information analyst

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service.

This allows its operators to hide a wide spectrum of malicious activities, from digital advertising fraud to password spraying.

According to Lumen's Black Lotus Labs threat research team, while the AVrecon remote access trojan (RAT) compromised over 70,000 devices, only 40,000 were added to the botnet after gaining persistence.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

 

Via Gust MEES

Internet of Things devices are driving up the number of Linux malware variants.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Via Gust MEES

Microsoft is warning customers about the LemonDuck crypto mining malware which is targeting both Windows and Linux systems and is spreading via phishing emails, exploits, USB devices, and brute force attacks, as well as attacks targeting critical on-premise Exchange Server vulnerabilities uncovered in March. 

The group was discovered to be using Exchange bugs to mine for cryptocurrency in May, two years after it first emerged.        

Notably, the group behind LemonDuck is taking advantage of high-profile security bugs by exploiting older vulnerabilities during periods where security teams are focussed on patching critical flaws, and even removing rival malware. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Via Gust MEES

A small but complex malware variant is targeting supercomputers worldwide.

Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. 

The cybersecurity team has named the malware Kobalos in deference to the kobalos, a small creature in Greek mythology believed to cause mischief. 

Kobalos is unusual for a number of reasons. The malware's codebase is tiny but is sophisticated enough to impact at least Linux, BSD, and Solaris operating systems. ESET suspects it may possibly be compatible with attacks against AIX and Microsoft Windows machines, too. 

"It has to be said that this level of sophistication is only rarely seen in Linux malware," commented cybersecurity researcher Marc-Etienne Léveillé.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux

 

Via Gust MEES

Des pirates s’appuient sur des fausses pubs pour diffuser à des millions d'internautes un malware particulièrement sophistiqué, qui s’appuie sur de multiples techniques de dissimulation.

 

Voilà encore une preuve que les cybercriminels deviennent de plus en plus malins. Les chercheurs en sécurité d'Eset viennent de mettre la main sur un malware qui exploite des failles dans Internet Explorer et Flash Player, et dont le code est caché directement dans les pixels d'une image de publicité. C’est pourquoi il a été baptisé « Stegano », en référence à la stéganographie, l’art de dissimuler des messages secrets dans des choses en apparence anodines, comme ici une pub en ligne.

 

L’impact de ce malware, en revanche, est loin d’être anodin. Selon Eset, la publicité vérolée a été diffusée entre autres sur des sites d’actualités très populaires, lui permettant d’être affichée par « plus d’un million d’internautes », explique Robert Lipovsky, l’un des chercheurs d’Eset, dans une note de blog. L’attaque se déroule de façon totalement automatique, la victime n’a pas même pas besoin de cliquer sur la publicité. D’après les chercheurs, Stegano a été utilisé par les cybercriminels pour installer sur les machines des victimes des chevaux de Trois bancaires, des portes dérobées et des logiciels espions. Mais en théorie, il n’y a pas vraiment de limite. « Les victimes pourraient également être confrontées à de méchantes attaques de ransomware », souligne Robert Lipovsky.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?tag=Steganography

 

Via Gust MEES

IT-Sicherheitsforscher beobachten eine starke Zunahme an KI-generierten Youtube-Clips, die Cracks für begehrte Software versprechen. Die Links liefern Malware.

 

Learn more / En svoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=AI

 

Via Gust MEES

Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments. It makes a strong case for why it is worth removing it from your network. 

This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible.

While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities -- a competitive effort to keep rival attackers from feeding off its turf. 

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/topic/securite-pc-et-internet

 

Via Gust MEES

Un nouveau malware circule sur Android. Repéré par un groupe de chercheurs, il se présente sous la forme d'une mise à jour critique du système et permet à un tiers de prendre le contrôle d'un smartphone en collectant des données personnelles.

Le cabinet de sécurité Zimperium, qui avait déjà découvert la faille StageFright en 2015, explique que le malware a été intégré dans une application baptisée System Update, disponible en dehors du Play Store.

 

Learn more / En savoir plus / Mehr erfahren: 

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android

 

Via Gust MEES

A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more.

Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication (2FA) security codes sent to devices, sniffs out Telegram credentials and launches Google account phishing attacks.

Researchers found the threat group, dubbed Rampant Kitten, has targeted Iranian entities with surveillance campaigns for at least six years. It specifically targets Iranian minorities and anti-regime organizations, including the Association of Families of Camp Ashraf and Liberty Residents (AFALR); and the Azerbaijan National Resistance Organization.

The threat group has relied on a wide array of tools for carrying out their attacks, including four Windows info-stealer variants used for pilfering Telegram and KeePass account information; phishing pages that impersonate Telegram to steal passwords; and the aforementioned Android backdoor that extracts 2FA codes from SMS messages and records the phone’s voice surroundings.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Two-factor+authentication

 

Via Gust MEES