The NJCCIC’s email security solution observed a recent surge in campaigns disseminating 404 Keylogger infostealing malware. Also known as SnakeKeylogger, is both a downloader and an information-stealing malware. This malware-as-a-service can steal credentials, etc.
TA2725 is a financially motivated cyber threat actor that typically targets Latin America (LATAM) and some European countries. The group has its tactics and is now delivering Mispadu and Astaroth malware in phishing campaigns targeting the Garden State Network (GSN).
The NJCCIC observed an uptick in campaigns aiming to spread Formbook infostealing malware. Formbook is classified as malware-as-a-service (MaaS), though it was originally advertised as browser-logger software. Formbook can extract data from HTML forms...
Industrial cybersecurity company Dragos released a report detailing a malware strain dubbed FrostyGoop that was used to target a municipal district energy company in Lviv, Ukraine earlier this year. The attack caused residents of approximately 600 apartment buildings to lose heat.
A new Linux variant of Play ransomware has been targeting VMWare ESXi environments. Businesses often use ESXi environments to run multiple virtual machines (VMs), typically hosting backup solutions, critical applications, and data storage.
LokiBot, an infostealing malware that targets Android and Windows devices, was first spotted in 2015. LokiBot is a trojan primarily distributed through innocuous-appearing files. Once installed, LokiBot uses a keylogger to monitor desktop activity and steal sensitive information.
SocGholish, also known as FakeUpdates, has been a dominant cyber threat; however, Balada has recently been observed more frequently in attempted malware campaigns, performing reconnaissance and deploying malicious payloads.
In November 2023, researchers discovered a new loader, dubbed Latrodectus, due to a string identified in the malware’s code. As of February, Latrodectus has been identified and delivered in nearly a dozen phishing campaigns, downloading payloads undetected.
Threat actors are using HTML smuggling and fraudulent Google Sites pages to disseminate AZORult in a new malware campaign. AZORult, dubbed PuffStealer and Ruzalto, was first detected in 2016. It searches the desktop for sensitive documents using keywords...
Malicious copies of popular apps have been discovered on the Apple App Store. These apps are designed to be mistaken for legitimate apps and conduct malicious activity, such as stealing login credentials and other sensitive information. Click to learn more.
