Select Page
Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that’s under active development.

“Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new, multifunctional tool used by actors that historically favoured other malware,” enterprise security firm Proofpoint said in a report shared with The Hacker News.

Campaigns distributing the new highly sophisticated loader are said to have commenced in March 2022, while sharing overlaps with malicious activity leading to the deployment of Conti and Diavol ransomware, raising the possibility that the loader could act as a precursor for ransomware attacks.

“Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns,” the researchers said.

Besides featuring anti-virtualization checks, Bumblebee is written in C++ and is engineered to act as a downloader for retrieving and executing next-stage payloads, including Cobalt Strike, Sliver, Meterpreter, and shellcode.

images from Hacker News

Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

Elon Musk, CEO of SpaceX and Tesla and Twitter’s new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform’s direct messages (DM) feature.

“Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages,” Musk said in a tweet.

The statement comes days after the microblogging service announced it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash.

The deal, which is expected to be closed over the next six months, will see it becoming a privately held company.

“Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated,” Musk said in a statement.

images from Hacker News

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan.

“When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server,” Bitdefender said in a new report shared with The Hacker News.

Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others.

Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware.

images from Hacker News

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX.

Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG.

“The war in Ukraine has prompted many countries to deploy their cyber capabilities to gain insight about global events, political machinations, and motivations,” the cybersecurity firm said in a report shared with The Hacker News. “This desire for situational awareness often extends to collecting intelligence from allies and ‘friends.'”

Bronze President, active since at least July 2018, has a history of conducting espionage operations by leveraging custom and publicly available tools to compromise, maintain long-term access, and collect data from targets of interest.

Chief among its tools is PlugX, a Windows backdoor that enables threat actors to execute a variety of commands on infected systems and which has been employed by several Chinese state-sponsored actors over the years.

images from Hacker News

Google’s New Safety Section Shows What Data Android Apps Collect About Users

Google’s New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new “Data safety” section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties.

“Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties,” Suzanne Frey, Vice President of product for Android security and privacy, said. “In addition, users want to understand how app developers are securing user data after an app is downloaded.”

The transparency measure, which is built along the lines of Apple’s “Privacy Nutrition Labels,” was first announced by Google nearly a year ago in May 2021.

The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it’s being used, and how it’s handled, while also highlighting what data is being shared with third-parties.

On top of that, the labels can also show an “app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted,” Frey noted, in addition to validating those practices against security standards such as the Mobile Application Security Verification Standard (MASVS).

images from Hacker News