Cybercrime, Asyncrat campaign via payment request
The email false xlsx points to a fake site with a zip document. This contains a VBS with a powershell which downloads the malware. C2 is the same as RemcosRAT.
Cybercrime, Joker infected more than 500,000 Huawei devices
Doctor Web cybersecurity experts: The malware has been downloaded from the official Android AppGallery. Main function: to subscribe users to paid mobile services.
Cybercrime, Vidar campaign via fake SWIFT payment
The email xz attachment contains an exe, the malware itself. This is an info stealer, which targets passwords, credit cards and cryptocurrency wallets.
Cyber Espionage, APT34 is back with a new backdoor: SideTwist
CheckPoint cybersecurity experts: The Iranian threat actor, aka OilRig, used the malware in a campaign on a Lebanese target.
Cybercrime, REvil evolves again: now changes password to auto-login in Safe Mode
Bleeping Computer: The ransomware automates file encryption via Safe Mode with the “DTrump4ever” password, as the sample discovered by R3MRUM.
Cybercrime, Poulight is disguised as a txt file in a new phishing campaign
360 Total Security cybersecurity experts: The attackers spread the malware using RLO technology. It’s a trojan which steals info.
Cyber Espionage, North Korea’s hackers exploit military security magazines
ASEC cybersecurity experts: An APT uses the April issue of a monthly magazine in Word to distribute targeted malware.
Cybercrime, Ursnif / Gozi is now delivered with the IcedID template
The attack is part of the TA551 (Shathak) campaign. The xlsm file in the email zip attachment contacts internal URLs to download the dll, starting malware infection.
Cybercrime, phishing/smishing scams of fake COVID-19 vaccine surveys
The US DoJ: The bait is a gift for filling it out, but in reality the objective is just to steal personal and credit cards information.
Cybercrime, great wave of IcedID attacks via mail zip attachments
Each contains a different xls file that contacts a url from an internal list of five and downloads the dll activating the malware infection.