Hackers are currently exploiting an old vulnerability in Microsoft Excel to inject a newly identified malware known as ‘Agent Tesla.’ This malicious software is capable of either cleaning up a database or discreetly gathering intelligence, depending on the commands it receives from the C2C servers. A study conducted by Zscaler ThreatLabz reveals that the malware’s distribution begins with a phishing campaign. Subsequently, it responds to the hackers’ commands to collect intelligence or, if necessary, wipe out stored information.
In a separate incident, a JavaScript malware has been detected infecting servers across 40 financial institutions worldwide. This web-based malware is estimated to have affected at least 50,000 online sessions within financial institutions in North America, Europe, Japan, and Canada. The primary objective is to compromise popular banking applications, steal credentials, and drain funds from accounts. The infection spreads through hackers injecting malware in the form of scripts into the webpage framework of banking institutions. The malware then lies dormant before taking control from the admin and transferring it to the hacker, who can access currency transfer apps or use it for malvertising purposes.
AT&T Alien Labs cybersecurity researchers have uncovered a new campaign where criminals are circulating JaskaGO malware among Windows and MacOS users. This malicious software, based on the GO Programming language, can exfiltrate information and deploy additional payloads. Upon installation, the malware checks whether it is running in a virtual environment or sandbox, and then performs server-related tasks to evade detection by malware detection tools. Once established, it connects with a remote server and operates according to the hacker’s commands.
Delft, a Denmark-based cybersecurity firm, suggests that blockchain technology can not only help mitigate malware risks but also act as a catalyst in its spread. Criminals can use the blockchain network to hide their tracks as soon as their code is triggered, creating an environment favorable for crypto-miners and potentially leading to the development of innovative malware tools.
Microsoft has issued an alert regarding the resurgence and spread of QakBot malware, distributed through an email phishing campaign impersonating an IRS employee. QakBot, active since 2008, had its crime infrastructure seized by the FBI in 2022 during ‘Operation Duck Hunt.’ However, a small campaign targeting the hospitality industry was observed from December 11th, 2023, indicating the re-emergence of the criminals spreading the malware.
A recent report published by Threat Fabric suggests the emerge of a new malware variant named Chameleon Android that is known to steal banking related info along with the control of the whole device. Meaning it has the potential to disable the fingerprint and the PIN used for authentication and is being circulated via legitimate applications that are being propelled via Google Play Store. Interestingly, the malware can only propagate on new Android 13 and later version and so those devices still running on the older versions appear to be safe from this new malware threat.