Tag Archive for: attacking

LightSpy Malware Attacking Android and iOS Users

/in


A new malware known as LightSpy has been targeting Android and iOS users.

This sophisticated surveillance tool raises alarms across the cybersecurity community due to its extensive capabilities to exfiltrate sensitive user data.

LightSpy is a modular malware implant designed to infiltrate mobile devices. With variants for both Android and iOS platforms, it represents a significant threat to user privacy.

The malware’s extensive functionality allows it to harvest a wide range of personal information from infected devices.

Technical Details of the Attack

LightSpy is engineered to siphon off a variety of data from the victim’s device, including:

  • GPS location data
  • SMS messages
  • Data from messenger apps
  • Phone call history
  • Browser history

Document

Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .

Moreover, LightSpy can remotely execute shell commands and record voice-over IP (VOIP) call sessions, adding to its surveillance capabilities.

Broadcom’s latest blog post highlights the LightSpy malware implant’s technicalities and impact on targeted devices.

The malware is known to spread through various means, including phishing campaigns and compromised websites.

Once a device is infected, LightSpy operates stealthily, often undetected by the user.

The modular nature of LightSpy means it can be updated with new capabilities post-infection, making it a remarkably resilient and adaptable threat.

Impact on Users

The implications of such a malware infection are severe.

Users’ private information can be compromised, leading to potential identity theft, financial loss, and personal safety concerns.

The ability to track browser history and communications in real time provides malicious actors with a wealth of information that can be exploited.

Users are advised to keep their security software up to date and to be cautious of unrequested communications that could serve as potential infection vectors.

The emergence of LightSpy malware is a stark reminder of the evolving…

Source…

Malware Alert! Hackers Attacking Indian Android users

/in


A new malware campaign has been identified targeting Android users in India.

This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age.

Symantec, a global leader in cybersecurity, has stepped up to protect users from this emerging threat.

The Rise of Malicious APKs

The campaign has been meticulously designed to spread malware through APK packages disguised as legitimate applications.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

These applications, which appear to offer services such as customer support, online bookings, billing, or courier services, are vehicles for a range of malicious activities.

Once installed, the malware targets the theft of banking information, SMS messages, and other confidential data from victims’ devices.

This strategy of disguising malicious software as harmless applications is not new but remains highly influential.

The attackers exploit the trust users place in app downloads, particularly those offering valuable services.

Broadcom has recently released a report on a Malware-as-a-Service (MaaS) campaign specifically targeting Android users in India.

The attack represents a threat to the security of Android devices in the region and can potentially cause significant damage to individuals and organizations.

Symantec has identified the malware through its robust security systems, classifying it under two main categories:

Mobile-based Threats:

  • Android.Reputation.2
  • AppRisk: Generisk

Web-based Threats:

The campaign’s infrastructure, including observed domains and IPs, falls under security categories protected by…

Source…

VileRAT Attacking Windows Machines via Malicious Software

/in


A new variant of VileRAT is being distributed through fake software pirate websites to infect Windows systems on a large scale.

This Python-based VileRAT malware family is believed to be specific to the Evilnum threat group, DeathStalker, which has been active since August 2023.

It is frequently observed being spread by the VileLoader loader, which is designed to run VileRAT in-memory and limit on-disk artifacts. 

It functions similarly to conventional remote access tools, allowing attackers to record keystrokes, run commands, and obtain information remotely. Because VileRAT is extensible and modular, actors can use the framework to implement new features.

According to public reports, Evilnum is a hacker-for-hire service with a history of attacking governments, legal offices, financial institutions, and cryptocurrency-related organizations in the Middle East, the UK, the EU, and the Americas.

Document

Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

New Variants of VileRAT

Researchers at Stairwell have seen new activity and VileRAT variants spread through modified, legitimate installers that also carry VileLoader.

Kaspersky reported that in the past, the infection was distributed via malicious documents and LNK files, as well as utilizing companies’ public chatbots. 

New TTP in contrast with their past use of malicious documents

It relies on a malicious Nulloy media player installer that is used to deploy VileLoader. VileLoader is packaged in the Nulloy installer and launched by the NSIS install script.

This copy of VileLoader (NvStTest.exe) is a modified version of a legitimate NVIDIA 3D Vision Test Application.

“VileRAT’s core component is stored in a compressed, Xored, and base64 encoded buffer within the payload unpacked from VileLoader. The decoded output contains a JSON configuration for the implant, containing the time VileRAT was started, control servers, and the encryption key for C2 communication, ” researchers explain.

Final…

Source…

Ransomware gang demands €10 million after attacking Spanish council

/in


The mayor of Calvià, a municipality on the Spanish island of Majorca, has said the city council will not be paying an approximately €10 million extortion fee demanded by criminals following a ransomware attack.

Calvià, a region on the southwestern part of the resort island, has around 50,000 residents who have been informed that the council is working to “recover normality as soon as possible.”

In a statement on the council’s website, it confirmed that a crisis cabinet had been formed to evaluate the scope of the cyberattack, which was discovered on Saturday morning.

“The IT Service, accompanied by a team of specialists, is working on the mandatory forensic analyses, as well as on the recovery processes of our affected services,” the statement said.

Mayor Juan Antonio Amengual has said he will not consider paying the extortion fee, as reported by the Majorca Daily Bulletin. He also released a video statement on social media.

Spain was among the Counter Ransomware Initiative signatories that last year pledged “relevant institutions under the authority of our national government should not pay ransomware extortion demands.”

As a result of the attack on Calvià, the council has had to temporarily suspend all administrative deadlines — for instance the submission of civil claims and requests — until the end of January.

The city council said it had contacted the cybercrime department of the Civil Guard and shared its preliminary forensic analysis.

“The city council deeply regrets the inconvenience that this situation may cause and reiterates its firm commitment to resolve the current situation in the most orderly, rapid and effective manner possible,” the website said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Source…