Weekly Malware Roundup – January 15, 2024

This is the GreyKeep Security Malware Roundup for January 8, 2024. Here’s a summary of what’s in this week’s edition:

Targets

MSSQL Server Windows WordPress Apple Mac

YouTube Apache Hadoop Apache Flink NAS devices

Organizations

Quantum Radiology

Iran

Threat Actors

RE#TURGENCE (Turkey)

Water Curupira

Malware / Ransomware

Mimic (ransomware) NoaBot (cryptominer) Medusa (ransomware) Phemedrone (info stealer) Akira (ransomware)

Lumma Stealer Pikabot Atomic Stealer Balada (injector) Stuxnet

Malware in the News

Microsoft

• Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware
• Windows SmartScreen flaw exploited to drop Phemedrone malware
• Windows Computer Hit with AgentTesla Malware to Steal Data

Apple

• Atomic Stealer Gets an Upgrade – Targeting Mac Users with Encrypted Payload

WordPress

• Balada Injector continues to infect thousands of WordPress sites

Apache

• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Infrastructure

• Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure
• Akira ransomware attackers are wiping NAS and tape backups
• Cloud Server Abuse Leads to Huge Spike in Botnet Scanning

Healthcare

• Quantum Radiology ransomware attack turns nightmare to patients

Government & Military

• US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran

Other Malware News

• Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks
• Mirai-based NoaBot botnet deploys cryptominer on Linux servers
• Free Decryptor Released for Black Basta and Babuk’s Tortilla Ransomware Victims
• Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats

Check out our latest Cybersecurity Daily for more security news, alerts, and products.