Attackers Can Use GitHub Codespaces to Host and Deliver Malware

Trend Micro reports that the GitHub Codespaces cloud development environment, available to the public use since November 2022, can be used to store and deliver malware, as well as malicious scripts. Let me remind you that we also talked about Hackers Bypass CAPTCHA on GitHub to Automate Account Creation, and also that Hackers compromised Slack… Continue reading Attackers Can Use GitHub Codespaces to Host and Deliver Malware

Hackers Are Misusing Google Ads to Spread Malware

Malware operators and other hackers are increasingly abusing Google Ads to distribute malware to users who are looking for popular software. So, you can encounter malicious ads when searching for Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave. Let me remind you that we also wrote… Continue reading Hackers Are Misusing Google Ads to Spread Malware

Raspberry Robin Worm Uses Fake Malware to Trick Security Researchers

The Raspberry Robin worm uses new tactics to evade detection and seeks to confuse security experts if it runs in a sandbox or notices debugging tools. To do this, the malware uses fake payloads, Trend Micro experts say. Let me remind you that Raspberry Robin is a dropper that has the functionality of a worm,… Continue reading Raspberry Robin Worm Uses Fake Malware to Trick Security Researchers

Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

Chinese Hackers Injected a Backdoor into the MiMi Messenger

SEKOIA and Trend Micro specialists published reports on the activity of the Chinese hack group APT27 (aka Emissary Panda, Iron Tiger, and LuckyMouse) and said that hackers introduced a backdoor into the MiMi messenger. The attackers have created a cross-platform malicious version of the Chinese messenger MiMi (秘密, “secret” in Chinese), and use it to… Continue reading Chinese Hackers Injected a Backdoor into the MiMi Messenger

Experts Find Similarities Between LockBit and BlackMatter

Cybersecurity researchers have confirmed similarities between the latest iteration of LockBit ransomware and BlackMatter. A new version of LockBit 3.0 (LockBit Black) was released in June 2022, along with a new leak site and the first Bug Bounty program on the dark web. You may also be interested in reading: Conti vs. LockBit 2.0 –… Continue reading Experts Find Similarities Between LockBit and BlackMatter

Conti vs. LockBit 2.0 – a Trend Micro Research in Brief

Trend Micro, a Japanese IT security company, has published a thorough comparison of behaviors of two major ransomware groups: Conti and LockBit 2.0. Here you can read a shorter summary of what they found out. Conti and LockBit 2.0 are outstanding operators regarding how many targets they managed to attack. The period analyzed is from… Continue reading Conti vs. LockBit 2.0 – a Trend Micro Research in Brief

Cybersecurity researchers discovered Chinese hack group Earth Lusca

According to a Trend Micro report, the Chinese cyber-espionage hack group Earth Lusca not only monitors strategic targets, but also engages in financially motivated attacks for profit. The researchers write that in recent years, the hack group has been spying on a variety of targets that could be of interest to the Chinese government, for… Continue reading Cybersecurity researchers discovered Chinese hack group Earth Lusca

Experts list 15 most attacked Linux vulnerabilities

Trend Micro has published a list of the top threats and most attacked vulnerabilities for Linux in the first half of 2021. The results were obtained from honeypots, sensors and anonymous telemetry. In total, the company recorded about 15,000,000 malicious events targeting Linux-based cloud environments and estimates that miners and ransomware account for 54% of… Continue reading Experts list 15 most attacked Linux vulnerabilities

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months