Malicious PyPI packages drop ransomware, fileless malware

In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, discusses newly found PyPI packages that pack ransomware, and another package that appears to be safe but silently drops fileless malware to mine cryptocurrency (Monero) on the infected system – all while evading detection. The post Malicious PyPI packages drop ransomware, fileless […]

Continue Reading

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the […]

Continue Reading

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Microsoft reported that the Sysrv botnet is targeting Windows and Linux servers exploiting flaws in the Spring Framework and WordPress. Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. Threat actors use the botnet in a cryptomining campaign targeting Windows […]

Continue Reading