #malware #ransomware #databreach #datatheft #denialofservice #ddos
Virenschutz: Malwarebytes ermöglicht Rechteausweitung
Der Virenschutz von Malwarebytes ermöglicht Angreifern, beliebige Dateien zu löschen oder ihre Rechte im System auszuweiten. Ein Update schließt die Lücke.
#Virenscanner #Malware #McAfee #Security #Sicherheitslücken #news
How to use Cutter for reverse-engineering, by @Jacob_Pimental: https://www.goggleheadedhacker.com/post/intro-to-cutter
#malware #reverseengineering #security #tools #tutorial #cybersecurity
#AsmResolver 5.2.0 is out now.
This version includes read support for many more #PDB symbols, #dotnet AppHost patching, .NET TypeSignature::IsAssignableTo(type), QoL improvements and bug fixes.
👉 Full changelog and download links:
https://github.com/Washi1337/AsmResolver/releases/tag/v5.2.0
Obst und Malware: Google suspendiert die Onlineshopping-App Pinduoduo
Eine der größten chinesischen Shopping-Dienste steht im Verdacht, in seinen Apps Malware zu schmuggeln. Google suspendiert und blockiert die Android-Apps.
Interesting 🤔 Transformer Neural Network Engineering Techniques on System Logs for #Malware Behavior Modeling https://towardsdatascience.com/transformer-neural-network-engineering-techniques-on-system-logs-for-malware-behavior-modeling-c79f83f1ae69 #machinelearning #infosec
Meet #DotRunpeX, a new malware that rains additional nasty malware on targeted devices through the use of #GoogleAds and phishing emails.
https://hackread.com/dotrunpex-malware-infects-multiple-families/
Malware-Masche: Acrobat Sign-Dienst zum Unterschieben von Malware missbraucht
Avast hat eine neue Masche beobachtet, mit der Cyberkriminelle Opfern Malware unterjubeln wollten. Sie missbrauchen dazu den Adobe-Sign-Dienst.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2023 is out!
It includes, but not only:
Alleged #BreachForums owner Pompompurin arrested on cybercrime charges
FakeCalls Vishing #Malware Targets South Korean Users via Popular Financial Apps
#RAT developer arrested for infecting 10,000 PCs with malware
Lookalike #Telegram and #WhatsApp Websites Distributing #Cryptocurrency Stealing Malware
#BianLian ransomware gang shifts focus to pure data extortion
Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
Convincing #Twitter 'quote tweet' phone scam targets bank customers
#Belgium and #UK ban #TikTok from federal government work phones
#NordVPN open sources its #Linux #VPN client and libraries
#ChipMixer platform seized for laundering #ransomware payments, drug sales
#CISA joins forces with #WiCyS to break up the boy's club
#Microsoft Warns of #Outlook Zero-Day Exploitation, Patches 80 Security Vulns
@shortridge 's Cyber Startup Buzzword Bingo: 2023 Edition
Microsoft Warns of Large-Scale Use of #Phishing Kits to Send Millions of Emails Daily
#FBI reveals that more money is lost to investment fraud than ransomware and business email compromise combined
#KaliLinux 2023.1 introduces 'Purple' distro for defensive security
Threat Actors Abuse #AIGenerated Youtube Videos to Spread Stealer Malware
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️
New EDR/AV evasion technique added to the #UnprotectProject by @Praetorian_GRD "Unloading Module Using FreeLibrary". Check out the detailed description, code snippet and CAPA rule👇 #cybersecurity #malware #infosec
https://unprotect.it/technique/unloading-module-with-freelibrary/
Get up to speed on the week's infosec news before another week in the trenches:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05
Last week's patch Tuesday had SmartScreen bypasses and the Ping of Death, but nothing could beat the #Outlook zero-click credential leak that #Microsoft patche-er, uh, wait, no not quite patched - turns out you can still abuse it locally to harvest NTLM credentials, yikes!
Non-transitive trusts have one job - to enable cross-domain authentication between only the two domains that maintain it. Turns out, that's not the case - you can actually pivot between domains and forests, authenticating to Services well outside the intended scope of the trust. And Microsoft aren't going to fix it.
#Emotet have realised in week two of their return that there's more to life than Macros, and have joined in the abuse of #OneNote files to deliver their lures.
In the world of ransomware, #BianLian have opted to focus on exfil-and-extortion campaigns, after Avast released a pesky decryptor for their ransomware in January this year. #CISA have opened their books and shared a detailed profile on #LockBit 3.0's favoured TTPs and tooling that's worth a read.
#Google TAG have ousted Microsoft taking the easy way out in their previous patch of a SmartScreen bypass, opting to issue a half-baked patch that the #Magniber ransomware crew quickly circumvented, enabling them to deliver over 100,000 malicous lures unencumbered by the now-patched security control.
If you're running Adobe's ColdFusion, Aruba ClearPass, or SAP software - you're going to want to make sure you caught and patched these vulnerabilities that debuted last week.
#Redteam members have a new and improved AD lab environment to play in, as well as new evasion techniques for remote shells and macros to add to the toolkit!
