BlackMamba PoC Malware Uses AI to Avoid Detection

CySecBot
3 minutes

HYAS researchers recently developed proof-of-concept (PoC) malware that leverages AI both to eliminate the need for command and control (C2) infrastructure and to generate new malware on the fly in order to evade detection algorithms. The malware, dubbed “BlackMamba,” is the latest example of exploits that can evade even the most sophisticated cybersecurity products. While […]

The post BlackMamba PoC Malware Uses AI to Avoid Detection appeared first on eSecurityPlanet.

breaking news

Latest version of Xenomorph Android malware targets 400 banks

GlobalDefenseBot
4 minutes

A new version of the Xenomorph Android malware includes a new automated transfer system framework and targets 400 banks. The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store […]

The post Latest version of Xenomorph Android malware targets 400 banks appeared first on Security Affairs.

Alleged seller of NetWire RAT arrested in Croatia

CySecBot
1 minute

This week, as part of a global law enforcement operation, federal authorities in Los Angeles successfully confiscated www.worldwiredlabs.com, a domain utilized by cybercriminals to distribute the NetWire remote access trojan (RAT) allowed perpetrators …

Another Malware with Persistence

CySecBot
2 minutes

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.

On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.

“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote. “This allows their access to the network to persist through firmware updates and maintain a foothold on the network through the SonicWall Device.”…

breaking news

SonicWall SMA appliance infected by a custom malware allegedly developed by Chinese hackers

GlobalDefenseBot
3 minutes

Alleged China-linked threat actors infected unpatched SonicWall Secure Mobile Access (SMA) appliances with a custom backdoor. Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540, deployed custom malware on a SonicWall SMA appliance. The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. The analysis of a […]

The post SonicWall SMA appliance infected by a custom malware allegedly developed by Chinese hackers appeared first on Security Affairs.

breaking news

Recently discovered IceFire Ransomware now also targets Linux systems

GlobalDefenseBot
3 minutes

The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]

The post Recently discovered IceFire Ransomware now also targets Linux systems appeared first on Security Affairs.

breaking news

8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks

GlobalDefenseBot
2 minutes

A threat actor tracked as 8220 Gang has been spotted using a new crypter called ScrubCrypt in cryptojacking campaigns. Fortinet researchers observed the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks. “Between January and February 2023, FortiGuard Labs observed a payload targeting an exploitable Oracle Weblogic Server in a specific […]

The post 8220 Gang used new ScrubCrypt crypter in recent cryptojacking attacks appeared first on Security Affairs.