This is the GreyKeep Security Malware Roundup for January 8, 2024. Here’s a summary of what’s in this week’s edition:
Targets
| iPhone MacOS Android Chromium | Windows MSIX App Installer Python / PyPI |
Organizations
| Banking industry US infrastructure Ukraine government Xerox | Orange Spain loanDepot Capital Health Toronto Zoo |
Threat Actors
| Lazarus (N. Korea) Fancy Bear / APT28 (Russia) Sandworm (Russia) UAC-0050 | Kimsuky (N. Korea) Sea Turtle (Turkey) Anonymous Arabic (Syria) GXC Team |
Malware / Ransomware
| Zeppelin Ransomware RemcosRAT SpectralBlur Lockbit | Bandook RAT Black Basta Ransomware Crypto miners |
Malware in the News
Microsoft / Windows
- Microsoft disables online Windows App Installer after attackers abuse it
- Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign
- New Bandook RAT Variant Resurfaces, Targeting Windows Machines
- Syrian Threat Group Peddles Destructive SilverRAT
Apple
- 4-year campaign backdoored iPhones using possibly the most advanced exploit ever
- New “SpectralBlur” macOS Backdoor Linked to North Korea
Google / Android
- Google: Malware abusing API is standard token theft, not an API issue
- New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
Python
Banking
- Over 1800 global banking apps targeted by 29 malware variants
- Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud
- Carbanak Banking Malware Resurfaces with New Ransomware Tactics
- US mortgage lender loanDepot confirms ransomware attack
Technology
- Turkish Sea Turtle APT targets Dutch IT and Telecom firms
- Russian Hackers Had Covert Access to Ukraine’s Telecom Giant for Months
- Ransomware Group Claims Cyber Breach of Xerox Subsidiary
- Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
Healthcare
Government & Military
Other Malware News
- Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
- Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
- Zeppelin ransomware source code sold for $500 on hacking forum
- Black Basta Buster’ Exploits Ransomware Bug for File Recovery
- Four Cyber Criminals Convicted of Spreading ChatGPT-Assisted Ransomware
- New JinxLoader Targeting Users with Formbook and XLoader Malware
- New Rugmi Malware Loader Surges with Hundreds of Daily Detections
- Toronto Zoo: Ransomware attack had no impact on animal wellbeing
- US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran
Check out our latest Cybersecurity Daily for more security news, alerts, and products.