DPRK hackers stole $137M in 2023 from TRON users via phishing, fueling nuclear programs and cyberattacks.
Category: cybercrime/malcode – Page 8
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software.
“The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs,” Doctor Web said in an analysis.
The trojan has been found embedded in older versions of the software and propagated as a freely available variant of Alpine Quest Pro, a paid offering that removes advertising and analytics features.
Phishing now causes most breaches + MFA kits bypass detection + browser-based tools offer real-time defense.
Next-generation DNA sequencing (NGS)—the same technology which is powering the development of tailor-made medicines, cancer diagnostics, infectious disease tracking, and gene research—could become a prime target for hackers.
A study published in IEEE Access highlights growing concerns over how this powerful sequencing tool—if left unsecured—could be exploited for data breaches, privacy violations, and even future biothreats.
Led by Dr. Nasreen Anjum from the University of Portsmouth’s School of Computing, it is the first comprehensive research study of cyber-biosecurity threats across the entire NGS workflow.
Managing those AI identities will require companies to completely reassess their cybersecurity strategies.
Docker malware fakes Teneo node heartbeats to earn crypto + 63-layer obfuscation hides the code.
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019–0708),” the South Korean cybersecurity company said. “While an RDP vulnerability scanner was found in the compromised system, there is no evidence of its actual use.”
At the core of the operation is a previously undocumented NFC relay technique that enables threat actors to fraudulently authorize point-of-sale (PoS) payments and Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from infected devices.
To do this, the attackers urge the victims to bring their debit or credit card in close physical proximity to their mobile device, which then allows the SuperCard X malware to stealthily capture the transmitted card details and relay them to an external server. The harvested card information is then utilized on a threat actor-controlled device to conduct unauthorized transactions.
The application that’s distributed to victims for capturing NFC card data is called a Reader. A similar app known as Tapper is installed on the threat actor’s device to receive the card information. Communication between the Reader and Tapper is carried out using HTTP for command-and-control (C2) and requires cybercriminals to be logged in.
Multi-stage phishing attack in Dec 2024 used. JSE, PowerShell, and AutoIt to deliver Agent Tesla.
XorDDoS malware targeted 71.3% of U.S. systems in latest wave; Docker, IoT, and Linux bots fuel rise.