The Hacker News

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls). The attack chain involves the use of a phishing email as a starting point.

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

FIN7 has been linked to a Python-based backdoor called Anubis that can grant them remote access to compromised Windows systems. This malware allows attackers to execute remote shell commands and other system operations.

Russian Hackers Exploit MSC EvilTwin Flaw to Deploy SilentPrism and DarkWisp Backdoors

The attack chains involve the use of provisioning packages (.ppkg), signed Microsoft Windows Installer files (.msi), and .msc files to deliver information stealers and backdoors that are capable of persistence and data theft.

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

As with other banking trojans of its kind, the malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions. An analysis of the source code and the debug messages revealed that the author is Turkish-speaking.

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

A Pakistan-linked APT group has been found creating a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of EDRKillShifter to disable endpoint security software, according to ESET.

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

The redirections have been found to occur via JavaScript hosted on five different domains (e.g., "zuizhongyj[.]com") that, in turn, serve the main payload responsible for performing the redirects.

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Morphing Meerkat likely delivered thousands of spam emails, with the phishing messages using compromised WordPress websites and open redirect vulnerabilities on advertising platforms like Google-owned DoubleClick to bypass security filters.

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags