Cybercrime, Loda RAT is back with new versions
Cisco Talos cybersecurity experts: The 1.1.1 malware added a Powershell keylogger and a VB script. The 1.1.7 update removed them, focusing on stealing passwords and cookies from browsers.
Cyber Espionage, Iran still targets Lebanon government
Cyber security experts found an update of the Karkoff implant, used by APT34. It proves that group is still operating and that a new campaign is active. The malware is delivered through spear-phishing emails.
Cybercrime, SWEED is targeting precision engineering companies in Italy
Marco Ramilli, cyber security expert and Yoroi founder: The attacker, pretended to be a customer, sent to victims an email containing Microsoft XLS file, without Macro but with hidden malware.
Cybercrime, Gustuff Android banking trojan is back with new features
Cisco Talos cyber security experts: The malware still attacks Australia and spreads via SMS. But latest version no longer has hardcoded package names and added a “poor man scripting engine”.
Cybercrime increase the use of ODT files to distribute malware
Cisco Talos cyber security experts found there campaigns that leverage OpenDocument Text format. But could be more in the future. Targets today are English and Arabic-speaking users.
Cybercrime: here it comes Divergent a new fileless malware
Cisco Talos cyber security experts: It uses the system registry to bypass anti-virus scanning, a registry key to maintain persistence and PowerShell to install.
Cybercrime is targeting Italy with a new version of JasperLoader
Cisco Talos cyber security experts: It features several changes and improvements to control where the malware can spread and avoid analysis by sandboxes and antivirus.
Qakbot (aka Qbot) malware is evolving with new obfuscation techniques
Cisco Talos Cyber Security experts: The banking trojan is utilizing an updated persistence mechanism that can make it harder for users to detect and remove it.
Is Iran’s APT34 behind the Sea Turtle cyber espionage campaign?
The cyber security experts: There are many similarities on TTPs, targets and purposes. The credential harvesting could be complementary to the WebMask project on DNS Hijack.
Sea Turtle campaign is harvesting credentials in Middle East and North Africa
Cisco Talos cyber security experts: At least 40 organizations across 13 different countries were compromised by a state-sponsored actor who exploits DNS hijacking.