Roughly 100 organizations were targeted in a large scale spear-phishing attack during early July by a malspam campaign distributing LokiBot information stealer payloads.
A new and actively distributed malware strain dubbed Masad Stealer steals files, browser information, and cryptocurrency wallet data from infected computers that get sent back to its masters using Telegram as a communication channel.
Security researchers discovered a malspam campaign distributing LokiBot information stealer payloads using phishing messages targeting the employees of a large U.S. manufacturing company.
Security researchers discovered a new variant of the PsiXBot modular malware with a new sextortion module and designed to use Google's DNS over HTTPS (DoH) service to get command and control (C2) domain addresses.
Security researchers discovered a new Android Trojan with malware dropper and spyware capabilities in 24 Google Play Store apps with more than 472,000 downloads in total.
A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.
A new malicious campaign is actively distributing a new Astaroth Trojan variant by abusing the Cloudflare Workers serverless computing platform to avoid detection and block automated analysis attempts.
The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.
The authors behind LokiBot info-stealer have turned to steganography to add a new layer of obfuscation, the researchers discovered in a recent variant of the malware.
A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers.
Attackers have been observed targeting businesses on a worldwide scale during the last two months with the HawkEye keylogger malware according to a report from IBM X-Force.
Attackers are targeting potential victims using a malicious AutoHotkey script to avoid detection and to steal information, to drop more payloads, and to remotely access compromised machines using TeamViewer.
An advanced breed of information stealer called Baldr is being peddled on cybercrime forums. It appears that it is in the running for the long haul as it relies on short development cycles to iron the wrinkles and get new capabilities.
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.