Archive for April, 2019

APT34 hacking tools and victim data leaked on a secretive Telegram channel since last month. Continue reading

Checkpoint’s researchers, with the help of Craig Silverman at BuzzFeed, have uncovered a series of applications conducting fraudulent activities against Ad Agencies. Craig Silverman reached out to Check Point with the leads for the applications as a part of his story. The malware found from those leads, dubbed ‘PreAMo’, imitates the user by clicking on banners retrieved from three ad agencies – Presage, Admob, and Mopub. Continue reading

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this post. Continue reading

US Immigration and Customs Enforcement (Ice) violated Facebook policy by creating fake social media profiles tied to the University of Farmington, a sham university it created to identify people committing immigration fraud. Continue reading

Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer. Continue reading

The activity of Russian-linked Twitter bots and trolls spiked after the release of the Mueller Report, George Kamide, Director at digital risk protection provider SafeGuard Cyber told ZDNet today. Continue reading

Donot (APT-C-35), named and tracked by PatchSky TIC, is an attack group that mainly targets countries such as Pakistan in South Asia. This APT group usually carries out target attacks against government agencies to steal sensitive information. In addition to spreading malware via spear fishing email with Office attachment containing either vulnerability or malicious macro, this group is particularly good at leveraging malicious Android APKs in the target attacks. Continue reading

Since 2007, the highly successful banking Trojan called Ursnif has been making waves. Once found in the popular Gozi banking Trojan, Ursnif has been around in one form or another for over ten years. Researchers recently noticed that over time and with the help of hackers, Ursnif has reinvented itself bigger and sneakier than ever before. Continue reading

If ransomware is a cybercriminal’s friend, the new ransomware called Virobot, is their best friend – ever. Discovered just last month, Virobot is a one-stop-shop malware that uses ransomware, keylogging, and botnets – a triple threat. Traditionally, ransomware attacks enter through opened phishing emails and clicked attachments. It then it freezes computers and encrypts their data, rendering them useless. Continue reading

Hacker Gnosticplayers has stolen over 932 million user records from 44 companies. Continue reading