QakBot Botnet Dismantled, But Can It Return?

QakBot fell. But for how long?

On Tuesday, the US authorities announced that as a result of the international law enforcement operation “Duck Hunt,” the infamous Qakbot malware platform, which is linked to Russia, was destroyed. Cybercriminals actively use it to commit various financial crimes. Though, cybersecurity experts are not sure how deadly this operation was to the botnet. They predict… Continue reading QakBot Botnet Dismantled, But Can It Return?

DarkGate Loader Expands Activity, Delivers Ransomware

The developer leases DarkGate malware to its partners, increasing DarkGate malware activity

A new DarkGate malware deployment campaign has caught the attention of cybersecurity researchers. This was fueled by the developer’s decision to lease its product to a limited number of affiliates. DarkGate Malware Activity Spikes as Developer Rents Out It According to cybersecurity researchers, a new DarkGate malware campaign made a fuss. It spreads through phishing… Continue reading DarkGate Loader Expands Activity, Delivers Ransomware

Botnet of 400,000 Devices Used as Proxy Nodes Uncovered

If you've noticed a drop in network performance for no reason, your device may be infected

Cybercriminals used stealthy malware to create a botnet of 400,000 proxy servers. Although the company providing the proxy services claims that users voluntarily provided their devices, experts believe otherwise. A botnet of 400,000 proxy servers Cybersecurity researchers recently discovered a botnet with more than 400,000 existing proxy nodes. At first glance, the attackers appear as… Continue reading Botnet of 400,000 Devices Used as Proxy Nodes Uncovered

Meduza Stealer: What Is It & How Does It Work?

Meduza Stealer is a new malware sample that has a lot of reasons to become a prolific strain

Malware world evolves constantly, and it will be reckless to ignore newcomers and their potential. Meduza Stealer appears to be a pretty potent stealer variant with its unique features and marketing model. Additionally, this malware may be considered a firstling of a new malware generation – one which breaks old geolocation filtering rules. What is… Continue reading Meduza Stealer: What Is It & How Does It Work?

Forged Driver Signatures Exploited In The Wild

Loopholes in Microsoft rules of certificate handling allow hackers to legitimise malware

Hackers actively use driver signature spoofing, which originates from a loophole in Windows kernel-mode drivers handling mechanism. They heavily bear on open-source utilities that were primarily designed for temporal circumvention of drivers signing, which is a far too big delay when it comes to evaluations. Cybercriminals though do not do any tests, and do hit… Continue reading Forged Driver Signatures Exploited In The Wild

Legion Stealer targeting PUBG players

Legion Tool Steals PUBG Players’ Sensitive Data through a Fake GitHub Repo

Scammers are using a misleading GitHub page to distribute Legion Stealer to fans of rogue PUBG games. Under the guise of cheats, users download malware. Legion Stealer Attacks PUBG Players Cyble Research and Intelligence Labs (CRIL) recently uncovered a fraudulent GitHub page pretending to be a PUBG bypass hack project. However, instead of providing game… Continue reading Legion Stealer targeting PUBG players

PlugX malware attacks European diplomats

European diplomats are being targeted by a new type of malware called PlugX.

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign… Continue reading PlugX malware attacks European diplomats

RustBucket Malware Attacks MacOS More Effectively

New update of RustBucket Malware introduced several changes. Now the malware is more securely fixed in the systems of its victims and evades detection by security software. Though the most concerning feature there is its enhanced ability to attack macOS. What is RustBucket malware? Researchers from Jamf Threat Lab discovered RustBucket in the spring of… Continue reading RustBucket Malware Attacks MacOS More Effectively

RedEnergy Stealer-as-a-Ransomware On The Rise

RedEnergy Stealer Mixes Infostealer and Ransomware in One

Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy. A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different web browsers. Its fundamental spreading way circulates fake updates – pop-ups and banners that… Continue reading RedEnergy Stealer-as-a-Ransomware On The Rise

PindOS JavaScript Dropper Distributes Bumblebee and IcedID Malware

Deep Instinct specialists spoke about a new JavaScript dropper called PindOS (such a “self-name” was found in the malware code and, based on slang signs, it can be assumed that it is of Russian origin). This malware is used to deliver additional payloads to infected systems, namely Bumblebee and IcedID. PindOS Dropper is Used to… Continue reading PindOS JavaScript Dropper Distributes Bumblebee and IcedID Malware