OceanLotus APT Uses New Ratsnif Trojan for Network Attacks

Posted by & filed under Security Alerts.

A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking. OceanLotus is a threat actor group believed to act in the interest of the Vietnamese state for espionage operations. Also known as APT32, CobaltKitty, SeaLotus,… Read more »

Hackers Disguise New JavaScript-Based Trojan as Game Cheat

Posted by & filed under Security Alerts.

Researchers discovered a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers. The malware was discovered by Yandex which subsequently sent it over to Doctor Web’s research team for further analysis together with additional info on how the Trojan sample was… Read more »

Phishing Campaign using malicious documents pretending to be from XEROX Color Multi-function Machine

Posted by & filed under Security Alerts.

National CSIRT-CY would like to inform the general public about a new Phishing campaign which sends emails containing a WORD document file where it pretends to be a scanned document by XEROX Color Multifunction machine. The sender’s e-mail is: scanner@xerox-multifuctional.com with an IP address 91.121.181.22. If you have received the following email, please DO NOT… Read more »

Uniden’s Commercial Site Hacked to Serves Emotet Trojan

Posted by & filed under Security Alerts.

Uniden’s website for commercial security products has been hacked to host a Word document that delivers what appears to be a garden variety of the Emotet trojan, also known as Geodo and Heodo. Compared to Uniden’s main website, which offers a wide range of electronic products (radios, scanners, radar detectors, dash cams, cellular boosters), the solutions… Read more »

Anubis Android Trojan Spotted with Almost Functional Ransomware Module

Posted by & filed under Security Alerts.

An Android application which steals PayPal credentials, encrypts files from the device’s external storage, and locks the screen using a black screen was spotted in the Google Play Store by ESET malware researcher Lukas Stefanko. Behind the app’s malicious behavior is an Anubis Android banking Trojan malware payload, a well-known Trojan designed to steal banking credentials, provide its masters with a RAT… Read more »