Malware Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

Aman Mishra — Wed, 06 Nov 2024 12:14:27 +0000

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information by impersonating various brands and apps to gain trust. It also utilizes C2 servers to receive updates and evolve continuously. A builder tool empowers threat actors to create custom HookBot apps as the malware is often distributed through Telegram, where it’s […]

The post HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

Aman Mishra — Fri, 01 Nov 2024 09:26:01 +0000

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices. The malware’s core binaries were even signed with the same certificate used in jailbreak kits, indicating deep integration. The C2 servers, active until October 26, 2022, hosted outdated malware, possibly for demonstration purposes but not as MaaS. The iOS and […]

The post LightSpy iOS Malware Enhanced with 28 New Destructive Plugins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Notorious WrnRAT Delivered Mimic As Gambling Games

Aman Mishra — Tue, 29 Oct 2024 13:15:55 +0000

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games like Badugi, Go-Stop, and Hold’em to disguise itself as a malicious program. The attackers created a fraudulent gambling website that, when accessed, prompts users to download a game launcher. Instead of initiating the game, the launcher installs the malicious WrnRAT […]

The post Notorious WrnRAT Delivered Mimic As Gambling Games appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Aman Mishra — Tue, 29 Oct 2024 08:53:46 +0000

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware. The malware uses blockchain technology to obtain malicious payloads, exploiting social engineering tactics to deceive victims. Over 6,000 websites […]

The post ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections

Aman Mishra — Tue, 22 Oct 2024 11:43:54 +0000

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script. The script downloads and executes a GHOSTPULSE payload, which is now a single executable file containing […]

The post GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

Aman Mishra — Tue, 22 Oct 2024 11:15:30 +0000

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server containing sensitive data, including a zsh_history file that revealed their detailed attack timeline and techniques. […]

The post IcePeony Hackers Exploiting Public Web Servers To Inject Webshells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Use Bumblebee Malware to Gain Access to Corporate Networks

Divya — Mon, 21 Oct 2024 10:35:38 +0000

A sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operation Endgame, a major Europol-led crackdown on malware botnets in May 2024. Bumblebee, first identified by Google’s […]

The post Hackers Use Bumblebee Malware to Gain Access to Corporate Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Mimic as ESET to Deliver Wiper Malware

Divya — Mon, 21 Oct 2024 08:19:04 +0000

Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,” warned recipients that state-backed attackers were targeting their devices. The emails offered a download link […]

The post Hackers Mimic as ESET to Deliver Wiper Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Aman Mishra — Mon, 14 Oct 2024 15:58:37 +0000

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk as it can compromise system integrity and steal sensitive data. The malware is a UPX-packed […]

The post CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Octo2 Android Malware Attacking To Steal Banking Credentials

Gurubaran — Thu, 26 Sep 2024 09:10:30 +0000

The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks. This new variant targets European countries and employs sophisticated obfuscation techniques, including the Domain Generation Algorithm (DGA), to evade detection and ensure the Trojan remains undetected. The Exobot […]

The post Octo2 Android Malware Attacking To Steal Banking Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.