malware
BadBox malware botnet infects 192,000 Android devices despite disruption
The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. Researchers from BitSight warn that the malware appears to have expanded its targeting scope beyond no-name Chinese Android devices, now infecting more well-known and trusted brands like Yandex TVs […]
Android malware found on Amazon Appstore disguised as health app
A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. The application was discovered by McAfee Labs researchers, who notified Amazon, leading to the application being removed from the store. However, those who installed the app must manually […]
Juniper warns of Mirai botnet targeting Session Smart routers
Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities. The campaign was first observed on December 11, […]
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. According to unsealed court documents, Sokolovsky (also known as raccoon-stealer, Photix, and black21jack77777) and his conspirators rented the malware to other threat actors under a MaaS (malware-as-a-service) model for $75 per week or $200 […]
‘Bitter’ cyberspies target defense orgs with new MiyaRAT malware
A cyberespionage threat group known as ‘Bitter’ was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. MiyaRAT is used alongside the WmRAT malware, which is cyberespionage malware previously associated with Bitter. Proofpoint discovered the campaign and reports that the new malware is likely reserved for high-value targets, deployed only sporadically. Bitter […]
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. As a private industry notification (PIN) published on Monday explains, the attackers focus their attacks on Chinese-branded devices that are still waiting for security patches or have already reached the end […]
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. The campaign leveraged the Monetag ad network to propagate over one million ad impressions daily across three thousand websites. The malicious operation, dubbed “DeceptionAds” by Guardio Labs […]
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named ‘NoviSpy,’ used to spy on activists, journalists, and protestors. One of the Qualcomm flaws linked to the attacks is CVE-2024-43047, which was marked as an actively exploited zero-day vulnerability by Google Project Zero in October 2024 and received a fix on Android in […]
New stealthy Pumakit Linux rootkit malware spotted in the wild
A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit. Elastic Security discovered Pumakit in a suspicious binary (‘cron’) upload […]
New IOCONTROL malware used in critical infrastructure attacks
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. Targeted devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), IP cameras, firewalls, and fuel management systems. The malware’s modular nature makes it capable of […]