virus

A new infection technique masks the code in colors. The Elastic Security Labs team has identified a new technique for distributing the GHOSTPULSE malware — loading data through the pixels of a PNG file. This approach is called one of the most significant changes in the operation of malware...

How North Korean hackers disguise malicious code as regular notifications. The ScarCruft group from North Korea has once again exploited a vulnerability in Windows to spread the RokRAT malware. The exploitation affects CVE-2024-38178 with a CVSS rating of 7.5, which is associated with memory...

Experts will have to find out what Trinity is - a mutant of old viruses or a new product. US medical institutions have fallen victim to the new Trinity ransomware. According to the U.S. Department of Health and Human Services, the tactics and methods of the group behind Trinity pose a...

Residents of Uzbekistan have become the main target of the Trojan, but the geography of attacks continues to grow. A new malware campaign has been spotted in Uzbekistan spreading an Android malware called Ajina.Banker. Discovered by Group-IB specialists in May 2024, this Trojan has been active...

The robot test has become a nightmare for users. Information security experts warn of a new fraudulent scheme: attackers have begun to use fake CAPTCHA tests to install malware on Windows computers. This is a signal that users should pay more attention to protecting their data and be careful...

From mechanical engineering to medicine: who is in the crosshairs of hackers? In July 2024, Kaspersky Lab specialists revealed that more than ten Russian enterprises from various industries, from mechanical engineering to medicine, fell victim to cyberattacks using the previously unknown Loki...

The detection of the malware opens a new round of virus evolution. Aon has discovered a new virus for Linux called sedexp, which has gone undetected since 2022 thanks to a unique stealth method. Malware allows attackers to remotely control infected devices and carry out attacks. Sedexp is...

The malware steals confidential data and launches DDoS attacks. In late July, Kaspersky Lab specialists discovered a new type of malware that was distributed through the website of a Russian energy company. The malware is called CMoon. The attackers replaced links to regulatory documents in...

The mysterious RDGA algorithm creates an army of malicious domains. Trend Micro discovered a new version of the Play ransomware (Balloonfly, PlayCrypt), which is now targeting VMware ESXi. The new Linux version indicates an expansion of the group's attacks, which increases the number of...

How Google Cloud abuse affects your business. In Latin America, a financially motivated hacker group codenamed FLUXROOT has been identified, which uses serverless Google Cloud projects to organize phishing attacks. The attacks are aimed at stealing credentials, highlighting the misuse of the...

Cybercriminals use CVE-2024-38112 to break into vulnerable devices. The hacker group Void Banshee is seen exploiting a recently identified vulnerability in MSHTML used to distribute the Atlantis malware. This vulnerability, registered as CVE-2024-38112, is used for multi-stage attacks using...

Under the procedural guidance of the Prosecutor General's Office, a citizen was notified of suspicion on the fact of selling malicious software for mobile phones for the purpose of unauthorized interference in the operation of automated information systems (Part 2 of Article 361-1 of the...

How long have you been unable to find a job? This is the fault of cybercriminals! Cybersecurity researchers from Elastic Security Labs revealed details of an active phishing campaign that uses employment topics to distribute malware called WARMCOOKIE. "Each WARMCOOKIE sample is compiled with a...

Guys, I couldn't stand it. We will now talk about the ATM virus discovered more than a year ago in Diebold ATMs, and the basic principle of its operation. This topic is ancient, the peak of hysteria has long passed, but the public never found out what really happened, which is why even IT people...

In Kyiv, a criminal group that specialized in secretly infiltrating the service parts of ATMs and further infecting the operating system of ATMs with malicious software code, which led to the unauthorized withdrawal of funds, was neutralized. Ukrainian banks suffered damage in the amount of more...

Europol detained criminals who emptied ATMs without using a plastic card - using the Tyupkin virus pre-loaded into the ATM. First, using a bootable CD, criminals gained access to computers installed inside ATMs running one of the older versions of Windows and infected them with malware. This...

Users donate their data using other people's advice. Attackers have found a new way to distribute malware through Stack Overflow – When answering user questions, hackers recommend installing a malicious PyPI package that infects computers and steals confidential information. Sonatype has...

In May of this year, the publishing house Individuum published a book by journalist Daniil Turovsky “Invasion. A Brief History of Russian Hackers." It contains stories from the dark side of the Russian IT industry - about guys who, having fallen in love with computers, learned not just to...

Dangerous malware called Erbium has appeared on the Internet. This is an identity theft tool that targets your passwords, bank card details, cookies, cryptocurrency wallets, and possibly more. Due to its rapid spread and widespread availability in the future, it could be adapted to infect...

Hackers compromised the supply chain of the world-famous program. The Justice AV Solutions (JAVS) trial video recording program was hacked by injecting malware into the installation file that can take control of infected systems. JAVS is widely used in courts, law firms, correctional...