TL; DR: One malware for all (Week 39)

Security researchers have published information about malware that installs a large number of others, a new tool is spreading on hacker forums, and Brazilian payment portal hackers have returned after a year-long hiatus.

Malware mixer

Security researchers from Kaspersky have released information about the new NullMixer malware. It spreads via websites that share cracked software. The malware itself acts as an installer of multiple unrelated malware families with different functionalities (e.g. cryptocurrency mining, password theft, spyware, banking trojans and others).

Advanced hacking tool

A cracked version of the Brute Ratel software has started to spread freely in the Russian and English hacking community. Brute Ratel places agents in compromised network devices, through which attackers can assign various tasks to infected devices, including further propagation on the compromised network (similar to Cobalt Strike).

The return of the Brazilian malware

Security researchers at Kaspersky have published information about the return of the Brazilian Prilex malware. The malware specialises in payment systems developed in Brazil and spreads via spearphishing, the content of which is a prompt to update the payment portal. The compromised portal generates a copy of the payment card after each legitimate payment, sends it to the attackers, who can then carry out illegitimate transactions.

Apology for the attack

Singapore telecommunications company Optus was the target of a cyberattack on 22 September. The company confirmed the attack and said it immediately stopped the attack and protected client data related to payment details. However, it admitted that some data may have been accessible to the attacker, such as address and driver’s license and passport numbers. A few days after the attack, the cybercriminals responsible for the data theft apologised to 10,000 Australians and reportedly deleted the data.


  • Iran’s ongoing protests are also supported by several hacktivist groups that share and sell data, such as phone numbers and emails of government employees, maps of important locations, and proxy/VPN servers to circumvent censorship,
  • the Chaos botnet used for DDoS attacks is expanding rapidly. Specialising in both Windows and Linux devices, the malicious code is written in Chinese and the botnet uses Chinese C2 infrastructure,
  • the IRS in the US warns of an increase in smishing calling for tax payments,
  • SentinelLabs security researchers have released information on the newly discovered, but already 2 years active, Metador cybercrime group. The group targets telecommunications, internet providers and universities in the Middle East and Africa,
  • CloudSEK security researchers warn of a leaked database containing 16 million records related to India’s Swachh platform. The data includes user email addresses, password hashes, phone numbers, IP addresses and more,
  • Israeli contractor Elbit Systems has released information about a cyberattack on its infrastructure in the US. The attack in which the data of 369 employees was stolen is under investigation.

« Späť na zoznam