1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new "custom" malware hits your device with specially-designe

    From TechnologyDaily@1337:1/100 to All on Fri Feb 10 16:00:03 2023
    This new "custom" malware hits your device with specially-designed attacks

    Date:
    Fri, 10 Feb 2023 15:52:05 +0000

    Description:
    Sometimes it takes screenshots, and sometimes it steals data, it all depends on you, researchers warn.

    FULL STORY ======================================================================

    Cybersecurity researchers from Proofpoint have uncovered a brand new, custom-built malware being used by threat actors to deliver a wide variety of specifically tailored stage-two attacks.

    These payloads are capable of different things, from espionage to data theft, making the attacks even more dangerous due to their unpredictability.

    The researchers, who dubbed the campaign Screentime, say it is being
    conducted by a new threat actor labeled TA866. While its a possibility that the group is already known to the wider cybersecurity community, no one has yet been able to link it to any existing groups or campaigns. Espionage and theft

    Proofpoint describes TA866 as an organized actor able to perform well-thought-out attacks at scale based on their availability of custom
    tools, ability and connections to purchase tools and services from other vendors, and increasing activity volumes.

    The researchers also suggest that the threat actors might be Russian, as some variable names and comments in parts of their stage-two payloads were written in the Russian language.

    In Screentime, TA866 would send out phishing emails, trying to get victims to download the malicious payload called WasabiSeed. This malware establishes persistence on the target endpoint , and then delivers different stage-two payloads, depending on what the threat actors deem appropriate at the time. Read more

    A nasty new infostealer malware is landing in email inboxes


    This infostealer has a vicious sting for Python developers


    Check out the best ID theft protection right now

    Sometimes, it would deliver Screenshotter, malware with a self-explanatory name, while other times, it would deliver AHK Bot, an infinite loop component delivering Domain profiler,Stealer loader, and the Rhadamanthys stealer.

    Generally speaking, the group seems to be financially motivated, Proofpoint argues. However, there were instances that led the researchers to believe
    that the group is also sometimes interested in espionage. It targeted mostly organizations in the United States, and Germany. Its indiscriminate in terms of verticals - the campaigns affect all industries.

    The earliest signs of Screentime campaigns were seen in October 2022, Proofpoint said, adding that the activity continued into 2023, as well. In fact, in late January this year, the researchers observed tens of thousands
    of email messages targeting more than a thousand organizations. These are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-new-custom-malware-hits-your-device-with-s pecially-designed-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)