#malwarealert

كاسبرسكي تكشف عن أول تطبيق تجسس يستهدف محافظ العملات المشفرة عبر متجر آبل في تطور مثير للقلق، أعلن خبراء الأمن السيبراني في شركة كاسبرسكي عن اكتشافهم أول تطبيق خبيث يحتوي على برنامج تجسس في متجر تطبيقات آبل. التطبيق، الذي يحمل اسم "كم كم" (ComeCome)، يستخدم تقنية التعرف البصري على الحروف (OCR) لسرقة كلمات مرور محافظ العملات المشفرة. وفقًا لتقرير نشر على موقع "ذا ريجستر"، تم تصميم هذا التطبيق ليكون

Read the full story and learn how to protect yourself from these threats https://infovistar.in/fake-google-chrome-spreads-valleyrat-malware-via-dll-hijack/

https://bit.ly/47wzEM4 - 🔒 AhnLab Security Emergency response Center (ASEC) reports an ongoing campaign where Ddostf DDoS bot malware is targeting vulnerable MySQL servers. This campaign primarily affects servers running in Windows environments, where MySQL is less common than MS-SQL but still present. The majority of malware strains identified in these attacks are variants of Gh0st RAT, with AsyncRAT also being used in some instances. #Cybersecurity #MalwareAlert #MySQLServerProtection 💻 Ddostf, a DDoS bot first identified in 2016 and known for its capability to conduct Distributed Denial of Service attacks, has been observed being installed on these vulnerable servers. Unlike MS-SQL, which supports direct OS commands, MySQL uses a feature called User-defined Function (UDF) to allow command execution, which attackers exploit to deliver malicious commands. #DDoSAttack #ServerSecurity #CyberAttackTactics 🖥️ The UDF malware used in these attacks can download files and execute commands provided by threat actors. It's presumed that attackers utilize UDF's downloader() function to download Ddostf from an external source and then execute it using the cmdshelv() function. These attacks demonstrate the sophisticated methods used by cybercriminals to exploit database servers. #UDFExploit #CyberThreats #DatabaseSecurity 🤖 Analysis of the Ddostf DDoS Bot reveals that it operates in both ELF and PE formats, targeting Linux and Windows environments respectively. Upon execution, Ddostf copies itself under a random name and registers as a service. It then connects to a Command & Control (C&C) server and can execute various DDoS attack methods. #MalwareAnalysis #CommandControl #CyberDefense 🛡️ To protect against such attacks, administrators should use strong, periodically changed passwords and apply the latest patches to prevent vulnerability attacks. Security measures like firewalls are essential for externally accessible database servers. AhnLab MDS Sandbox detects Ddostf malware, offering a layer of protection against these threats.

https://bit.ly/3R6hgF2 - 🔒 AhnLab Security Emergency Response Center (ASEC) reports that malware previously dispersed in CHM format is now being circulated in LNK format. The malware pulls scripts from specific URLs using the mshta process, subsequently receiving commands from the threat actor’s server for additional malicious actions. #CyberSecurity #MalwareAlert 🌐 The malware has been found on regular websites, hidden within compressed files. One notable LNK file named 'https://bit.ly/487ONVA' has been uploaded. This file, similar to other known threats, contains both standard Excel data and malicious scripts. Upon execution, it opens a seemingly harmless Excel file while also running a hidden malicious script. #DigitalThreat #MalwareDetections 💡 This malware mimics a Korean public institution's document. When activated, the malware copies itself into system folders and registers keys in the system's registry to ensure its continued execution. Detailed analysis reveals the malware communicates with certain URLs, receiving and processing commands from its controlling entity. #InfoSec #DigitalForensics 📊 A breakdown of the malware's actions reveals its capability to gather PC and drive information, collect clipboard content, manage services and processes, execute commands, and interact with files and registries. New script modifications suggest the attacker's constant adaptation and potential for more varied malicious activities. #CyberAttack #ThreatAnalysis 💼 Alongside the aforementioned LNK file, other compressed files were discovered, housing the previously detected malicious CHM file. This CHM malware, similar to the LNK, leverages mshta to fetch and execute scripts from designated URLs. 🚫 With a rise in malware distribution via CHM and LNK files, ASEC urges users to be vigilant. Especially concerning are LNK files over 10MB from unknown sources, which users are strongly advised against executing.