XHelper, a new variation of malware that re-installs itself on affected devices after its deleted or hard reset wiping all data and programs.

XHelper is a malware that was detected in October 2019 by Symantec experts; it’s a persistent and stubborn piece of malware automatically re-installs despite numerous actions of un-installing it.

Within just six months, the malware had infected more than 45,000 Android-based devices, and it continued spreading at an alarming rate. At the time, according to Symantec estimates, the unkillable malware was infecting at least 2,400 devices monthly, mainly in Russia, India, and the United States.

Security experts at Kaspersky provided deeper insights shedding more light on its persistence mechanism and capabilities used by destructive malware. The experts provided Continue reading →

Its first ever appearance involving the trojan horse known as “Mahoi” occurred on March 2022, aimed at a Japanese hosting company.

The detection from Avast arrives a week after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the spyware developed by Awaken Cybers hackers to target the healthcare sector since at least April 2022.

Most of the data about their modus operational came from incident response actions and industry analysis of a Mahoi sample that revealed a lack of some key features specially associated with malware-as-a-service (RaaS) records.

Because Mahoi is designed to be automatically executed by a remote actor via a command-line GUI, it’s also notable for not having a ransom action to provide its recovery system back.

Therefor, the Justice Department published the seizure of Continue reading →

The infamous Ursnif malware is back at it again, according to ZLab Yoroi-Cybaze researchers who report that there was another wave of attacks from this virus recently. The malware made its first appearance in 2014 during the original Gozi source code leak, hence the malware is commonly known as Gozi ISFB.

According to reports, the Ursnif threat is one of the most active malwares with a presence that spans over a decade. It mostly operates in Italy, where it presents itself as something else in order to infiltrate several organizations. Most of the time, it’s presented as a Continue reading →

Instagram is one of those social media platforms that almost everyone have account registered on nowadays. Since being acquired by Facebook nearly eight years ago, the social network has become a paradise of viral information used by everyone to make the rounds at every waking hour all over the world. Everyone shares something with the goal of going viral and being noticed by their peers, and unlike Twitter and Facebook, there is not a lot of drama going on. The bad news is that IG is being tested in their vulnerable spots again with a very unhealthy practice of stealing accounts using something called “The Nasty List” an Instagram login information stealer that is a headache to deal with.

The Nasty List – What You Need To Know

The Nasty List as an event started to be registered in the first days of May of the current year. It was brought to attention by a Reedit user nicknamed Continue reading →

Thanks to the good folks at Trend Micro, we now know that there’s a new form of malware in town. Actually, it’s a new type of an existing MacOS malware that enters stealth mode by camouflaging itself as a Windows file so that it can infiltrate devices without detection.

The malware is unable to execute on a Windows machine because it’s carried by a familiar .EXE file that’ easy for Windows to rebuff.

The security experts behind the discovery say they found the malware hiding inside the Little Snitch installer which is a well-known firewall, and network monitor. The researchers downloaded the .ZIP files from different torrent websites.

We all know that trying to run an .EXE file on a Linux or Mac processor is a futile exercise because it will only Continue reading →

0patch experts recently came out with a micropatch designed to mitigate a previously unidentified zero-day loophole in Adobe Reader. According to experts, this vulnerability can be abused by cyber criminals by hiding malware inside corrupt PDF files.

These documents would then transfer the target’s NTLM hash to the attacker through a SMB request. All of this can be done remotely which would make detection practically impossible.

The vulnerability was identified and reported by Alex Inführ, a security expert who also published a proof-of-concept and technical details of the problem. According to the report, the XML Form Architecture (XFA) structure was instrumental in crafting the attack. XFA is an integral part of PDF documents and it’s what Continue reading →

Intel users beware! Hackers have now discovered a new method to hide malware inside the security Intel SGX enclaves. Usually, the Intel Software Guard eXtensions (SGX) is a technology that’s used by app developers as a security measure against unwanted data modification or disclosure.

Intel SGX also allows developers to execute application code through a secret enclave.

Expert researchers have created a new technique that enables them to introduce malicious code in a protected memory area, which makes it nearly impossible to detect.

Ideally, enclaves should be protected from higher privilege processes, including BIOS, kernel, SMM and even the operating system.

The team of experts that discovered this vulnerability is the same one that found Continue reading →

According to reports, Facebook has just paid a $25,000 reward to a white hat hacker who found a critical cross-site request forgery (CSRF). If you’re wondering what warranted this payday, you need to know the implications of CSRF to realize that this was a big discovery.

According to Facebook, if the CSRF continued operating without detection it would have made user accounts vulnerable to hackings of the worst kind.

All an attacker needed to do was send requests loaded with CSRF tokens to random Facebook endpoints. That would have allowed them to access user accounts and do with them as they pleased. But, the attacker would have to trick their victim into clicking on a link first, which can be done through the facebook.com/comet/dialog_DONOTUSE/ loophole. This weak spot would also enable the attacker to easily bypass CSRF protections, giving them full Continue reading →

One of the financial sector’s most enduring nemeses is back at it again. According to recent reports, the infamous TrickBot banking Trojan is making a major return and bankers should be aware. It now operates as a new type which has the ability to grab credentials remotely through a dedicated module.

The TrickBot’s updated data-grabbing mode is what enables it to harvest private credentials and data from a remote desktop. Hackers are using spam emails to spread this latest strain in what’s possibly the oldest scam in the digital data-grabbing book.

Users are warned to look out for one email in particular, which the scammers are using as a front to spread the virus. The email appears to come from Deloitte, a well-known financial services company, and at face value, it looks like a Continue reading →