Connect with us

Published

on

The malware strain, called DuneQuixote, contains lines taken from Spanish poems to increase persistence and evade detection, with the ultimate goal of cyberespionage.

Security Experts have identified a previously unknown virus targeting a government agency in the Middle East in February 2024 as part of ongoing malicious activity monitoring. named DuneQuixote revealed a cyber espionage campaign.

DuneQuixotesurveils its target and collects sensitive data using a sophisticated set of tools designed for stealth and persistence.

DuneQuixote

Early carriers of the malware disguise themselves as falsified installer files for a legitimate tool called Total Commander. Lines taken from Spanish poems, varying from one example to the next, are embedded in these carriers. This technique aims to make each sample have a different signature, making it difficult to detect by traditional methodologies.

The carrier contains malicious code designed to download additional payloads in the form of a backdoor called CR4T. These backdoors, developed in C/C++ and GoLang languages, aim to give attackers access to the victim’s machine. Specifically, the GoLang variant uses the Telegram API for command and control communication and deploys public Golang telegram API connections.

It identified a victim of the campaign in the Middle East in February 2024. Additionally, uploading the same malware to a semi-public malware scanning service led to more than 30 submissions by the end of 2023. Other suspected VPN exit nodes are located in South Korea, Luxembourg, Japan, Canada, the Netherlands and the United States.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Introduced Scam Copilot 1 Powered by Al Technology

Bitdefender Announces AI-Powered Fraud Defense Platform Scam Copilot!

Published

on

Bitdefender Announces AI-Powered Fraud Defense Platform Scam Copilot!

Bitdefender, a global cybersecurity leader, announced Scam Copilot, an advanced technology platform powered by artificial intelligence (AI).

Scam Copilot, which detects and combats fraud attempts, stands out as an advanced platform designed for devices such as computers, tablets and mobile phones. Providing protection against malware, identity theft and data theft with a strong defense layer, Scam Copilot provides an integrated service in all Bitdefender’s cyber security products.

Scam Copilot

According to the report prepared by the Global Anti-Scam Alliance (GASA), it is stated that global losses due to fraud will exceed one trillion US dollars in 2023. Additionally, the report found that 78% of the nearly 50,000 people surveyed had experienced at least one scam within a 12-month period.

bitdefender The 2024 Consumer Cybersecurity Assessment Report revealed that scams delivered via text message were the most common security incident, affecting almost half of the seven thousand respondents.

Introduced to users by Bitdefender in response to the sharp increase in fraud-related cybercrimes, Scam Copilot was developed powered by Large Language Models (LLMs) and artificial intelligence.

These technologies prevent cybercriminals from creating and distributing highly persuasive phishing messages in any language, making it extremely easy for consumers to detect scams and fraud attempts on their own.

Scam Copilot

“A True Game Changer”

Scam Copilot combines fraud detection and prevention technologies under one roof. The application proactively monitors users during activities such as web browsing, sending e-mail, and chatting via messaging applications, and warns users of the threats it detects.

Leveraging Bitdefender’s real-time global threat intelligence and artificial intelligence, ScamCopilot constantly evolves and adapts seamlessly as new fraud methods emerge.

Main Features and Benefits

  1. Complete Fraud and Fraud Protection: Scam Copilot provides comprehensive protection in digital environments, including web browsing, email, messaging, chat applications, push notifications and calendar invitations.
  1. Intuitive AI-Powered Chatbot Assistance: Scam Copilot provides best practice guidance for users to stay informed about alerts and stay safe. It also includes an advanced chatbot that allows users to engage in natural conversations to get a trusted second opinion on potential scams.
  1. Geographically Specific Fraud Wave Alerts: Scam Copilot warns users about emerging or trending scam campaigns. Alerts provide detailed information about campaign type, distribution methods, key tactics and potential risks, providing users with timely information to prevent evolving threats.
  1. Protection for High Risk Groups: Scam Copilot provides strong protection for groups frequently targeted by scammers, including the elderly, children and teenagers. The platform adapts to user behavior and offers simple and personalized suggestions to take action.
  1. Strengthening Fraud Awareness: Scam Copilot not only protects against scams, it also offers contextual recommendations tailored to specific interactions. It aims to help consumers achieve fraud awareness and feel confident in navigating the digital world safely.
Continue Reading

Security

Lazarus Exploited Chrome Zero-Day Vulnerability

GReAT has uncovered a sophisticated malware campaign by the Lazarus Advanced Persistent Threat (APT) group targeting cryptocurrency investors worldwide.

