Imagine if your antivirus program infected your computer with malware – that’s exactly what happened to some eScan antivirus users recently. A new report from Avast has explained how a threat actor, possibly of North Korean affiliation, used a vulnerability in the antivirus program to sideload a backdoor called GuptiMiner. Apparently, after obtaining an adversary-in-the-middle … Read more
More than a year after a patch was released, hackers are still competing to compromise vulnerable TP-Link Wi-Fi routers. A report from Fortinet claims half a dozen botnet operators are scanning for vulnerable TP-Link Archer AX21 (AX1800) routers after cybersecurity researchers discovered a high-severity unauthenticated command injection flaw in the endpoints early last year. The … Read more
A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware. According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This … Read more
Visa is warning its partners, clients, and customers, of an ongoing phishing attack that aims to deliver a banking trojan. The Visa Payment Fraud Disruption (PDF) unit sent out a security alert to card issuers, processors, and acquirers, noting it had observed a new phishing campaign that started in late March this year. The campaign … Read more
Cybersecurity researchers from Trend Micro have uncovered a brand new piece of malware that uses an unusual method of hiding from antivirus programs. The malware is called UNAPIMON, and is apparently being used by Winnti, an established Chinese state-sponsored threat actor that was behind some of the most devastating attacks against governments, hardware and software … Read more
A new version of a known Android banking trojan is making rounds on the internet, stealing sensitive data, and possibly even money, from its victims. Cybersecurity researchers from NCC Group’s Fox-IT sounded the alarm of a new, upgraded version of the Vultur banking trojan, first spotted in early 2021 but having received a number of … Read more
A dangerous espionage malware, previously only used against Windows devices, is increasingly being observed on Linux machines, too, experts have warned. Following earlier reports by ESET and Trend Micro, Kaspersky is now warning of the Dinodas Remote Access Trojan (RAT), signaling the rising popularity of the malware. Kaspersky claims the backdoor is “fully functional, granting … Read more
Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations. Cybersecurity experts from both Checkmarx and Check Point observed a large-scale cyberattack in which threat actors tried to upload hundreds of malicious packages to the platform, in an attempt to compromise software … Read more
Cybersecurity researchers from Checkmarx have discovered a new infostealing campaign that leveraged typosquatting and stolen GitHub accounts to distribute malicious Python packages to the PyPI repository. In a blog post, Tal Folkman, Yehuda Gelb, Jossef Harush Kadouri, and Tzachi Zornshtain of Checkmarx said they discovered the campaign after a Python developer complained about falling victim … Read more
Hackers are using a novel phishing technique to deliver remote access trojans (RAT) to unsuspecting victims. According to the report, published this Monday, threat actors are using a technique called Object Linking and Embedding (OLE). This is a Windows feature that allows users to embed and link documents within documents, resulting in compound files with … Read more