Tag Archives: Malware

Bad actors are using fake Zoom, Microsoft’s Skype and Google Meet websites to distribute malware.

As discovered by Zscaler ThreatLabz researchers, threat actors have been impersonating video conferencing brands to spread various malware targeting both Android and Windows users since December 2023.

The spoofed sites, designed in Russian and hosted on URLs eerily similar to their legitimate versions, suggest that attackers are employing “typosquatting” tactics to entice potential victims into downloading malware — meaning some users might not notice the typo in the domain and so believe they will be on the legitimate website.

Zscaler ThreatLabz wrote:

The attacker utilized shared web hosting, hosting all these fake online meeting sites on a…

North Korean state-sponsored threat actors were observed using the recently discovered ScreenConnect vulnerabilities to steal sensitive data from their targets. 

A new report from Kroll shared with TechRadar Pro found a group known as Kimsuky (AKA Thallium) abused two flaws found in ConnectWise’s solution to drop ToddleShark, an upgraded version of the group’s other backdoors, BabyShark and ReconShark. 

Top web hosting company Hostinger says that 2023 proved to be a particular bumper year for malware, as its Monarx powered scanner service successfully identified and cleaned close to 500 million threats through the year, which equates to 250 instances per customer.

While this figure is half of what it was in 2022, this is largely due to the company’s successful efforts to combat Phoenix, an uploader notorious for delivering other malware to systems. 

The last of the three men said to be responsible for infecting Windows computers with the banking trojan Gozi has been sentenced to three years.

Mihai Ionut Paunescu, 37, was said to have supplied the bulletproof hosting that is so vital for the efficient running of malware ops, allowing his co-conspirators to distribute the Gozi malware that stole confidential financial information from millions of computers, among them some Windows boxes running at NASA.

The Romanian national, whom Feds say was also known as “Virus,” was sentenced [PDF] to three years in prison on Monday. He was extradited last year in Colombia, where he had apparently been living after being released on bail following an arrest in Romania in 2012.

The ‘Decoy Dog’ malware toolkit, aimed at enterprises, was uncovered recently by the security analysts at Infoblox by analyzing 70 billion DNS records and traffic that differs from typical online behavior.

Decoy Dog was discovered in early April 2023, and by using domain aging and DNS query dribbling tactics, the Decoy Dog malware assists threat actors in avoiding traditional detection methods. 

This strategy enables them to build a positive reputation with security vendors before transitioning to supporting cybercrime activities.

Decoy Dog has an exceptionally rare and distinct DNS fingerprint compared to the 370 million active domains on the internet, facilitating its identification and tracking.

Technical Analysis

Numerous C2 domains related to the operation were identified…