A new phishing campaign is attempting to lure victims into downloading malware which gives cyber criminals full control over infected Microsoft Windows machines. Quaverse Remote Access Trojan (QRat) first emerged in 2015 and has remained successful because it's both difficult to detect under multiple layers of obfuscation and provides malicious hackers with remote access to computers of compromised victims. The capabilities of this trojan malware include stealing passwords, keylogging, file browsing, taking screenshots and more which all enable hackers to gain access to sensitive information. Now cybersecurity researchers at Trustwave have identified a new QRat campaign which is attempting to lure people into downloading the latest version of the malware, something they describe as "significantly enhanced". The initial phishing email claims to offer the victim a loan with a "good return on investment" that could potentially catch the eye of victims. However, the malicious attachment isn't related to the subject of the phishing email at all, instead claiming to contain a video of President Donald Trump.
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks. The US government's cyber-security agency has issued a security advisory today warning federal agencies and the private sector about "a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020." The Cybersecurity and Infrastructure Security Agency (CISA) said that its in-house security platform (the EINSTEIN Intrusion Detection System) has detected persistent malicious activity traced back to LokiBot infections. This is a cause of alarm as LokiBot is one of today's most dangerous and widespread malware strains.
A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.
A spam campaign which targeted over 100,000 users a day over Christmas and New Year has seen Emotet secure its spot as the most prolific malware threat. Analysis by cybersecurity company Check Point suggests that Emotet was used to target seven percent of organisations around the world during December. Emotet has been active since 2014 and is regularly updated by its authors in order to maintain its effectiveness. The malware started life as a banking trojan but has evolved to become much more than that, providing a complete backdoor onto compromised machines which can then be sold on to other cyber criminals to infect victims with additional malware – including ransomware. While Emotet has worm-like capabilities which allows it to move onto other machines on the same network as the initial victim, it also spreads via the use of phishing emails.
Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware. The HandBrake development team posted a security warning on the project's website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware. The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said. Users of HandBrake 1.0 and later who upgraded to version 1.0.7 through the program's built-in update mechanism shouldn't be affected, because the updater verifies the program's digital signature and wouldn't have accepted the malicious file.