Security Awareness Training Blog

Malware Blog

Covering the latest malware threats affecting software, hardware, cloud networks, etc. Keeping you informed so you can keep your users safe.

FakeSpy Android Malware Distributed via Smishing

Researchers at Cybereason are tracking a sophisticated malware campaign targeting Android devices around the world. The campaign involves a new version of the FakeSpy information-stealing ...
Continue Reading

New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security

Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros.
Continue Reading

[Heads Up] A New Devilish Malware Worm Called Lucifer Is Targeting Your Windows Workstations

Palo Alto Networks’ Unit 42 Security experts have identified a malware worm called Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) ...
Continue Reading

Why BEC Punches Above Its Weight

Business email compromise (BEC) attacks are particularly insidious because they don’t use malware payloads or malicious URLs. That’s a reminder from Evan Reiser, CEO and co-founder of ...
Continue Reading

Fake Zoom Downloader is the Latest Method of Attack on Remote Workers

Riding on the coattails of the massive rise in popularity in the video conference solution, remote workers new to Zoom need to be wary of where they download the installer.
Continue Reading

Implausible Phishbait, But Someone May Bite

Scammers are impersonating FINRA, the Financial Industry Regulatory Authority, in an attempt to deliver malware or steal SharePoint credentials, Help Net Security reports. FINRA issued an ...
Continue Reading

New COVID-19 Malware Variants Render Your Endpoints Useless

Forget cybercriminals out to steal your money and credentials. Security researchers are now finding more malware intent on rewriting master boot records and wiping file systems.
Continue Reading

Zeus Sphinx Banking Trojan is Revived Under the Guise of COVID-19 Assistance

The 5-year old malware variant has reared its ugly head once again after a three-year hiatus – this time attempting to take advantage of the need for COVID-19 financial assistance.
Continue Reading

NASA sees an “exponential” jump in malware attacks as personnel work from home

Ars Technica reports that NASA has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as ...
Continue Reading

Hackers Use Interactive Malicious COVID-19 Map to Spread Malware

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. ...
Continue Reading

Racoon: Infostealer Malware Collects Credentials, Financial and Personal Information

Access to a compromised endpoint may no longer be enough. So, enterprising malware authors offer up infostealers to help exfiltrate valuable data from an infected machine.
Continue Reading

Catphish and Honey Traps

Hundreds of Israeli soldiers had their phones compromised by malware after falling for catfishing attacks purportedly launched by Hamas, Forbes reports. The Israel Defense Forces (IDF) ...
Continue Reading

Emotet-Based Sextortion Scams Net 10 Times More than Necurs-Based Scams

The Emotet trojan just won’t die and appears to be gaining steam as sextortion scams are netting cybercriminals a massive return in exchange for their devious efforts.
Continue Reading

Scam Of The Week: "Kobe Bryant Dead, Dies in Helicopter Crash"

Today, news broke that Kobe Bryant died in a helicopter crash. His daughter Gigi was also on board and died in the crash. This is a celebrity death that the bad  guys are going to be ...
Continue Reading

TrickBot Hackers Have Created the Ultimate “On the Fly” Update Backdoor

The newly-created “PowerTrick” backdoor leaves malware ready to accept new commands and victim organizations perpetually in danger of the next thing the malware’s creators can think of.
Continue Reading

[Heads Up] Iran Has Launched Evil New Malware That Wipes Your Windows Workstations

Zak Doffman posted: "Iran’s state-sponsored hackers have deployed a new strain of malicious malware, warns IBM, which has been aimed at the “industrial and energy sectors” in the Middle ...
Continue Reading

Virtual Hard Disk Images Containing Malware Are Ignored by Windows and Antivirus Engines

This disturbing find by a CERT researcher demonstrates how attackers can encode malicious files within a Virtual Hard Disk (VHD) image that acts in the same way as a ZIP archive.
Continue Reading

Scam Of The Week: See Jeffrey Epstein Last Words On Video

This weekend, news broke that Jeffrey Epstein was found dead in his cell, apparently a suicide. This is a celebrity death that the bad  guys are going to be exploiting in a variety of ...
Continue Reading

Here Are Some Interesting Headlines I Found During Black Hat

Black Hat 2019 - The Craziest, Most Terrifying Things We Saw: I ran into Neil Rubenking when I went to the Qualys party which was in the Foundation Room all the way on top of the ...
Continue Reading

Iranian Hacker Group APT34 Use New ‘Tonedeaf’ Malware over LinkedIn in Latest Phishing Campaign

Targeting several key industries, this new campaign likely seeks to aid the Iranian government with information that could be of use to further Iran’s economic and security goals.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews