A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.
Since December 2019, security researcher MalwareHunterTeam has been tracking the samples of the Parallax RAT as they have been submitted through VirusTotal and other malware submissions services.
Being offered for as low as $65 a month, attackers have started to heavily use this malware to gain access to a victim’s computer to steal their saved login credentials and files or to execute commands on the computer.
The attackers can then use this stolen data to perform identity theft, gain access to online bank accounts, or further spread the RAT to other victims.
Parallax sold on hacker forums
Since early December 2019, the Parallax RAT has been sold on hacker forums where the developers are promoting the software and offering support.
In their pitch to would-be buyers, the “Parallax Team” is promoting their product as having 99% reliability and being suitable for both professionals and beginners. Read more »
Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.
These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.
The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.
Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated.
“The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,” said Kaya and Duo Security’s Jacob Rickerd in the report.
Read more »
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
The cybersecurity firm said the Wi-Fi spreader has a timestamp of April 16, 2018, indicating the spreading behavior has been running “unnoticed” for close to two years until it was detected for the first time last month.
The development marks an escalation of Emotet’s capabilities, as networks in close physical proximity to the original victim are now susceptible to infection.
Read more »
Several Cisco-manufactured network equipment have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones.
Collectively dubbed ‘CDPwn,’ the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF.
Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network. Read more »
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices.
Whether it’s about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted devices.
In recent years, we have seen how hundreds of widely used smart-but-insecure devices made it easier for remote attackers to sneak into connected networks without breaking WiFi passwords.
In the latest research shared from Check Point experts today revealed a new high-severity vulnerability affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters away to gain entry into a targeted WiFi network.
Read more »