#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Infostealer | Breaking Cybersecurity News | The Hacker News

Category — Infostealer
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Sep 30, 2024 Identity Theft / Phishing Attack
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this , as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn't a new technique – so what's changed? Session hijacking has a new look When we think of the classic example of session hijacking, we think of old-school Man-in-the-Middle (MitM) attacks that involved snooping on unsecured local network traffic to capture credentials or, more commonly, financial details like credit card data. Or, by conducting client-side attacks compromising a webpage, running malicious JavaScript and using cross-site scripting (XSS) to steal the victim's session ID.  Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based attack perfo
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024 Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Jun 19, 2024 Cybercrime / Cryptocurrency
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys , StealC , and Atomic macOS Stealer (AMOS), Recorded Future's Insikt Group said in an analysis published this week. "This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications," the cybersecurity company noted , describing markopolo as "agile, adaptable, and versatile." There is evidence connecting the Vortax campaign to prior activity that leveraged trap phishing techniques to target macOS and Windows users via Web3 gaming lures. A crucial aspect of the malicious o
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

Apr 21, 2024 Malware / Cryptocurrency
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server  IP address  has been previously identified as associated with the malware. RedLine Stealer,  first documented  in March 2020, is typically delivered via email and malvertising campaigns, either directly or via  exploit kits  and loader malware like  dotRunpeX  and  HijackLoader . The off-the-shelf malware is capable of harvesting information from cryptocurrency wallets, VPN software, and web browsers, such as saved credentials, autocomplete data, credit card information, and geolocations based on the victims' IP addresses. Over the years, RedLine Stealer has been co-opted by several threat actors into their attack chains, making it a prevalent strain spanning North America, South America,
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware

Jan 05, 2024 Network Security / Malware
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol ( BGP ) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the company  said  in a message posted on X (formerly Twitter). However, the company emphasized no personal data was compromised and that the incident only affected some browsing services. The threat actor, who goes by the name Ms_Snow_OwO on X,  claimed  to have gained access to Orange Spain's RIPE account. RIPE is a regional Internet registry ( RIR ) that oversees the allocation and registration of IP addresses and autonomous system (AS) numbers in Europe, Central Asia, Russia, and West Asia. "Using the stolen account, the threat actor modified the AS number belonging to Ora
The Alarming Rise of Infostealers: How to Detect this Silent Threat

The Alarming Rise of Infostealers: How to Detect this Silent Threat

Jul 26, 2023 Malware / Data Safety
A new study conducted by Uptycs has uncovered a stark increase in the distribution of information stealing (a.k.a. infostealer or stealer) malware. Incidents have more than doubled in Q1 2023, indicating an alarming trend that threatens global organizations. According to the new Uptycs' whitepaper,  Stealers are Organization Killers , a variety of new info stealers have emerged this year, preying on Windows, Linux, and macOS systems. Telegram has notably been used extensively by these malware authors for command, control, and data exfiltration. What is a Stealer? A stealer is a type of malware that targets its victim by stealing sensitive information that can include passwords, login credentials, and other personal data. After collecting such data, the stealer sends it to the threat actor's command and control (C2) system. RedLine and Vidar, two well-known stealers, took advantage of log-providing services to infiltrate private systems. RedLine primarily targets credenti
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

Apr 28, 2023 Data Security / Malware
A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called  ViperSoftX . ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that  leveraged  the malware to distribute a malicious Google Chrome extension capable of siphoning cryptocurrencies from wallet applications. Now a  new analysis  from Trend Micro has revealed the malware's adoption of "more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking." The arrival vector of ViperSoftX is typically a software crack or a key generator (keygen), while also employing actual non-malicious software like multimedia editors and system cleaner apps as "carriers." One of the key steps performed by the malware before downloading a first-stage Po
Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques

Apr 05, 2023 Cyber Threat / Dark Web
The threat actor behind the information-stealing malware known as  Typhon Reborn  has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis. The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 for a lifetime subscription. "The stealer can harvest and exfiltrate sensitive information and uses the Telegram API to send stolen data to attackers," Cisco Talos researcher Edmund Brumaghin  said  in a Tuesday report. Typhon was  first documented  by Cyble in August 2022, detailing its myriad features, including hijacking clipboard content, capturing screenshots, logging keystrokes, and stealing data from crypto wallet, messaging, FTP, VPN, browser, and gaming apps. Based on another stealer malware called  Prynt Stealer , Typhon is also capable of delivering the XMRig cryptocurrency miner. In November 2022, Palo Alto Networks Unit 42  unearthed  an
3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!

3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!

Mar 30, 2023 Supply Chain / Software Security
3CX said it's  working on a software update  for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers  said . The cybersecurity firm is tracking the activity under the name SmoothOperator , stating the threat actor registered a massive attack infrastructure as far back as February 2022. There are indications that the attack may have commenced around March 22, 2023. 3CX, the company behind 3CXDesktopApp,  claims  to have more than 600,000 customers and 12 million users in 190 countries, some of which include well-known names like American Expres
Expert Insights / Articles Videos
Cybersecurity Resources