025-06-20 (Friday): From a post I wrote for my employer on other social media about distribution of #malware disguised as cracked software.
The malware is contained in password-protected 7-Zip archives to avoid detection.
A #pcap from running the malware, and the associated malware files are available at https://www.malware-traffic-analysis.net/2025/06/20/index.html
I don't know what this malware is, so if anyone knows, feel free to reply. I'm just here for the memes.
📬 Godfather 2.0: Android-Malware nutzt Virtualisierung für Banking-Raubzüge in Echtzeit
#ITSicherheit #Malware #AndroidMalware #AndroidVirtualisierung #BankingTrojaner #Godfather20 #MobileMalware #Zimperium https://sc.tarnkappe.info/330be1
@Datenpunks Auch Rechner, auf denen #FreeBSD läuft, sind gute Rechner. Windows ist dagegen eine #Malware in Form eines Betriebssystems.
Neben aktuell 309.000 neuen #Malware-Varianten pro Tag werden auch Large Language Models (#LLM) immer häufiger von Cyberkriminellen missbraucht. Das Resultat: Laut Blackberry gibt es 37.000 #Cyberangriffe weltweit pro Tag.
https://www.security-insider.de/cyberangriffe-auf-unternehmen-in-deutschland-2025-analyse-a-f71268d8ef2cc593d2cc64a82df23ee2/
Hackers Post Dozens of Malicious Copycat #Repos to #GitHub. As #package registries find better ways to combat #cyberattacks, threat actors are finding other methods for spreading their #malware to developers.
https://www.darkreading.com/threat-intelligence/dozens-malicious-copycat-repos-github
I would love to see this malware, and how they pulled off. Virtualization on decices has always been an interest of mine.
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Hiding in GitHub
An AMOS malware campaign has been discovered utilizing GitHub repositories to distribute malicious files. The attackers created a fake Ledger Live app that prompts users to enter their secret phrases, which are then exfiltrated. The malware uses obfuscation techniques, including base64 encoding and custom XOR operations. The campaign targets cryptocurrency users, specifically those using hardware wallets. The malware is distributed through DMG files and ZIP archives, containing both x64 and ARM64 versions of AMOS. The attackers use multiple domains for command and control, and the malware performs checks to detect virtual environments.
Pulse ID: 6855b5c3b1b7afa76a4cd25d
Pulse Link: https://otx.alienvault.com/pulse/6855b5c3b1b7afa76a4cd25d
Pulse Author: AlienVault
Created: 2025-06-20 19:25:55
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #CyberSecurity #Edge #GitHub #InfoSec #Malware #OTX #OpenThreatExchange #RAT #ZIP #bot #cryptocurrency #AlienVault
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
A SpyLoan application called 'RapiPlata' was identified on a victim's device, having been downloaded by over 150,000 users from both Google Play and Apple App Store. The app, which ranked in the top 20 finance category in Colombia, had extensive access to sensitive user data, including SMS messages, call logs, calendar events, and installed applications. It uploaded this data to its servers, posing significant risks to users' privacy and financial security. The app's malicious behavior included harassing messages, unauthorized loan approvals, and data theft. Despite its removal from official app stores, it remains accessible through third-party websites. The app is part of a larger SpyLoan malware operation, with similarities to previously identified malicious apps.
Pulse ID: 6855b5c90dab89ef85ac3cc1
Pulse Link: https://otx.alienvault.com/pulse/6855b5c90dab89ef85ac3cc1
Pulse Author: AlienVault
Created: 2025-06-20 19:26:01
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DataTheft #Google #GooglePlay #InfoSec #Malware #OTX #OpenThreatExchange #Privacy #RAT #SMS #bot #iOS #AlienVault
Caught in the Act: Uncovering SpyNote in Unexpected Places
Multiple samples of SpyNote, a sophisticated Android spyware, were discovered in open directories, disguised as legitimate apps like Google Translate, Temp Mail, and Deutsche Postbank. The malware exploits accessibility services and device administrator privileges to steal sensitive information from infected devices. Samples were found on various servers, including AWS and SonderCloud Limited, with different command and control (C2) infrastructures. The discovery highlights the ongoing threat of SpyNote, especially after its source code leak in late 2022, and emphasizes the importance of proactive threat detection and analysis.
