Tag Archive for: Spreads

BattleRoyal Cybercrime Group Spreads DarkGate Malware


New Cybercrime Group BattleRoyal Exploits Windows Flaw, Spreads DarkGate Malware

BattleRoyalDarkGate malware

As the end of the year approaches, BattleRoyal has not slowed down. Instead, they’ve altered their tactics, now utilizing a legitimate remote access tool, NetSupport, to sustain their grip on compromised systems. This methodological shift occurred in late November and early December and included the use of compromised websites and deceptive update prompts to dupe victims. One of the most alarming aspects of their campaign is the exploitation of a previously undisclosed vulnerability in Windows SmartScreen, identified as CVE-2023-36025, which they managed to exploit even before Microsoft’s official disclosure. This highlights a concerning trend of zero-day vulnerabilities being actively exploited in the wild.

DarkGate is not a new player in the field of cyber threats. Since 2018, this multi-functional malware has haunted the digital corridors, capable of downloading and executing files, logging keystrokes, and stealing sensitive information. In a worrying development, DarkGate has been updated and is now being advertised in Russian-language eCrime forums as of May 2023, indicating its persistent evolution and the continuous threat it poses.

(Read Also: UK EV Drivers Targeted by Sophisticated QR Code Scam at Public Charging Stations)

Yet, BattleRoyal’s activities are only a fragment of a larger cybersecurity concern. The digital ecosystem is also grappling with the Chameleon Android malware and a series of targeted attacks against defense firms involving new strains of malware. These incidents underscore the vast and varied nature of cybersecurity challenges that continue to evolve.

In the backdrop of these security alerts, it’s worth noting that the information stream, including tech updates from TechRadar Pro, is an essential resource for staying informed. TechRadar, a part of Future US Inc, represents a significant pillar in the digital publishing sphere, providing insights and updates that help navigate the complex cybersecurity landscape.

(Read Also: Elgaar Parishad Case: Bail Orders Spark Debates on Evidentiary Standards and Anti-Terror Laws)

As we delve…

Source…

USB worm unleashed by Russian state hackers spreads worldwide


USB worm unleashed by Russian state hackers spreads worldwide

Getty Images

A group of Russian-state hackers known for almost exclusively targeting Ukranian entities has branched out in recent months either accidentally or purposely by allowing USB-based espionage malware to infect a variety of organizations in other countries.

The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.

One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command and control servers.

“Gamaredon continues to focus on [a] wide variety [of] Ukrainian targets, but due to the nature of the USB worm, we see indications of possible infection in various countries like USA, Vietnam, Chile, Poland and Germany,” Check Point researchers reported recently. “In addition, we’ve observed evidence of infections in Hong Kong. All this might indicate that much like other USB worms, LitterDrifter [has] spread beyond its intended targets.”

Virus Total Submissions of LitterDrifter
Enlarge / Virus Total Submissions of LitterDrifter

Check Point Research

The image above, tracking submissions of LitterDrifter to the Alphabet-owned VirusTotal service, indicates that the Gamaredon malware may be…

Source…

Fake Pokémon NFT game spreads malware, ‘Jai Ho’ singer to launch metaverse and more


Hackers hide malware in fake NFT game

A phishing website purporting to offer a Pokémon-branded nonfungible token (NFT) card game has been spreading malware to unsuspecting gamers, a cybersecurity firm has warned.

The website, which at the time of writing was still online, also claims to offer an NFT marketplace, with a link to buy tokens, and even an area to stake NFTs — all based on the popular Japanese media franchise.

However, an arm of the South Korean cybersecurity firm AhnLab warned the public about the website on Jan. 6, noting that instead of downloading agame, users were actually downloading a remote access tool that allows hackers to take control of their device.

A screenshot of the phishing website. The “Play on PC” link at the bottom of the image downloads the malware.

The tool, known as NetSupport Manager, would allow the attackers to remotely control the computer’s mouse and keyboard, access the system’s file management and history and even execute commands allowing them to install additional malware, the firm warned.

The public has been advised to only purchase or download applications from official websites and not open attachments in suspicious emails.

The composer behind ‘Jai Ho’ to spin up metaverse

Allah Rakha Rahman, the Indian composer and singer known for the Grammy Award-winning song “Jai Ho,” is launching his own metaverse platform for artists and their music.

Rahman tweeted on Jan. 6 that his “Katraar” metaverse “is one step closer to launching.” He attached a video of him explaining the upcoming platform, which will use “decentralized technology,” according to its website.

In the video, Rahman said his vision for the platform was to “bring in new talents, technologies, and […] direct revenue for artists,” with one revenue stream seemingly the integration of NFTs.

“Right now we are working with the HBAR…

Source…

Luca Stealer malware spreads after code appears on GitHub • The Register


A new info-stealer malware is spreading rapidly in the wild as the developer behind it continues to add capabilities and recently released the source code on GitHub.

In addition, the Windows software nasty – dubbed Luca Stealer by the folks at Cyble who detected it – is the latest to be built using the Rust programming language.

The researchers wrote in a report that Luca Stealer already has been updated three times, with the developer adding multiple functions, and that they have seen more than 25 samples of the source code in the wild since it was shared via GitHub on July 3, which may lead to wider adoption by the cybercriminal community.

“The developer of the stealer appears to be new on the cybercrime forum and likely leaked the source code of the stealer to build a reputation for themselves,” the researchers wrote. “The developer has also provided the steps to modify the stealer and compile the source code for ease of use.”

They noted that Rust is becoming a go-to programming language for malware developers because of its versatility, cross-platform nature, and that the generated code can seem alien to some reverse engineers and their tools, hindering analysis. The prolific Hive ransomware crew this year migrated its source code from Go to Rust, which analysts with Microsoft’s Threat Intelligence Center earlier this month said made the exortionware more stable and more difficult to reverse engineer.

Other threat groups also are adopting Rust, including the BlackCat ransomware-as-a-service gang. In addition, Kaspersky security researchers this month wrote about a new ransomware family – Luna – that is written in Rust. We’re not too surprised by this: Rust is seen as an up and coming general-purpose language that programmers are using for all kinds of projects, legit and malicious.

“Rust is to C as Go is to Java,” Casey…

Source…