Published

on

GReAT has uncovered a sophisticated malware campaign by the Lazarus Advanced Persistent Threat (APT) group targeting cryptocurrency investors worldwide.

An attack using the Manuscrypt malware, used by the Lazarus group and documented by GReAT in over 50 unique campaigns targeting various industries, has been detected.

Detailed analysis revealed a sophisticated malicious campaign that relied heavily on social engineering techniques and generative artificial intelligence to target cryptocurrency investors.

The Lazarus group is known for its highly sophisticated attacks on cryptocurrency platforms and has a bad track record of exploiting zero-day exploits. This newly revealed campaign followed the same pattern.

Lazarus

Security researchers found that the threat actor exploited two vulnerabilities, including a previously unknown bug, in V8, Google’s open-source JavaScript and WebAssembly engine.

The zero-day vulnerability in question was fixed with the code CVE-2024-4947 after it was reported to Google. This vulnerability allowed attackers to run arbitrary code, bypass security features, and perform various malicious activities. Another vulnerability was used to bypass Google Chrome’s V8 sandbox protection.

Attackers exploited this vulnerability by luring users to a carefully designed fake gaming website that invited users to compete globally with NFT tanks.

To maximize the effectiveness of the campaign, they focused on building trust and designed details that would make promotional activities appear as real as possible.

In this context, social media accounts were created on X (formerly Twitter) and LinkedIn to promote the game over several months, and artificial intelligence-generated images were used to increase credibility.

Lazarus has successfully integrated generative AI into its operations. Kaspersky experts predict that attackers will design even more sophisticated attacks using this technology.

The attackers also tried to engage cryptocurrency influencers for further promotion. They used their presence on social media to not only spread the threat but also directly target crypto accounts.

Security experts have discovered another legitimate game that appears to be a pioneering prototype of the attackers’ game. Shortly after the attackers launched a campaign to promote their game, real game developers claimed $20,000 worth of cryptocurrency was transferred from their wallets. claimed.

The fake game’s logo and design differed only in logo placement and visual quality, but otherwise mirrored the original. Given these similarities and overlaps in code, security experts emphasize that Lazarus members have gone to great lengths to lend credibility to their attacks.

Continue Reading

Security

Grandoreiro Light Variant Revealed

Grandoreiro continues to be used by its partners in new campaigns, although its key operators were arrested in early 2024. GReAT discovered a new lite version of the attack that focused on Mexico and targeted approximately 30 banks.

Published

on

Grandoreiro continues to be used by its partners in new campaigns, although its key operators were arrested in early 2024. GReAT discovered a new lite version of the attack that focused on Mexico and targeted approximately 30 banks.

Data shows that Grandoreiro has been active since 2016. The threat targeted more than 1,700 financial institutions and 276 cryptocurrency wallets in 45 countries and regions in 2024, and recently added Asia and Africa to its target list, becoming a truly global financial threat.

Security experts say Brazilian authorities are investigating the operators behind the Grandoreiro banking Trojan operation leading to arrest After assisting in a coordinated operation, INTERPOL discovered that the group had split the code base into lighter, fragmented versions of the Trojan to continue their attacks.

Recent analysis identified a diluted version focused primarily on Mexico and used to target approximately 30 financial institutions. The creators of this version likely have access to the source code and are launching new attack campaigns using simplified old malware.

grandoreiro

Multiple variants of Grandoreiro, including the new lite version and its predecessor malware, accounted for approximately 5% of global banking Trojan attacks detected by security experts in 2024, making it one of the most active threats worldwide.

Öncül also analyzed Grandoreiro’s new samples in 2024 and observed new tactics. The attack records mouse activity to mimic real user behavior to avoid detection by machine learning-based security systems that analyze behavior. The malware then replays these recorded natural mouse movements, aiming to trick anti-fraud tools into seeing their activity as legitimate.

Additionally, Grandoreiro has adopted a cryptographic technique known as Ciphertext Stealing (CTS), which he has not previously encountered in malware. The aim here is to encrypt malicious code strings. “Grandoreiro has a large and complex structure.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V