ALERTS 2014 OCTOBER  HOME  AI  APT  BOTNET  CAMPAIGN  CRIME  CRYPTOCURRENCY  EXPLOIT  HACKING  GROUP  OPERATION  PHISHING  RANSOM  SPAM  VIRUS  VULNEREBILITY | 2024  2025


2024 March(16) April(92) May(99) June(94) July(88) August(112) SEPTEMBER(67) October(13) November(80) December(6)


DATE

NAME

INFO

CATEGORY

SUBCATE

1.11.24

New variant of FakeCall Android malware A new variant of the Android malware called FakeCall has been observed in the wild. The attackers behind this malware employ voice phishing (vishing) techniques in order to trick victims into disclosing sensitive information such as credentials or banking information. ALERTS VIRUS

1.11.24

Sauron - a new ransomware variant in the wild Sauron is a new ransomware variant recently found in the wild. The malware appends ".sauron" extension to the encrypted files. The ransom note is dropped in form of a text file called "#HowToRecover.txt" on the affected machines. ALERTS RANSOM

1.11.24

UNC5812 campaigns against Ukraine with Android and Windows malware A recent report highlighted activity attributed to a suspected Russian threat actor identified as UNC5812. The activity involved distributions of Android and Windows malware targeting Ukranian military recruits. The intent of the campaign was not only to engage in espionage but also attempt to negatively influence support for pro-Ukranian forces. ALERTS GROUP

1.11.24

A possible Bumblebee Loader resurgence A new campaign delivering the Bumblebee loader has been reported this month. Bumblebee is a highly sophisticated downloader variant discovered initially back in 2022. The malware has been spread across a multitude of malicious campaigns and used for the delivery and execution of miscellaneous payloads such as Cobalt Strike, ransomware, etc. ALERTS VIRUS

1.11.24

CVE-2024-40711 - Veeam Backup and Replication deserialization vulnerability exploited by ransomware actors CVE-2024-40711 is a recently disclosed critical (CVSS score 9.8) deserialization vulnerability affecting the Veeam Backup and Replication software in version 12.1.2.172 or older. If successfully exploited the flaw might provide unauthenticated attackers with remote code execution (RCE) on the vulnerable systems. ALERTS VULNEREBILITY

1.11.24

Malicious "Lounge Pass" app targets air travelers in India A campaign involving a malicious Android app called "Lounge Pass" targeting air travelers at Indian airports has been observed. Distributed through fake domains, the app intercepts and forwards SMS messages from victims' devices to cybercriminals, leading to significant financial losses. ALERTS VIRUS

1.11.24

Adware Campaign uses Fake CAPTCHA to deliver Lumma and Amadey malware Threat actors are increasingly using fake CAPTCHA as an initial attack vector. A recent adware campaign is targeting online users by presenting them with fake CAPTCHA or update prompts. Attackers are leveraging ad networks to redirect victims to compromised sites that host these social engineering lures. ALERTS VIRUS

1.11.24

TeamTNT targets cloud-native environments in new Cryptojacking campaign A new campaign by the cryptojacking group TeamTNT has been reported targeting cloud-native environments for cryptocurrency mining and reselling compromised servers. ALERTS CRYPTOCURRENCY

1.11.24

Rekoobe malware found potentially targeting TradingView users An open directory has been discovered hosting Rekoobe malware, potentially aimed at targeting TradingView users along with other cyber espionage campaigns. Rekoobe is a versatile backdoor previously deployed by APT31 and other adversaries engaged in cyber espionage and data theft. ALERTS VIRUS

1.11.24

Daggerfly targets Taiwanese entities with new CloudScout Toolset China-linked threat actor Daggerfly (also known as Evasive Panda) has been reported targeting a government entity and a religious organization in Taiwan with a previously undocumented post-compromise toolset called CloudScout. ALERTS APT

1.11.24

Daggerfly targets Taiwanese entities with new CloudScout Toolset Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. The emails prompt users to open a password-protected PDF, and if it fails, directs them to a Dropbox link that downloads a ZIP file containing a URL that would connect to the attacker's servers and download additional malicious scripts, enabling control over the victim's machine. ALERTS VIRUS

1.11.24

Phishing Campaign Distributing XWorm RAT Researchers have recently uncovered a malicious campaign spreading the XWorm RAT trojan via fake emails posing as official communications from Namirial, a software and service company. The emails prompt users to open a password-protected PDF, and if it fails, directs them to a Dropbox link that downloads a ZIP file containing a URL that would connect to the attacker's servers and download additional malicious scripts, enabling control over the victim's machine. ALERTS PHISHING

1.11.24

HeptaX Cyberattack Operations A researcher recently identified a multi-stage cyberattack targeting the healthcare industry, initiated through a ZIP file containing a malicious shortcut (.lnk) file, likely spread via phishing emails. When executed, the LNK file runs a PowerShell command that downloads additional payloads including scripts and BAT files from a remote server. ALERTS OPERATION