Security Awareness Training Blog

Malware Blog

Covering the latest malware threats affecting software, hardware, cloud networks, etc. Keeping you informed so you can keep your users safe.

Google Ads Abused to Deliver Malware

Cybercriminals are using malicious Google Ads to deliver the ZLoader banking Trojan, ZDNet reports. Researchers at Microsoft stated on Twitter that attackers are purchasing Google Ads ...
Continue Reading

CISA Publishes Darkside Malware Analysis Report and Updated Best Practice Guidance Against Ransomware

New details provide valuable insight into exactly how Darkside works to compromise and encrypt systems, with valuable guidance to avoid becoming a victim of ransomware.
Continue Reading

Phishing Campaign Uses Novel Technique to Deliver Malware

Researchers at McAfee warn that a phishing campaign is delivering malware via Word documents that don’t contain any malicious code. When a user opens the document and enables content, the ...
Continue Reading

Yet Another Disk Image File Format Spotted in the Wild Used to Deliver Malware

Disguised as an invoice, cybercriminals use a Windows-supported disk image to obfuscate malware from email gateways and security scanners. The question is how viable will it be?
Continue Reading

Call Centers Used to Distribute BazarLoader

Cybercriminals are using call centers to trick users into downloading the BazarLoader malware, according to researchers at Palo Alto Networks’ Unit 42. By relying on social engineering to ...
Continue Reading

A  New Smishing Trojan is Out and About

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install ...
Continue Reading

New IceID Phishing Attack Targets Website Owners Using Image Copyright Infringement as The Hook

Spotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.
Continue Reading

[HEADS UP] New Malware Families Found in Phishing Campaign

Researchers from FireEye's security team found new malware families in a financial phishing campaign. The Malware strains are dubbed Doubledrag, Doubledrop, and Doubleback and have been ...
Continue Reading

APT Group Use Voice-Changing Software to Impersonate Women as Part of Espionage Attacks

The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.
Continue Reading

Why Should You Be Using DMARC? 3 Billion Spoofed Emails are Being Sent Everyday

In a recent report from TechRadar, email is still the most popular form of malware distribution. Billions of emails that are spoofed are being sent everyday.
Continue Reading

Credential Harvesting Attacks Targeting the U.S. Federal Government Nearly Double as Malware Declines

Shifts to a remote workforce in 2020 gave cybercriminals an opportunity to change tactics, focusing on credentialed access to systems accessed from outside government networks.
Continue Reading

Trickbot is Targeting the Legal Sector

Researchers at Menlo Security warn of an ongoing Trickbot campaign targeting the legal and insurance industries. Trickbot is a notorious remote access Trojan that was in the crosshairs of ...
Continue Reading

Fake Scandal Video Serves Malware

Researchers at Trustwave warn that a phishing campaign is attempting to deliver malware via a file for a fake scandal video with 'Trump' included in the title. The file is a Java Archive ...
Continue Reading

[HEADS UP] Australian Cyber Security Centre is Being Used in Malware Campaign

A warning was recently issued by the Australian Government of cybercriminals impersonating the Australian Cyber Security Centre (ACSC) to infect with malware.
Continue Reading

Why Use Malware When Cybercriminals Can Use Social Engineering?

Researchers at Malwarebytes warn that a malvertising campaign they call “malsmoke” has stopped deploying exploit kits and is now using social engineering attacks to trick users into ...
Continue Reading

Threat Actors Use Fake Sites for Espionage

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

New Qbot Phishing Attack Pretends to be Windows Defender to Trick Its Victims

One of the most dangerous pieces of malware is back with a new campaign that takes advantage of social engineering techniques to look convincing enough to fool your users.
Continue Reading

Members of the Cybercrime Group Responsible for NotPetya Indicted by U.S. Government

Six members of the Russian hacker group known as Sandworm who have carried out some of the most well-known cyberattacks in the last 6 years appear to have been brought to justice.
Continue Reading

Trends in Malicious Attachments Used in Phishing Emails

People need to be familiar with the types of malicious attachments used in phishing emails, according to Lawrence Abrams at BleepingComputer. One of the most common methods of installing ...
Continue Reading

The Most Dangerous Celebrity of 2020...

...Is Anna Kendrick, according to researchers at McAfee. The researchers analyzed Internet search results for celebrities and found that Kendrick’s search results (through no fault of her ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews