On Tuesday, the US authorities announced that as a result of the international law enforcement operation “Duck Hunt,” the infamous Qakbot malware platform, which is linked to Russia, was destroyed. Cybercriminals actively use it to commit various financial crimes. Though, cybersecurity experts are not sure how deadly this operation was to the botnet. They predict… Continue reading QakBot Botnet Dismantled, But Can It Return?
A new DarkGate malware deployment campaign has caught the attention of cybersecurity researchers. This was fueled by the developer’s decision to lease its product to a limited number of affiliates. DarkGate Malware Activity Spikes as Developer Rents Out It According to cybersecurity researchers, a new DarkGate malware campaign made a fuss. It spreads through phishing… Continue reading DarkGate Loader Expands Activity, Delivers Ransomware
Cybercriminals used stealthy malware to create a botnet of 400,000 proxy servers. Although the company providing the proxy services claims that users voluntarily provided their devices, experts believe otherwise. A botnet of 400,000 proxy servers Cybersecurity researchers recently discovered a botnet with more than 400,000 existing proxy nodes. At first glance, the attackers appear as… Continue reading Botnet of 400,000 Devices Used as Proxy Nodes Uncovered
Malware world evolves constantly, and it will be reckless to ignore newcomers and their potential. Meduza Stealer appears to be a pretty potent stealer variant with its unique features and marketing model. Additionally, this malware may be considered a firstling of a new malware generation – one which breaks old geolocation filtering rules. What is… Continue reading Meduza Stealer: What Is It & How Does It Work?
Hackers actively use driver signature spoofing, which originates from a loophole in Windows kernel-mode drivers handling mechanism. They heavily bear on open-source utilities that were primarily designed for temporal circumvention of drivers signing, which is a far too big delay when it comes to evaluations. Cybercriminals though do not do any tests, and do hit… Continue reading Forged Driver Signatures Exploited In The Wild
Scammers are using a misleading GitHub page to distribute Legion Stealer to fans of rogue PUBG games. Under the guise of cheats, users download malware. Legion Stealer Attacks PUBG Players Cyble Research and Intelligence Labs (CRIL) recently uncovered a fraudulent GitHub page pretending to be a PUBG bypass hack project. However, instead of providing game… Continue reading Legion Stealer targeting PUBG players
Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign… Continue reading PlugX malware attacks European diplomats
New update of RustBucket Malware introduced several changes. Now the malware is more securely fixed in the systems of its victims and evades detection by security software. Though the most concerning feature there is its enhanced ability to attack macOS. What is RustBucket malware? Researchers from Jamf Threat Lab discovered RustBucket in the spring of… Continue reading RustBucket Malware Attacks MacOS More Effectively
Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy. A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different web browsers. Its fundamental spreading way circulates fake updates – pop-ups and banners that… Continue reading RedEnergy Stealer-as-a-Ransomware On The Rise