growing threat Archives

Winsage

February 19, 2025

This high-risk keylogger malware is a growing threat to Windows users

Recent reports indicate a surge in the activity of the Snake keylogger, also known as the 404 Keylogger, linked to over 280 million attack attempts since the start of the year. At its peak, it was responsible for as many as 14 million infection attempts in a single day. The malware can log keystrokes and extract personally identifiable information, including geolocation data, transmitting this data back to its command server through channels like SMTP, Telegram bots, and HTTP post requests. The Snake keylogger operates on the AutoIT framework, creating a copy of itself in the Windows Startup folder to ensure execution upon every system restart. It employs advanced obfuscation techniques to evade detection by antivirus software, hiding its malicious code within processes recognized as legitimate by the operating system. The keylogger primarily spreads through sophisticated phishing attacks.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.

Tech Optimizer

February 3, 2025

Thousands of WordPress sites hijacked to spread Windows and Mac malware – how to stay safe

Researchers from c/side have discovered a widespread campaign targeting WordPress sites, resulting in over 10,000 compromised sites that distribute info-stealing malware. The attack exploits outdated versions of WordPress and its plugins, employing a "spray and pay" method that affects anyone visiting the infected sites. Users encounter a fake Chrome browser page prompting them to download a malicious update, which steals personal information such as passwords. The malware includes Atomic Stealer, targeting macOS users, and SocGholish, aimed at Windows systems. To protect against these threats, users should verify download sources, keep software updated, use password managers, and consider identity theft protection services.

AppWizard

February 2, 2025

Google Blocks Over 2 Million Risky Apps to Boost Android Security

In 2024, Google blocked 2.36 million potentially dangerous Android apps from the Play Store, including those that breached policies or were flagged as malicious through AI-assisted reviews. New security features included improved biometric authentication and passkeys. AI-driven threat detection technology automated 92% of human assessments, enhancing the identification of malicious apps. Google expanded its Play SDK database with 80 new reliable SDKs and prevented 1.3 million apps from accessing sensitive user information. The Play Protect system detected over 13 million new malicious apps from outside the Play Store. Google expanded its untrusted APK installation blocking system to Brazil, India, Nigeria, and South Africa. Recommendations for users included installing apps from trusted sources and regularly reviewing app permissions.

Winsage

December 17, 2024

Hackers Exploit Microsoft Management Console to Drop Backdoor Payloads on Windows

The Securonix Threat Research team has identified a phishing campaign called the “FLUX#CONSOLE campaign,” which targets tax-related themes using Microsoft Common Console Document (MSC) files to deliver a backdoor payload. The attack begins with a phishing email containing a decoy PDF titled “Income-Tax-Deduction-and-Rebates202441712.pdf,” which conceals an MSC file that executes malicious payloads. The campaign employs various tactics, including tax-themed lures, exploitation of MSC files, DLL sideloading using DISM.exe, persistence through scheduled tasks, and advanced obfuscation techniques. The attack chain involves tricking users into opening a malicious MSC file disguised as a PDF, which contains XML commands to download or extract a malicious DLL named DismCore.dll. The DLL is sideloaded using Dism.exe, and the malware communicates with a Command-and-Control server at “hxxps://siasat[.]top,” exfiltrating data via encrypted HTTPS traffic. The attackers maintained access for about 24 hours, targeting victims in Pakistan. The tactics used do not align with known advanced persistent threat groups, highlighting the growing threat of MSC files as a delivery method for malware. Indicators of Compromise (IOCs) include the C2 address siasat[.]top and analyzed file hashes for the malicious files involved in the campaign.

