Cybercrime/malcode – Lifeboat News: The Blog

Aug 7
2025

Infographic Resources on Emerging Technologies and Cybersecurity

Dear Friends and Colleagues, Please see some infographic resources I created to help capture some of the topics of the day. Thanks and best, Chuck

Aug 7
2025

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

Ukraine’s CERT-UA warns of UAC-0099 and Gamaredon phishing attacks using custom malware and social lures.

Aug 7
2025

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

Fake apps from VexTrio on Apple and Google stores mislead users, steal data, and charge hidden fees.

Aug 7
2025

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft unveils AI system Project Ire to automate malware detection, reducing analyst workload and boosting accuracy.

Aug 6
2025

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

ClickFix malware replaced ClearFake in 2024, infecting users via fake CAPTCHAs and trusted platforms.

Aug 6
2025

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.

Aug 5
2025

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

New Android malware PlayPraetor infects 11,000+ devices, targeting banking users via fake Play Store links.

Aug 5
2025

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Undetected for a year, Plague malware targets Linux PAM to hijack SSH access and erase forensic traces.

Aug 5
2025

New Plague Linux malware stealthily maintains SSH access

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems.

Nextron Systems security researchers, who identified the malware and dubbed it “Plague,” describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to avoid detection by traditional security tools.

This malware features anti-debugging capabilities to thwart analysis and reverse engineering attempts, string obfuscation to make detection more difficult, hardcoded passwords for covert access, as well as the ability to hide session artifacts that would normally reveal the attacker’s activity on infected devices.

Aug 5
2025

Ransomware gangs join attacks targeting Microsoft SharePoint servers

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.

Security researchers at Palo Alto Networks’ Unit 42 have discovered a 4L4MD4R ransomware variant, based on open-source Mauri870 code, while analyzing incidents involving this SharePoint exploit chain (dubbed “ToolShell”).

The ransomware was detected on July 27 after discovering a malware loader that downloads and executes the ransomware from theinnovationfactory[.]it (145.239.97[.]206).