Offensive Security have a gift for the #blueteam in the defensive Kali Purple distro, and we've caught a bunch of awesome write-ups to help in scaling Detection Engineering and mitigating common initial access vectors.
Catch all this and much more in this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #patchtuesday #adobe #ColdFusion #Aruba #ClearPass #SAP #Kali
This is not true. #SSM™ breaks anything regardless.
#GammaGroup #FinFisher #FinSpy #Finsky #NSOGroup #Pegasus 👀👀🕵️♀️🕵️
The discussions into this #E2EE should _include_ #SSM™ #StateSponsordMalware™ as this option had been the #EnemyOfTheInternet since.... Forever.
#malware #ecosystem #YouArePwnd #GetOverIT ☣️🚢👀🕵️🕵️♀️
Why it’s better not to use desktop versions of messengers such as WhatsApp, Telegram, Signal
"- All of them are built on the Electron framework, which means that the Chromium browser may be outdated and have security vulnerabilities.
- The encryption keys can be easily stolen unlike their mobile counterparts
-RATs represent threats against which desktop messenger clients are practically defenseless."
#cybersecurity #signal #whatsapp #electron #vulnerability #malware
https://www.kaspersky.com/blog/dangers-of-desktop-messengers/47453/
🔥🔥🤩 Check out this malware analysis report from Elastic Security Labs on a recent variant from the malware family ICEDID written by the MARE (Malware Analysis and Reverse Engineering) Team Senior Security Researchers Cyril F. and Daniel Stepanic !
#malwareanalysis #elastic #ElasticSecurityLabs #malware
https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware 👇:2001:
https://thehackernews.com/2023/03/lookalike-telegram-and-whatsapp.html
#Botnet that knows your name and quotes your #email is back with new tricks
Emotet has returned.
Emotet primarily sends spam email messages that are made to look like it came from a known contact - which ups the chances of people downloading malicious attachments or clicking on #phishing links.
Microsoft has another go at closing security hole exploited by Magniber ransomware.
Read more in my article on the Bitdefender blog: https://www.bitdefender.com/blog/hotforsecurity/microsoft-has-another-go-at-closing-security-hole-exploited-by-magniber-ransomware/
#cybersecurity #vulnerability #ransomware #malware #microsoft #google
In today's ridiculous "of course this exists now" tech news, now there are YouTube videos featuring AI-generated personas that are being used to spread information-stealing malware. Sigh
https://www.techspot.com/news/97926-ai-generated-personas-pushing-malware-youtube.html
@arstechnica ⬆️ How is #Russia connected to this #malware ?
🤔 DNS data shows one in 10 organizations have #malware traffic on their networks. More than a quarter of that traffic went to servers belonging to initial access brokers, attackers who sell access into corporate networks to other cybercriminals, the #Akamai report stated. https://www.csoonline.com/article/3690518/dns-data-shows-one-in-10-organizations-have-malware-traffic-on-their-networks.html #infosec
Hello, I just moved over from infosec.exchange 👋
A short #introduction. More info ➡️ https://lallodi.github.io
I am faculty at TU Eindhoven in NL 🇳🇱. I am interested in studying emergent #cyberthreats and attack innovation (from #malware to #socialEngineering), and how to integrate this into our defenses. I am the scientific director of the ESH-Security Operation Center (our own @TUEindhoven commercial #SOC, https://www.eindhovensecurityhub.nl supporting ed. & res.).
Looking forward to meeting you all! 🍻
#NorthKorean #hackers target #SecurityResearchers with a new #backdoor | #ArsTechnica
"#ThreatActors connected to the North Korean government have been targeting #security #researchers in a hacking campaign that uses new techniques and #malware in hopes of gaining a foothold inside the companies the targets work for, researchers said.
Researchers from security firm #Mandiant said on Thursday that they first spotted the campaign last June while tracking a phishing campaign targeting a #US-based customer in the #technology industry. The hackers in this campaign attempted to infect targets with three new malware families, dubbed by Mandiant as #Touchmove, #Sideshow, and #Touchshift. The hackers in these attacks also demonstrated new capabilities to counter endpoint detection tools while operating inside targets’ #cloud environments."
So Merced College has now reported the malware/encryption incident that occurred Oct 25 - Nov 3, 2022:
https://oag.ca.gov/system/files/Merced%20College%20-%20Notification%20Letter%20Template.pdf
#databreach #dataprotection #malware #EduSec #infosecurity #cybersecurity
They had disclosed an incident at the time, but the formal notification to the state seems .... late?
Pirated copies of Final Cut Pro infect Macs with cryptojacking malware.
https://grahamcluley.com/pirated-copies-of-final-cut-pro-infect-macs-with-cryptojacking-malware/
#cybersecurity #malware #apple #mac #macos #cryptojacking #cryptomining #cryptocurrency
DoppelPaymer: Razzien gegen Ransomware-Gang in Nordrhein-Westfalen und Ukraine
Strafverfolger sprechen von einem Schlag gegen die kriminelle Bande, die hinter groß angelegten Cyberangriffen mit der Ransomware DoppelPaymer stecken soll.