AppWizard

December 6, 2024

New Android Spyware Alert—Delete All These Apps Now

Samsung is tightening security measures against apps from unofficial app stores due to a newly discovered threat from a sophisticated malware called DroidBot. Cleafy, a cybersecurity firm, describes DroidBot as an advanced Android Remote Access Trojan (RAT) that combines traditional hidden VNC and overlay functionalities with spyware capabilities, including keylogging and data exfiltration. The malware has infected 77 applications, including those from banking institutions and cryptocurrency exchanges, and is present in countries such as the UK, Italy, France, Spain, and Portugal, with potential expansion into Latin America and the United States. DroidBot operates as Malware as a Service, available for rent to various threat actors, with 17 identified affiliate groups. It disguises itself as popular applications to entice users into downloading it and exploits permissions to operate covertly, particularly using Accessibility Services. Its functionalities include intercepting SMS messages, keylogging, and creating fake login screens to capture user credentials. Users are advised to avoid installing banking apps from unofficial sources, delete any malicious applications, and ensure their devices are secure by enabling Play Protect and keeping the operating system updated. Key safety measures include using official app stores, verifying app developers, being cautious with permissions, avoiding direct download links, and checking the legitimacy of apps claiming to link to established services.

Tech Optimizer

December 4, 2024

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims

A report from the Mac security firm Moonlock highlights concerns about AI-powered malware, particularly the use of tools like ChatGPT by hackers to create viruses and malicious code. There is ongoing debate among Apple users about the necessity of antivirus software, with some believing it slows down system performance while others advocate for caution. Despite the perception that Macs are largely immune to malware, there has been an increase in malware targeting Macs, including from sophisticated threat actors like North Korean hackers. The emergence of AI chatbots raises concerns that novice hackers could develop sophisticated malware. An example cited is a hacker known as 'barboris', who shared code generated by ChatGPT on a malware forum, demonstrating that individuals with minimal coding experience can use AI for malicious purposes. However, experts like Martin Zugec from Bitdefender suggest that the quality of AI-generated malware is generally low, and the current risk remains relatively low due to built-in safeguards in AI tools. More skilled hackers are likely to rely on their expertise and established resources rather than AI-generated outputs.

AppWizard

November 29, 2024

These 3 Android Apps Are Secretly Stealing Your Personal Data

Spyware apps are increasingly prevalent and can be easily accessed, even if removed from mainstream app stores. These applications can be installed manually on Android devices via APK files and are often placed on phones by individuals with physical access. Once installed, spyware can track location, log calls, monitor text messages, access photos, and gather data from messaging platforms without the owner's knowledge. Recent investigations revealed that several spyware apps, including TheTruthSpy, Copy9, and MxSpy, were involved in a significant data breach, exposing vast amounts of personal data stored on easily accessible servers. Victims of this breach often had no way of knowing their data was being collected. Signs of spyware presence on a smartphone include a sudden decline in battery life and unfamiliar apps in the app manager. Users can also check for spyware using a search tool developed by TechCrunch by entering their phone's IMEI number or advertising ID. The rise of spyware apps poses a growing threat as smartphones are integral to daily life, highlighting the need for better regulations and security measures.

AppWizard

September 25, 2024

Necro Trojan Strikes Google Play Again, Infecting Popular Apps

The Necro Trojan has re-emerged on Google Play, affecting millions of Android devices globally. Kaspersky identified the malware in various applications, including modified versions of popular apps like Spotify and Minecraft. The current wave of infections has impacted over 11 million devices, with one compromised app, Wuta Camera, having over 10 million downloads before its removal by Google. The Trojan uses advanced obfuscation and steganography techniques to hide its payload within app files, complicating detection. It can execute harmful actions such as displaying ads, downloading files, and subscribing users to services without consent. The malware's distribution extends beyond Google Play to unofficial websites, and it utilizes Google’s Firebase Remote Config service for storing malicious files. Researchers note that the Necro Trojan employs a multi-stage loader and modular architecture, allowing for flexible delivery of malicious updates. Users are advised to update infected apps, download only from official sources, and use reliable security solutions to protect against malware.

Tech Optimizer

June 17, 2024

Fake Antivirus Websites Spread Malware – Spiceworks

Threat actors are using fake antivirus websites to spread infostealer malware to Android and Windows devices, allowing them to access sensitive information and perform malicious actions.