Search cyberveille.decio.ch

Found 87 bookmarks

Custom sorting

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

A cascade of compromise: unveiling Lazarus' new campaign

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

#securelist #EN #2023 #Backdoor #Lazarus #Malware-Descriptions #SIGNBT

·securelist.com·Oct 27, 2023

A cascade of compromise: unveiling Lazarus' new campaign

Disclosing the BLOODALCHEMY backdoor

BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.

#elastic.co #EN #2023 #BLOODALCHEMY #backdoor #REF5961 #analysis

·elastic.co·Oct 15, 2023

Disclosing the BLOODALCHEMY backdoor

Trojanized Free Download Manager found to contain a Linux backdoor

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.

#securelist #EN #2023 #Backdoor #Linux #Malware #Supply-chain-attack #Download-Manager

·securelist.com·Sep 14, 2023

Trojanized Free Download Manager found to contain a Linux backdoor

TETRA Radio Code Encryption Has a Flaw: A Backdoor

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

#wired #EN #2023 #TETRA #encryption #cipher #Flaw #Backdoor #police

·wired.com·Jul 30, 2023

TETRA Radio Code Encryption Has a Flaw: A Backdoor

Emerging Threat! Exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

#elastic.co #EN #2023 #JOKERSPY #macOS #Python #backdoor

·elastic.co·Jun 22, 2023

Emerging Threat! Exposing JOKERSPY

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.

#bitdefender #EN #2023 #macOS #malware #Cross-Platform #Backdoor

·bitdefender.com·Jun 22, 2023

Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

#wired #EN #2023 #US #China #chipmaker #cybersecurity #china #encryption #national-security #Supply-Chain #backdoor

·wired.com·Jun 17, 2023

A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.

#securelist #APT #Backdoor #Data-theft #Lazarus #Malware-Descriptions #Gopuram #guard64.dll #3CX

·securelist.com·Apr 4, 2023

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

A Backdoor with Smart Screenshot Capability

Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.

#sans #EN #2023 #python #backdoor #Screenshot

·isc.sans.edu·Feb 9, 2023

A Backdoor with Smart Screenshot Capability

PNG Steganography Hides Backdoor

Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.

#avast #EN #2022 #PNG #backdoor #Worok #analysis #toolset #Steganography

·decoded.avast.io·Nov 12, 2022

PNG Steganography Hides Backdoor

From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind

A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.

#mandiant #EN #2022 #URSNIF #backdoor #Banking #malware #Gozi #CUTWAIL #spam

·mandiant.com·Oct 21, 2022

From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…

#DCSO_CyTec #EN #2022 #Medium #Maggie #backdoor #malware #MicrosoftSQL #servers

·medium.com·Oct 5, 2022

MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

Espionage group begins using new backdoor that leverages rarely seen steganography technique.

#symantec #EN #2022 #Witchetty #Espionage #backdoor #steganography #LookingFrog #IoCs

·symantec-enterprise-blogs.security.com·Sep 30, 2022

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."

#thehackernews #EN #2022 #PRODAFT #TeslaGun #ServHelper #Backdoor #Analysis

·thehackernews.com·Sep 6, 2022

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

#securelist #EN #2022 #APT #Backdoor #Malware #Microsoft #Exchange #Targeted #IIS-attacks #Vulnerabilities #GELSEMIUM

·securelist.com·Jun 30, 2022

The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact

SeaFlower 藏海花 A backdoor targeting iOS web3 wallets

Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.

#objective-see #EN #2022 #web3 #iOS #backdoor #wallet #SeaFlower

·objective-see.org·Jun 13, 2022

SeaFlower 藏海花 A backdoor targeting iOS web3 wallets

Lyceum .NET DNS Backdoor

The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.

#zscaler #EN #2022 #Lyceum #APT #DNS #hijacking #Backdoor #research

·zscaler.com·Jun 13, 2022

Lyceum .NET DNS Backdoor

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

BPFDoor — an active Chinese global surveillance tool

Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen…

#doublepulsar #EN #2022 #BPFDoor #nix #unix #surveillance #Chinese #implant #backdoor

·doublepulsar.com·May 7, 2022

BPFDoor — an active Chinese global surveillance tool

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft's Official Store

New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store