#Cybersecurity #Emotet #Ransomware #Malware #Trojaner #UkraineKrieg #news
Hackers had stolen the sensitive data of 2.1 million customers from this #DNA testing service.
😠 Finding #porn you've created on a pirate download site
🤬 ... Which charges users to access content *you* self-funded and haven't made back costs on yet
😒 ... Where the downloads are hosted by a third party in a country that doesn't care about #DCMA compliance
😵💫 ... Only when you look into it the downloads are allegedly #malware and the site is just using your preview pics and copy for some reason??? But you can't verify this because... malware
Recent iPhone thefts highlight the danger of using passcodes in public
‘A new report from The Wall Street Journal looks at a recent trend of iPhone thefts that have happened across the US. Instead of just looking to snatch devices, these thieves are watching for passcodes so they can immediately get into iPhones, change Apple ID passwords, access financial accounts, and more’
#technology #tech #security #privacy #hacking #malware #phishing #Apple #iPhone
https://9to5mac.com/2023/02/24/iphone-passcode-in-public-dangers/
In 5 Minuten kann sich jeder unter Android/iOS von (illegalem) Tracking und (schädlicher) Werbung befreien. Nehmt euch die Zeit! 👇
Kurz informiert: Ukraine-Krieg, Wiper-Malware, TikTok, autonome Shuttles
Unser werktäglicher News-Überblick fasst die wichtigsten Nachrichten des Tages kurz und knapp zusammen.
#autonomesFahren #Datenschutz #kurzinformiert #Malware #Starlink #TikTok #UkraineKrieg #news
Ukraine-Krieg: Intensivste Angriffswelle mit Wiper-Malware der Geschichte
Vor einem Jahr hat der russische Angriffskrieg gegen die Ukraine begonnen. Ein Jahr später gibt es einige Einblicke in den Cyberwar, der den Krieg begleitet.
The FBI Recommends Using An Adblocker When Performing Web Searches: https://www.ic3.gov/Media/Y2022/PSA221221 #fbi #adblock #web #search #malicious #malware #phishing
Fake ChatGPT apps spread Windows and Android malware.
Read more in my article on the Tripwire blog:
https://www.tripwire.com/state-of-security/fake-chatgpt-apps-spread-windows-and-android-malware
NSA shares guidance on how to secure your home network:
BTW, the bit about rebooting your devices is not a joke, many malware, especially for cellphones, are non-persistent and designed to leave no trace, so they disappear on reboot.
Great analysis by zScaler analysts, who dissected the highly capable Rhadamanthys InfoStealer:
Definitely recommend you read the full article, but if you're short on time - the key points:
• Rhadamanthys is an information stealer that consists of two components, the loader and the main module (responsible for exfiltrating collected credentials).
• The malware implements complex anti-analysis techniques by using a public open source library.
Rhadamanthys is capable of extracting credentials of various applications such as Keepass and cryptocurrency wallets.
• One of the detected loaders uses a virtual machine (based on Quake III) in order to protect several parts of its code.
• Rhadamnthys uses a variation of the Hidden Bee format, which has been already described to a great extent by Malwarebytes.
• Rhadamnthys has its own file system, which includes an additional set of embedded modules.
• Both the loader and the main module network communications can be decrypted due to an implementation flaw in their code.
#infosec #cyber #cybersecurity #malware #malwareanalysis #threatintel
A Realistic Look at Implications of ChatGPT for Cybercrime
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
#infosec #cybersecurity #malware #phishing #chatgpt
Hello! Let's get my #introduction going here.
Professionally right now I work as an SME in a #PenTesting group for a regulatory company, but it's really not my bag of tea in the long run. That I can feel. I much prefer to be in an investigatory and tool-making field for something related to #DFIR . I was especially happy doing #ReverseEngineering of #malware .
I'm into reverse engineering, assembly languages like #IA32 and recently #ARM / #ARM64, programming (old classics like C/C++ / #Python but learning the newer stuff like #RustLang ), big into #forensics, #RasPi and #Arduino projects and such.
Still trying to figure out what I am career wise, though, like job title and such! It's all great fun to me, just haven't found the direct niche to sink into.
Hobby wise, I'm also really into #GuildWars2! Long time gamer at heart.
"The malware would redirect the visitors to a different website, where ads hosted on the Google Ads platform would load, bringing in profits for the website’s owners."\
#cybersecurity #malware #wordpress
https://www.techradar.com/news/thousands-of-wordpress-sites-have-been-infected-by-a-mystery-malware
RIP... #GoDaddy: #Hackers stole source code, installed #malware in multi-year breach https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/
Cybercriminal convicted of $90 million SEC earning reports hack
Read more in my article on the Tripwire blog:
Gulp! Pepsi hack sees personal information stolen by data-stealing malware.
Read more in my article on the Bitdefender blog:
Anyone know what's going on with #Microsoft #MVI? I see that they aren't taking new applications, but what about applications that have been submitted before that and haven't heard anything? Is that program dead now?