Access to Microsoft Teams Authentication Tokens Is Possible without Downloading Complex Malware

Microsoft Teams authentication tokens

Information security specialists have discovered a serious vulnerability in the Microsoft Teams desktop application: a bug allows access to authentication tokens, which, as it turns out, are stored in plain text format, without any protection. Let me remind you that we also reported that SVCReady Malware Loader Uses Microsoft Office Documents for Attack. Researchers from the information security company Vectra …

Read more

Pirated Software Like Hacked 3DMark Is Used to Distribute RedLine Infostealer

RedLine infostealer and pirated software

Zscaler specialists discovered several malicious campaigns in which the RedLine infostealer is distributed under the guise of various pirated software, including 3DMark, Adobe Acrobat Pro, MAGIX Sound Force Pro, and so on. Let me remind you that we also talked about RedLine Stealer Malware Masks as Bots to Buy Binance NFT Mystery Boxes. The researchers say that SEO poisoning and …

Read more

BugDrop Malware Is Already Able to Bypass the Security Mechanisms of Android 13

BugDrop malware and Android 13

Threat Fabric experts say that BugDrop malware developers have already learned how to bypass the new Restricted setting security feature introduced by Google in Android 13. This week, Google released Android 13: the new version of the OS has been deployed to Google Pixel devices, and the source code has been published on AOSP. In this release, the developers tried …

Read more

SOVA Android Malware Will Receive a New Encryptor Module

Android SOVA Malware

The SOVA Android malware is evolving and is now capable of infecting at least 200 mobile apps, including banking and cryptocurrency trading apps. It should be clarified that the first version of the Trojan could infect only 90 applications. According to the latest data from the Italian company Cleafy, new versions of the malware are able to intercept two-factor authentication …

Read more

Raspberry Robin Malware Uses Hacked Qnap Devices in Attacks

Raspberry Robin uses Qnap

According Cybereason analysts, the recently discovered Raspberry Robin Windows worm uses compromised Qnap NAS to spread as intermediate links for its attacks. Let me remind you that the first Raspberry Robin malware was noticed by analysts from Red Canary. In the spring of this year, it became known that the malware has the capabilities of a worm, spreads mainly using …

Read more

Raspberry Robin Worm Discovered in Networks of Hundreds of Organizations

Worm Raspberry Robin

Microsoft experts report that the recently discovered Raspberry Robin worm has been found in the networks of hundreds of organizations from various industries. Although Microsoft has observed how the malware binds to addresses on the Tor network, the targets of the attackers are still unknown, since they have not yet taken advantage of access to the networks of their victims. …

Read more

Beta Version of Raccoon Stealer 2.0 Malware with Improved Features Is Available for Purchase

Raccoon Stealer malware

Sekoia researchers have discovered a new version of the Raccoon Stealer malware, which is sold on hacker forums and offers advanced password stealing capabilities. On June 2, the project operator announced that testing of Raccoon Stealer 2.0 has been going on for 2 weeks. Let me remind you that we also wrote that Raspberry Robin Malware Has Worm Features and …

Read more

IS-specialists Discovered a New Interesting Malware Quantum Lnk Builder

Quantum Lnk Builder

Cyble has published a report on a new malware tool, Quantum Lnk Builder, which has recently been sold on the black market, has a graphical interface that allows creating malicious Windows shortcut (.LNK) files, fake extensions from more than 300 icons, and bypass UAC and Windows SmartScreen. In addition, the builder allows putting “multiple payloads in a .LNK file”, and …

Read more

SVCReady Malware Loader Uses Microsoft Office Documents for Attack

SVCReady malware loader

While studying phishing attacks, HP researchers discovered a previously unknown SVCReady malware loader that features an unusual way of downloading malware to compromised machines – through Word documents. Experts write that SVCReady uses VBA macros to execute shellcode stored in document properties, and the victim’s documents themselves are usually received as attachments in emails. Apparently, the malware is currently in …

Read more