top of page

Cybersecurity Bulletin: Malware Attacks, Hidden Trojans and Advanced Ransomware


The content provided related security topics in the area of ​​servers and malware. The main categories are "Malware" and "Vulnerabilities".


First, researchers at Trellix Advanced Research Center discovered multiple fake antivirus websites that distribute information-stealing malware. These sites, which pose as legitimate products from Avast, Bitdefender and Malwarebytes, include domains such as avast-securedownload.com, bitdefender-app.com y malwarebytes.pro. The types of malware distributed include the SpyNote Trojan and the Lumma and StealC information stealers. The researchers also identified a malicious binary (AMCoreDat.exe) that pretends to be legitimate.


In other news, hackers are using a clone of the Minesweeper game in Python to hide malicious scripts and attack financial organizations in Europe and the US. Identified as 'UAC-0188', the attackers use the Minesweeper code to download and install SuperOps RMM , a legitimate remote management software, through emails that encourage you to download files from Dropbox.


The resurgence of CatDDos attacks is also mentioned. The XLab report shows an increase in the activity of CatDDoS botnets, derived from Mirai, exploiting more than 80 vulnerabilities. The attacks, which exceed 300 daily, are focused on the US, France, Germany, Brazil and China, and affect various industries. Botnets have spawned variants such as RebirthLTD and Komaru, showing their adaptability.


Finally, ShrinkLocker is mentioned, which is a new ransomware threat that uses Microsoft's BitLocker to encrypt corporate data. The attacks, which have affected industrial, pharmaceutical and government sectors, use a VBS script to hijack BitLocker, encrypt volumes and steal decryption keys.


For more details of the weekly newsletter: Clic here.

0 views0 comments

Comments


bottom of page