Threat intelligence research team Cisco Talos has discovered a cryptocurrency mining botnet attack dubbed Prometei. The main purpose of the actor is to deploy users’ computer systems to mine Monero (XMR). Another possible goal is to steal Bitcoin (BTC) wallets that might be protected by passwords stolen with open-source app Mimikatz.
#Malware
According to cyber-security firm ESET, the trojan Mekotio, which is known for stealing banking credentials, now directly targets cryptocurrencies.
ESET researchers have discovered a new major privacy threat within a “long-running cyber-espionage campaign” in the Middle East. The new malicious agent is an Android messenger app Welcome Chat. The rogue app is believed to be linked to the Gaza Hackers group a.k.a Molerats.
Researchers from cybersecurity company ESET have published a comprehensive paper on a little-known but apparently quite dangerous advanced persistent threat (APT) group Evilnum. The research outlines the major directions of the group’s attacks and evaluates its threat level.
The global deployment of spy and stalking applications has surged by as much as 51% since the world’s governments introduced the lockdown in March, 2020. Stalkerware is software or apps designed to monitor and track the target person’s location, intercept emails, messages, and eavesdrop on phone calls without the victim’s consent, among other things.
A group of researchers at cybersecurity firm Cybereason has detected an upgraded version of FakeSpy, a malware targeting the Android mobile operating system that originally appeared in late 2017. The malware is designed to steal users’ personal information such as financial and application data, contact lists, as well as steal and manipulate SMS messages.
Amnesty Tech, a global collective of researchers, hackers, and advocates campaigning for human rights, has claimed that Israeli tech company NSO Group committed a government-backed surveillance operation over journalists.
As of May 2020, Google’s Chrome Web Store has reportedly been hit with the most massive surveillance campaign so far, which managed to steal data from users around the world through over 32 million downloads of malicious extensions.
Threat actors are now exploiting the Black Lives Matter campaign to distribute malware via email, which lures users to open an attached Microsoft Word file to “leave a review confidentially about Black Lives Matter.” The phishing emails’ subject line goes as “Vote anonymous about ‘Black Lives Matter.’”
Researchers from cybersecurity firm ESET have detected a modified version of ComRAT malware, which now targets Gmail users to steal confidential documents. In addition to misappropriation of documents, the trojan collects information about the network, Microsoft Windows configurations, and the Archive Directory groups or users.
An updated version of the AnarchyGrabber trojan has begun circulating the Internet posing a threat to the communication app Discord users. The malware is reportedly geared to steal users’ passwords and tokens, disable two-factor authentication (2FA), and even spread the attack on a victim’s contacts, Bleeping Computer reported on May 24.
Since October 2019, Facebook and it’s subsidiary WhatsApp have been fighting in court with an Israeli spyware firm NSO Group, claiming that the firm used WhatsApp to facilitate spyware distribution. Although the conclusion is yet to be reached, the case brought up interesting notions about NSO Group and the situation with users’ privacy. But nevermind […]