TL;DR: Record-Breaking March (16th Week)

Security researchers have discovered several new malwares; a campaign in North Korea targets yet another operating system; and security forces have successfully arrested Internet fraudsters. The month of March was a record-breaking month in the number of ransomware attacks; and possible victims of ransomware groups include a Canadian hospital and a German superyacht manufacturer.

Library containing malware

McAfee Mobile Research Team security researchers have published information about a software library containing the Goldoson malware. The malware was found in 60 apps of ONE store and Google Play Store in Korea, and the apps had a total of approximately one hundred million downloads. The malware performed clicking on ads without user’s consent and collected information about installed apps, Wi-Fi, Bluetooth and GPS.

New malware

Cyble security researchers have published information about a new Android malware referred to as Chameleon. It has been active since January 2023 and targets users in Australia and Poland. The malware has various capabilities, e.g. disabling Google Play Protect service, SMS-harvesting and spoofing login windows to various services (e.g. crypto, banking or government).

“Operation DreamJob” continues

A hacker group attributed to North Korea’s Lazarus Group continues to spread malware through fake interviews with IT job candidates. The news is that the group has for the first time started sharing malware targeting the Linux operating system.

Potential data leak

ICICI International Bank had poorly configured servers, allowing a potential leak of 3.6 million records containing sensitive data. For example, freely available for download were credit card numbers, full names, dates of birth, home addresses, phone numbers, e-mails, personal identification documents (e.g. passports and ID cards), and so on.

Arrested cybercriminals

Europol, in cooperation with the security forces of Bulgaria, Romania and Israel, has successfully arrested five people responsible for online fraud. The fraudsters used advertisements to trick victims into committing small amounts as initial investments by promising big profits. Subsequently, the victims were contacted and promised higher profits on bigger investments.


  • The LockBit ransomware gang is likely creating an encryptor targeting macOS devices. The samples that have been found in this connection are so far non-functional.
  • Lürssen, a German superyacht and sea-going vessel maker for the German navy, suffered a ransomware attack. The attack disrupted operations and is under investigation.
  • The Cornwall Community Hospital in Canada has become a target of a cyberattack (probably a ransomware). The attack caused delays to non-urgent care.
  • Sucuri security researchers have published information about the Eval plugin for WordPress, which has not been updated for more than 10 years. The plugin is being exploited by attackers as a vulnerability allowing a remote malicious code execution and providing persistence because it is more invisible than other methods.
  • An investigation of a possible attack leading to the theft of data from the network of cybersecurity firm Darktrace has found no evidence of a successful penetration.
  • March 2023 was the most prolific month, measuring 459 ransomware attacks. It broke a record in the number of attacks per month and increase of 91% from February.
  • A new strain of malware, dubbed Domino, indicates a collaboration between the financially motivated cybercrime group FIN7 and members of the now-defunct Conti ransomware gang.

« Späť na zoznam