Bitdefender researchers talked about a new modular BHUNT malware that steals the contents of cryptocurrency wallets, passwords and secret phrases. The new malware is spreading all over the world: in Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain and the USA. The exact mechanism for delivering malware to users’ machines is… Continue reading New BHUNT malware hunts for cryptocurrency wallets
Tag: Malware
Malware vs. Virus. Difference explained
The topic of this small post is malware vs. virus conceptual clarification. We remember times when people used to call any harmful program a “virus”. Today this “malware” term popped out! How do these words correlate? People seem to use them freely and arbitrarily. But is such usage correct? Let’s investigate. For those who are… Continue reading Malware vs. Virus. Difference explained
The FBI believes that the HelloKitty cryptor is controlled by operators from Ukraine
A medical organization from Oregon, which recently reported a breach and data leak, accidentally made it clear that, according to the FBI, HelloKitty (FiveHands) malware is controlled by operators from the territory of Ukraine. As a rule, law enforcement agencies do not disclose the collected information about hacker groups while the process of gathering evidence,… Continue reading The FBI believes that the HelloKitty cryptor is controlled by operators from Ukraine
Emotet now installs Cobalt Strike beacons
The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons
Google Stops Glupteba Botnet and Sues Two Russians
Google representatives said that they stopped the work of the Glupteba botnet: they deleted the accounts, and also disabled the servers and domains associated with it. In addition, the company has filed a lawsuit against the Russians Dmitry Starovikov and Alexander Filippov, which are accused of creating and operating a botnet. According to an expert… Continue reading Google Stops Glupteba Botnet and Sues Two Russians
Experts discovered ESPecter UEFI bootkit used for espionage
ESET experts discovered the previously unknown ESPecter UEFI bootkit, which was used for targeted attacks and espionage. So far, experts do not associate ESPecter with any specific hack groups or countries. UEFI attacks are the holy grail for hackers. After all, UEFI is loaded before the operating system and controls all processes at an “early… Continue reading Experts discovered ESPecter UEFI bootkit used for espionage
Malware developers increase use of the unusual programming languages
BlackBerry Research & Intelligence analysts have found that criminals are increasingly turning to unusual and exotic programming languages while working on malware, thus making it difficult to analyse their malware, reverse engineer it, and make it difficult for security tools that rely on signatures. According to the company, the talk is about about languages such… Continue reading Malware developers increase use of the unusual programming languages
Scammers distribute fake Windows 11 installers
Fraudsters explore curiosity about the release of Windows 11 to distribute fake OS installers stuffed with malware, adware and other threats, Kaspersky Lab reports. Despite the fact that the process of downloading and installing Windows 11 from the official Microsoft website is very simple and straightforward, the researchers say that many are still trying to… Continue reading Scammers distribute fake Windows 11 installers
Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems
The developers of the DirtyMoe botnet (which was assessed as insignificant) added to it a worm-like spreading module, after which the malware infected more than 100,000 Windows systems. The DirtyMoe botnet which allegedly runs from China, has grown exponentially over the past year. If in 2020 it consisted of 10 thousand infected systems, then in… Continue reading Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems
TeamTNT mining botnet infected over 50,000 systems in three months
Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months