Remove Communications Remove Libraries Remove Manufacturing
article thumbnail

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. .

article thumbnail

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Last week, Microsoft confirmed that the threat was discovered on the networks of multiple customers , including organizations in the technology and manufacturing sectors.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malicious code also changed its communication method and lateral movement to avoid detection. Initial access is typically through infected removable drives, often USB devices.

article thumbnail

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors. The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption.

Libraries 106
article thumbnail

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) and sends it to a server under the control of the attackers ([link]. ” continues the report.

article thumbnail

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Now Microsoft confirmed that the threat was discovered on the networks of multiple customers, including organizations in the technology and manufacturing sectors.

article thumbnail

Developer Sabotages Open-Source Software Package

Schneier on Security

The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads. […].

Libraries 105