Zum Inhalt der Seite gehen

Suche

Beiträge, die mit MALWARE getaggt sind

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/

#IVANTI #MALWARE #VPN #KEWLNEWS #PRESS

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

In-the-wild attacks tamper with built-in security tool to suppress infection warnings.
Dan Goodin (Ars Technica)
#vpn #press #malware #kewlnews #ivanti

New stealthy Pumakit Linux Rootkit Malware spotted in the Wild. :linux:

IT-security researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files & directories, and conceal itself from system tools, while simultaneously evading detection.

https://www.elastic.co/security-labs/declawing-pumakit

#linux #pumakit #malware #it #security #privacy #engineer #media #tech #news
"PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers," Elastic Security Lab researchers Remco Sprooten and Ruben Groenewoud said in a technical report published last week. Generally, this malware are used by advanced threat actors targeting critical infrastructure and enterprise systems for espionage, financial theft and disruption operations.
[ImageSource: Elastic Security] Pumakit Infection Chain. Pumakit employs a multi-stage infection process starting with a dropper named 'cron,' which executes embedded payloads ('/memfd:tgt' and '/memfd:wpn') entirely from memory. The '/memfd:wpn' payload, which executes in a child process, performs environment checks and kernel image manipulation and eventually deploys the LKM rootkit module ('puma.ko') into the system kernel. Embedded within the LKM rootkit is Kitsune SO ('lib64/libs.so'), acting as the userland rootkit that injects itself into processes using 'LD_PRELOAD' to intercept system calls at the user level.
[ImageSource: Elastic Security] Pumakit using ftrace to hook Syscalls. The malware uses the internal Linux function tracer (ftrace) to hook into as many as 18 different system calls and various kernel functions such as "prepare_creds," and "commit_creds" to alter core system behaviors and accomplish its goals. <https://www.kernel.org/doc/html/latest/trace/ftrace.html> "Unique methods are used to interact with Pumakid, including using the rmdir() syscall for privilege escalation and specialized commands for extracting configuration and runtime information," the researchers said.

Declawing PUMAKIT — Elastic Security Labs

PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.
www.elastic.co
#news #privacy #tech #linux #media #malware #security #it #engineer #pumakit

Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware Just another day in dystopian paradise. www.404media.co/cellebrite-u...#infosec #malware #spyware #opsec #ethics #journalism

Cellebrite Unlocked This Journ...

Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware

A new report from Amnesty International reveals multiple cases where Serbian authorities used Cellebrite devices to access targets' mobile phones before loading them with spyware.
Joseph Cox (404 Media)
#journalism #infosec #ethics #malware #spyware #opsec

"The report is significant because it shows that although Cellebrite devices are typically designed to unlock or extract data from phones that authorities have physical access to, they can also be used to open the door for installing #activesurveillance technology. In these cases, the devices were infected with malware and then returned to the targets."

#Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With #Malware (#spyware)

https://www.404media.co/cellebrite-unlocked-this-journalists-phone-cops-then-infected-it-with-malware/ #cybersecurity #cybersec

Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware

A new report from Amnesty International reveals multiple cases where Serbian authorities used Cellebrite devices to access targets' mobile phones before loading them with spyware.
Joseph Cox (404 Media)
#cybersecurity #malware #spyware #cybersec #cellebrite #activesurveillance

Akamai's latest discovery reveals a devious malware technique that hijacks Windows' UI Automation feature to evade detection! This malicious method can execute commands stealthily, making it hard for antivirus programs to catch. 🦠💻 Admins are urged to monitor suspicious activity involving UIAutomationCore.dll. Stay alert! 🔍 #CyberSecurity #Malware #newz #WindowsSecurity https://www.techradar.com/pro/security/this-devious-new-malware-technique-looks-to-hijack-windows-itself-to-avoid-detection

This devious new malware technique looks to hijack Windows itself to avoid detection

There is a way to abuse accessibility features on Windows to hide malware
Sead Fadilpašić (TechRadar pro)
#cybersecurity #malware #newz #windowssecurity

NodeStealer Malware targets Facebook Ad Accounts and harvesting Credit Card Data.

Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims Facebook Ads Manager accounts and harvest credit card data stored in web browsers.

https://www.netskope.com/blog/python-nodestealer-targets-facebook-ads-manager-with-new-techniques

#facebook #socialmedia #ads #malware #it #security #privacy #engineer #media #tech #news
"They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report. "New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, adding junk code and using a batch script to dynamically generate and execute the Python script." NodeStealer, first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover. The latest analysis from Netskopke shows that NodeStealer artifacts have begun to target Facebook Ads Manager accounts that are used to manage ad campaigns across Facebook and Instagram, in addition to striking Facebook Business accounts.
[ImageSource: Netskope Threat Labs] "We recently found several Python NodeStealer samples that collect budget details of the account using Facebook Graph API," Michael Alcantara explained. "The samples initially generate an access token by logging into adsmanager.facebook[.]com using cookies collected on the victim's machine." Aside from collecting the tokens and business-related information tied to those accounts, the malware includes a check that's explicitly designed to avoid infecting machines located in Vietnam as a way to evade law enforcement actions, further solidifying its origins.
[ImageSource: Netskope Threat Labs] On top of that, certain NodeStealer samples have been found to use the legitimate Windows Restart Manager to unlock SQLite database files that are possibly being used by other processes. This is done so in an attempt to siphon credit card data from various web browsers. Data exfiltration is achieved using Telegram, underscoring that the messaging platform still continues to be a crucial vector for threat actors despite recent changes to its policy. Malvertising via Facebook is a lucrative infection pathway, often impersonating trusted brands to disseminate all kinds of malware. This is evidenced by the emergence of a new campaign starting November 3, 2024, that has mimicked the Bitwarden password manager software through Facebook sponsored ads to install a rogue Google Chrome extension. <https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users>

Python NodeStealer Targets Facebook Ads Manager with New Techniques - Netskope

Summary In September 2023, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook
Jan Michael Alcantara (Netskope)
#news #privacy #tech #socialmedia #media #malware #facebook #security #it #engineer #ads

Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job? https://grahamcluley.com/smashing-security-podcast-392/ #SmashingSecurity #Recruitment #databreach #government #TheVatican #Lawℴ #Dataloss #Malware #Podcast #Privacy #israel #Mossad #police #Italy

Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job?

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members. Oh, and Graham finds out what…
Graham Cluley
#privacy #podcast #databreach #police #Italy #israel #malware #government #mossad #dataloss #lawo #thevatican #recruitment #smashingsecurity

"AT&T. Ticketmaster. Santander Bank. Neiman Marcus. Electronic Arts. These were not entirely isolated incidents. Instead, they were all hacked thanks to “infostealers,” a type of malware that is designed to pillage passwords and cookies stored in the victim’s browser. In turn, infostealers have given birth to a complex ecosystem that has been allowed to grow in the shadows and where criminals fulfill different roles. There are Russian malware coders continually updating their code; teams of professionals who use glitzy advertising to hire contractors to spread the malware across YouTube, TikTok, or GitHub; and English-speaking teenagers on the other side of the world who then use the harvested credentials to break into corporations. At the end of October, a collaboration of law enforcement agencies announced an operation against two of the world’s most prevalent stealers. But the market has been able to grow and mature so much that now law enforcement action against even one part of it is unlikely to make any lasting dent in the spread of infostealers.

Based on interviews with malware developers, hackers who use the stolen credentials, and a review of manuals that tell new recruits how to spread the malware, 404 Media has mapped out this industry. Its end result is that a download of an innocent-looking piece of software by a single person can lead to a data breach at a multibillion-dollar company, putting Google and other tech giants in an ever-escalating cat-and-mouse game with the malware developers to keep people and companies safe."

https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

#CyberSecurity #CyberCrime #Hacking #Malware #InfoStealers #DataBreaches
#cybersecurity #malware #hacking #cybercrime #databreaches #infostealers

[BEWARE!!!] Android Malware "FakeCall" now reroutes Bank Calls to Attackers. :androidalt:

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.

https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/

#android #fakecall #vishing #malware #it #security #privacy #engineer #media #tech #news
FakeCall (or FakeCalls) is a banking trojan with a focus on voice phishing, in which victims are deceived through fraudulent calls impersonating banks, asking them to convey sensitive information. In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction. The malware also exploits the Android Accessibility Service to capture screen content and manipulate the device’s display to create a deceptive user interface while mimicking the legitimate phone app.
[ImageSource: Zimperium] Overview of latest FakeCall attacks. The FakeCall malware typically infiltrates a device through a malicious app downloaded from a compromised website or a phishing email. The app requests permission to become the default call handler. If granted, the malware gains extensive privileges. A fake call interface mimics the actual Android dialer, displaying trusted contact information and names, elevating the level of deception to a point that's hard for victims to realize. What makes this malware so dangerous is that when a user attempts to call their financial institution, the malware secretly hijacks the call and redirects it to an attacker's phone number instead.

Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.
Zimperium
#android #news #privacy #tech #media #malware #security #it #engineer #fakecall #vishing