Pulse ID: 6855b5cab3eba6db222aa167
Pulse Link: https://otx.alienvault.com/pulse/6855b5cab3eba6db222aa167
Pulse Author: AlienVault
Created: 2025-06-20 19:26:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Android #Bank #Cloud #CyberSecurity #Google #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RCE #SpyNote #SpyWare #bot #AlienVault
Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware
A phishing campaign has been identified that exploits Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn. Cybercriminals send phishing emails with links to a malicious page on Vercel, impersonating an Adobe PDF viewer and prompting users to download a disguised executable. Once executed, the malware installs and connects to a LogMeIn server, allowing remote access and control of the compromised machine. Over 28 distinct campaigns targeting more than 1,271 users have been observed in the past two months. The technique's effectiveness stems from the use of a legitimate platform, a genuine remote access tool, and social engineering tactics. Recommendations include monitoring suspicious Vercel subdomains, educating employees about fake support scams, and implementing strict controls for remote access software installations.
Pulse ID: 6855b5cc908313a5fb032505
Pulse Link: https://otx.alienvault.com/pulse/6855b5cc908313a5fb032505
Pulse Author: AlienVault
Created: 2025-06-20 19:26:04
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Adobe #CyberSecurity #Email #ICS #InfoSec #Mac #Malware #OTX #OpenThreatExchange #PDF #Phishing #RCE #SocialEngineering #bot #AlienVault
ReversingLabs researchers have uncovered a sophisticated malware campaign by Banana Squad targeting developers through 67 compromised GitHub repositories. The threat group used advanced obfuscation techniques to disguise malicious Python tools as legitimate security software, successfully evading detection while compromising developer systems.
#SecurityLand #ThreatHorizon #CyberSecurity #GitHub #Malware #SupplyChain #BananaSquad
Okay. computer novice here with hopes of advice.
Are we all supposed to be using a protection subscription like McAfee, bitdefender, Norton, Total AV, etc., ALONG WITH something like Malwarebytes, etc.; or, is one or the other all we need? I have no clue anymore as to all, some, one of the services I'm supposed to use for my little world here.
How many different computer protection services am I supposed to keep up to date?
Look right: Threat campaign fooling developers in GitHub repos https://www.developer-tech.com/news/look-right-threat-campaign-developers-in-github-repos/ #github #developers #coding #programming #malware #infosec #hacking #security #tech #news #technology
Resurgence of the Prometei Botnet
Unit 42 researchers identified a new wave of Prometei botnet attacks in March 2025. The malware, which includes Linux and Windows variants, allows remote control of compromised systems for cryptocurrency mining and credential theft. Prometei is actively developed, incorporating new modules and methods, including a backdoor for various malicious activities. It uses a domain generation algorithm for C2 infrastructure and self-updating features for evasion. The article analyzes versions three and four of the Linux variant, highlighting differences from version two. Prometei's modular architecture makes it highly adaptable, with components for brute-forcing credentials, exploiting vulnerabilities, mining cryptocurrency, stealing data, and C2 communication. The botnet's primary goal is Monero mining, but it also has secondary capabilities like credential theft and deploying additional malware payloads.
Pulse ID: 68555ddf9ba095507fc6b5da
Pulse Link: https://otx.alienvault.com/pulse/68555ddf9ba095507fc6b5da
Pulse Author: AlienVault
Created: 2025-06-20 13:10:55
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #ELF #InfoSec #Linux #Malware #OTX #OpenThreatExchange #RAT #Unit42 #Windows #bot #botnet #cryptocurrency #AlienVault
💡 DuckDuckGo migliora la sicurezza con il nuovo Scam Blocker 2025
https://gomoot.com/duckduckgo-migliora-la-sicurezza-con-il-nuovo-scam-blocker-2025/
#blog #duckduckgo #malware #news #phishing #picks #privacy #scamblocker #tech #tecnologia
Malware-Laced GitHub Repos Found Masquerading as Developer Tools
https://klarrio.com/klarrio-discovers-large-scale-malware-network-on-github/
🎩👨💻 Oh look, #Klarrio just stumbled upon a cyber-age treasure map—GitHub's got #malware pretending to be #developer tools! Because who wouldn't want their code sprinkled with a dash of digital chaos? 😂🔍
https://klarrio.com/klarrio-discovers-large-scale-malware-network-on-github/ #cybersecurity #tools #GitHub #digitalchaos #HackerNews #ngated
Malware-Laced GitHub Repos Found Masquerading as Developer Tools
https://klarrio.com/klarrio-discovers-large-scale-malware-network-on-github/
#HackerNews #Malware #GitHub #DeveloperTools #Security #Threats #Cybersecurity
@padeluun die Nutzung von #Govware wie #Palantir ist mit dem #Grundgesetz und der #Menschenwürde sowie #Datenschutz und #Rechtsstaatlichkeit so abdolut unvereinbar wie #Malware aka. "#QuellenTKÜ" und "#Todesstrafe" aka. staatlicher #Mord!
