Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Coronavirus news used by Emotet and Trickbot to evade detection

Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, new campaigns aim at spreading TrickBot and Emotet Trojans. Experts warn of new Coronavirus-themed attacks that are spreading TrickBot and Emotet Trojans. Operators behind these campaigns are using new Coronavirus-themed messages to attempt to bypass security software. The trend was first reported […]

coronavirus samples

Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, new campaigns aim at spreading TrickBot and Emotet Trojans.

Experts warn of new Coronavirus-themed attacks that are spreading TrickBot and Emotet Trojans.

Operators behind these campaigns are using new Coronavirus-themed messages to attempt to bypass security software. The trend was first reported by researchers at MalwareHunterTeam a month ago.

Crypters are software used to encrypt, obfuscate, and manipulate malware, to evade detection of solutions that employ machine-learning or artificial intelligence.

Researchers from BleepingComputer discovered that the crypters for TrickBot and Emotet have started using news stories about the Coronavirus outbreak.

“For example, TrickBot samples seen by BleepingComputer utilizes strings taken from CNN news stories as part of the malware’s file description.” reported BleepingComputer.

Copyright passengers were sent to government quarantine centers
Product The restrictions will ban travel to the US from 26 European countries
Description Singapore has 187 confirmed cases of the virus
Original Name Just because someone who had the coronavirus
Internal Name Just this week, the Grand Princess cruise ship docked
File Version 1.0.0.1 

The researchers also detected an Emotet sample that uses strings from a CNN news story for its file information.

This information is then shown in the Details tab of the malware’s properties as shown below.

The samples created using crypters that employed Coronavirus strings could bypass Artificial Intelligence/Machine Learning systems.

During this period, users should pay attention to any unsolicited Coronavirus-themed emails, here you can find the list of COVID19-themed attacks observed between February 1 and March 15, 2020.

Experts are also warning of thousands of COVID-19 scams and malware sites that are being created every day.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, COVID19)

[adrotate banner=”5″]

[adrotate banner=”13″]