Security Awareness Training Blog

Malware Blog

Covering the latest malware threats affecting software, hardware, cloud networks, etc. Keeping you informed so you can keep your users safe.

New IceID Phishing Attack Targets Website Owners Using Image Copyright Infringement as The Hook

Spotted by the Microsoft 365 Defender Threat Intelligence Team, this new phishing attack threatens legal action to trick victims into installing information-stealing malware.
Continue Reading

[HEADS UP] New Malware Families Found in Phishing Campaign

Researchers from FireEye's security team found new malware families in a financial phishing campaign. The Malware strains are dubbed Doubledrag, Doubledrop, and Doubleback and have been ...
Continue Reading

APT Group Use Voice-Changing Software to Impersonate Women as Part of Espionage Attacks

The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.
Continue Reading

Why Should You Be Using DMARC? 3 Billion Spoofed Emails are Being Sent Everyday

In a recent report from TechRadar, email is still the most popular form of malware distribution. Billions of emails that are spoofed are being sent everyday.
Continue Reading

Credential Harvesting Attacks Targeting the U.S. Federal Government Nearly Double as Malware Declines

Shifts to a remote workforce in 2020 gave cybercriminals an opportunity to change tactics, focusing on credentialed access to systems accessed from outside government networks.
Continue Reading

Trickbot is Targeting the Legal Sector

Researchers at Menlo Security warn of an ongoing Trickbot campaign targeting the legal and insurance industries. Trickbot is a notorious remote access Trojan that was in the crosshairs of ...
Continue Reading

Fake Scandal Video Serves Malware

Researchers at Trustwave warn that a phishing campaign is attempting to deliver malware via a file for a fake scandal video with 'Trump' included in the title. The file is a Java Archive ...
Continue Reading

[HEADS UP] Australian Cyber Security Centre is Being Used in Malware Campaign

A warning was recently issued by the Australian Government of cybercriminals impersonating the Australian Cyber Security Centre (ACSC) to infect with malware.
Continue Reading

Why Use Malware When Cybercriminals Can Use Social Engineering?

Researchers at Malwarebytes warn that a malvertising campaign they call “malsmoke” has stopped deploying exploit kits and is now using social engineering attacks to trick users into ...
Continue Reading

Threat Actors Use Fake Sites for Espionage

Researchers at Volexity report that the Vietnamese threat actor OceanLotus has been using phony news and bogus activist websites to track users, or to trick them into downloading malware. ...
Continue Reading

New Qbot Phishing Attack Pretends to be Windows Defender to Trick Its Victims

One of the most dangerous pieces of malware is back with a new campaign that takes advantage of social engineering techniques to look convincing enough to fool your users.
Continue Reading

Members of the Cybercrime Group Responsible for NotPetya Indicted by U.S. Government

Six members of the Russian hacker group known as Sandworm who have carried out some of the most well-known cyberattacks in the last 6 years appear to have been brought to justice.
Continue Reading

Trends in Malicious Attachments Used in Phishing Emails

People need to be familiar with the types of malicious attachments used in phishing emails, according to Lawrence Abrams at BleepingComputer. One of the most common methods of installing ...
Continue Reading

The Most Dangerous Celebrity of 2020...

...Is Anna Kendrick, according to researchers at McAfee. The researchers analyzed Internet search results for celebrities and found that Kendrick’s search results (through no fault of her ...
Continue Reading

Scammers are using Black Lives Matter as Phishbait

A phishing campaign is using Black Lives Matter-themed phishing lures to trick people into installing malware, Yahoo reports. Adam Levin from Cyberscout told Yahoo that the phishing ...
Continue Reading

Spike in Emotet Attacks Against Government Agencies Seen Around the Globe in September

Attacks involving what is arguably the world’s most dangerous malware are on the rise, with reports from the cybersecurity agencies in Japan, New Zealand, and France.
Continue Reading

Legitimate Services, but still Hook, Line, and Sinker

A malware distribution campaign is abusing organizations’ contact forms to send malicious emails designed to catch the attention of companies’ customer support personnel. The attackers ...
Continue Reading

Organizations Aren’t Prepared to Recover from Cyberattacks on Active Directory

Cybercriminals are increasingly leveraging Active Directory to spread malware and even hold the organization for ransom. New data suggests you’re nowhere near ready for it.
Continue Reading

QBot is Back With New Phishing Tricks

Researchers at Check Point warn that the QBot banking Trojan now has the ability to hijack email threads on infected devices and send malicious emails to the victim’s contacts. The ...
Continue Reading

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews