ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa ESET researchers have discovered a previously undocumented Lazarus backdoor, which they have dubbed Vyveva, being used to attack a freight logistics company in South Africa. The backdoor consists of multiple components and communicates with its C&C server via the…
Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime Group-IB: Administrator, Seller and Buyer Data Also Stolen Doug Olenick (DougOlenick) • April 8, 2021 Here’s a guide to the national origin of card data that was stolen from the Swarmshop market. (Source: Group-IB) For the second time in two years, the contents of…
Account Takeover Fraud , Card Not Present Fraud , Cybercrime Cybercriminals Using Web Shells to Control Retailers’ Servers Doug Olenick (DougOlenick) • April 9, 2021 Visa’s Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over retailers’ servers during payment card skimming attacks. See Also:…
A newly-discovered Android malware app called FlixOnline promised users access to Netflix content from all around the world on their smartphones before exploiting access to their WhatsApp, according to Check Point Research. Troubling, the app was not solely on third-party app stores – it was, instead, found on the Google Play Store, using Netflix imagery to…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management ESET Report Ties ‘Vyveva’ Backdoor to North Korean APT Group Akshaya Asokan (asokan_akshaya) • April 9, 2021 Example of how the “Vyveva” backdoor works (Source: ESET) The Lazarus Group, a North Korean-linked advanced persistent threat group also known as…
Account Takeover Fraud , Card Not Present Fraud , Cybercrime Cybercriminals Using Web Shells to Control Retailers’ Servers Doug Olenick (DougOlenick) • April 9, 2021 Visa’s Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over retailers’ servers during payment card skimming attacks. See Also:…
Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor’s update server in a supply-chain attack. Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system. Starting around March 27th, users suddenly found their Gigaset…
Pune: Personal data of 500 million LinkedIn users, two thirds of its user base, has been scraped and is for sale online, according to a report from Cyber News. The data up for sale on a popular hacker platform includes account IDs, full names, email addresses, workplace information and links to social media accounts of…
Thousands of cyber-criminals have had their personal data leaked online after a popular carding forum was hacked, according to Group-IB. The Singapore-based security firm said it discovered that data belonging to users of the Swarmshop site was leaked to another underground forum on March 17. “The database was posted on a different underground forum and…
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. According to the cybersecurity firm, the malware was designed with the ability to automatically respond to incoming WhatsApp messages on behalf of its victims, and the content of the response was provided by a remote server. CPR found…
