#Trojan #securelist

HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.

#securelist #EN #2024 #HZRat #Apple #MacOS #Backdoor #Instant-Messengers #Malware #Malware-Descriptions #shell #Trojan

·securelist.com·Aug 28, 2024

HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

Leaked LockBit builder in a real-life incident response case | Securelist

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

#securelist #EN #2024 #builder #Data-Encryption #Incident-response #LockBit #Malware #Malware-Technologies #Ransomware #Targeted-attacks #Trojan

·securelist.com·Apr 16, 2024

Leaked LockBit builder in a real-life incident response case | Securelist

A backdoor with a cryptowallet stealer inside cracked macOS software

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

#securelist #EN #2024 #Apple #MacOS #Backdoor #Cryptocurrencies #DNS #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-stealer

·securelist.com·Jan 22, 2024

A backdoor with a cryptowallet stealer inside cracked macOS software

Analysis of a new macOS Trojan-Proxy

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.

#securelist #EN #2023 #MacOS #Trojan #Malware #Trojan-Proxy #Descriptions #Technologies #Piracy #Apple

·securelist.com·Dec 6, 2023

Analysis of a new macOS Trojan-Proxy

DNS changer in malicious mobile app used by Roaming Mantis

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

#securelist #EN #2023 #APT #RoamingMantis #Google-Android #Malware-Descriptions #Shaoye #Malware-Technologies #Mobile-Malware #Targeted-attacks #Trojan

·securelist.com·Jan 20, 2023

DNS changer in malicious mobile app used by Roaming Mantis

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

#securelist #2022 #EN #Malware #Malware-Descriptions #Malware-Technologies #Ransomware #Targeted-attacks #Trojan #Wiper #Albania

·securelist.com·Dec 22, 2022

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.

#securelist #EN #2022 #DLL-hijacking #Malware-Descriptions #Microsoft-Exchange #Trojan #Vulnerabilities-and-exploits #Zero-day #CVE-2022-41040 #CVE-2022-41082 #analysis

·securelist.com·Dec 20, 2022

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Malicious WhatsApp mod distributed through legitimate apps

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.

#securelist #EN #2022 #Trojan #WhatsApp #malicious #Snaptube

·securelist.com·Oct 12, 2022

Malicious WhatsApp mod distributed through legitimate apps

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

#securelist #EN #2022 #NullMixer #dropper #Malware #Malware-Descriptions #Malware-Technologies #Trojan #Trojan-Dropper #Trojan-stealer

·securelist.com·Sep 28, 2022

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

Two more malicious Python packages in the PyPI

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.

#securelist #2022 #EN #PyPI #Credentials-theft #Data-theft #Malware #Open-source #Python #Trojan

·securelist.com·Aug 16, 2022

Two more malicious Python packages in the PyPI

DNS changer in malicious mobile app used by Roaming Mantis

#securelist #EN #2023 #APT #RoamingMantis #Google-Android #Malware-Descriptions #Shaoye #Malware-Technologies #Mobile-Malware #Targeted-attacks #Trojan

·securelist.com·Jan 20, 2023

DNS changer in malicious mobile app used by Roaming Mantis

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

#securelist #2022 #EN #Malware #Malware-Descriptions #Malware-Technologies #Ransomware #Targeted-attacks #Trojan #Wiper #Albania

·securelist.com·Dec 22, 2022

Stolen certificates in two waves of ransomware and wiper attacks | Securelist

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

#securelist #EN #2022 #DLL-hijacking #Malware-Descriptions #Microsoft-Exchange #Trojan #Vulnerabilities-and-exploits #Zero-day #CVE-2022-41040 #CVE-2022-41082 #analysis

·securelist.com·Dec 20, 2022

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Malicious WhatsApp mod distributed through legitimate apps

The malicious version of YoWhatsApp messenger, containing Triada trojan, was spreading through ads in the popular Snaptube app and the Vidmate app's internal store.

#securelist #EN #2022 #Trojan #WhatsApp #malicious #Snaptube

·securelist.com·Oct 12, 2022

Malicious WhatsApp mod distributed through legitimate apps

NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.