Archive for the ‘cybercrime/malcode’ category: Page 10

Feb 2, 2023

Hackers weaponize Microsoft Visual Studio add-ins to push malware

Posted by in category: cybercrime/malcode

Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins.

The technique is an alternative to sneaking into documents VBA macros that fetch malware from an external source.

Since Microsoft announced it would block the execution of VBA and XL4 macros in Office by default, threat actors moved to archives (.ZIP,.ISO) and. LNK shortcut files to distribute their malware.

Feb 2, 2023

Over 1,800 Android phishing forms for sale on cybercrime market

Posted by in categories: cryptocurrencies, cybercrime/malcode, finance, robotics/AI

A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps.

The overlays are compatible with various Android banking malware and mimic apps operated by major organizations used in dozens of countries on almost all continents.

Being available in such numbers and at low prices, allows cybercriminals to focus on other parts of their campaigns, development of the malware, and to widen their attack to other regions.

Feb 2, 2023

Performing matrix multiplications at the speed of light for enhanced cybersecurity

Posted by in categories: cybercrime/malcode, mathematics, robotics/AI

“All things are numbers,” avowed Pythagoras. Today, 25 centuries later, algebra and mathematics are everywhere in our lives, whether we see them or not. The Cambrian-like explosion of artificial intelligence (AI) brought numbers even closer to us all, since technological evolution allows for parallel processing of a vast amounts of operations.

Progressively, operations between scalars (numbers) were parallelized into operations between vectors, and subsequently, matrices. Multiplication between matrices now trends as the most time-and energy-demanding operation of contemporary AI computational systems. A technique called “tiled matrix multiplication” (TMM) helps to speed computation by decomposing matrix operations into smaller tiles to be computed by the same system in consecutive time slots. But modern electronic AI engines, employing transistors, are approaching their intrinsic limits and can hardly compute at clock-frequencies higher than ~2 GHz.

The compelling credentials of light—ultrahigh speeds and significant energy and footprint savings—offer a solution. Recently a team of photonic researchers of the WinPhos Research group, led by Prof. Nikos Pleros from the Aristotle University of Thessaloniki, harnessed the power of light to develop a compact silicon photonic computer engine capable of computing TMMs at a record-high 50 GHz clock frequency.

Jan 31, 2023

Watch Out, Software Engineers: ChatGPT Is Now Finding, Fixing Bugs in Code

Posted by in category: cybercrime/malcode

A new study asks ChatGPT to find bugs in sample code and suggest a fix. It works better than existing programs, fixing 31 out of 40 bugs.

Jan 31, 2023

Cancer treatments boosted by immune-cell hacking

Posted by in categories: biotech/medical, cybercrime/malcode

Year 2022 face_with_colon_three

Precision-controlled CAR-T-cell immunotherapies could be used to tackle a range of tumour types.

Jan 29, 2023

Gootkit Malware Continues to Evolve with New Components and Obfuscations

Posted by in categories: business, cybercrime/malcode

The threat actors associated with the Gootkit malware have made “notable changes” to their toolset, adding new components and obfuscations to their infection chains.

Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is “exclusive to this group.”

Gootkit, also called Gootloader, is spread through compromised websites that victims are tricked into visiting when searching for business-related documents like agreements and contracts via a technique called search engine optimization (SEO) poisoning.

Jan 28, 2023

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

Posted by in category: cybercrime/malcode

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona “badbullzvenom.”

ESentire’s Threat Response Unit (TRU), in an exhaustive report published following a 16-month-long investigation, said it “found multiple mentions of the badbullzvenom account being shared between two people.”

The second threat actor, known as Frapstar, is said to identify themselves as “Chuck from Montreal,” enabling the cybersecurity firm to piece together the criminal actor’s digital footprint.

Jan 28, 2023

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Posted by in category: cybercrime/malcode

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.

“This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system,” Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said. “A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks.”

The cybersecurity company said it uncovered the artifact during an incident response effort following a Black Basta ransomware attack against an unnamed victim. Among other tools discovered in the compromised environment include the Gootkit malware loader and the Brute Ratel C4 red team framework.

Jan 27, 2023

After Google Docs, hackers turn to Microsoft OneNote to target users with malware

Posted by in categories: cybercrime/malcode, finance

Cyber attackers around the world are looking at alternate file attachment types to trap users with phishing and malware attacks, according to a report by Bleeping Computer. The alternate attachment types come in the form of online, open-source file attachments, and the latest type that has now been spotted includes Microsoft OneNote files. According to the report, hackers are exploiting OneNote attachments in emails to trick users into downloading malware.

The report stated that hackers switched to OneNote, Microsoft’s online note-taking alternative to Word, after the company disabled ‘macros’ by default in email attachments. The latter, which refer to code snippets that execute a command upon a user opening the email attachment, were long since used by attackers to get users to download malware attachments.

By using macros, hackers would store malware within Microsoft Word or Excel documents. Once a user opened the attachment, the malware would get triggered automatically. These malware, in turn, could be used for a wide range of attacks — including remote code execution, botnets, financial or identity theft, or even spyware.

Jan 26, 2023

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings

Posted by in categories: cybercrime/malcode, mobile phones

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.

Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

Roaming Mantis, also known as Shaoye, is a long-running financially motivated operation that singles out Android smartphone users with malware capable of stealing bank account credentials as well as harvesting other kinds of sensitive information.

Page 10 of 170First7891011121314Last