By Habiba Rashid
Nexus contains a module equipped with encryption capabilities which point towards ransomware.
This is a post from HackRead.com Read the original post: New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

****The developer of the Android botnet is rending out Nexus through a Malware-as-a-Service (MaaS) subscription for $3000 per month.****

A recent detailed technical analysis by Cleafy security researchers warns users about a new Android banking botnet called Nexus that was introduced by an individual on various underground hacking forums in January 2023.

The malware developer claimed that Nexus was entirely coded from scratch and that it could be rented out through a Malware-as-a-Service (MaaS) subscription for $3000 per month. 

MaaS is a business model employed by cybercriminals to rent or sell their malware to other parties, particularly those who lack the technical knowledge to develop their own malware. This model is widely used in the distribution of Android banking trojans, as malware authors leverage MaaS platforms to reach a broader audience.

Nexus is a banking Trojan that primarily targets banking applications installed on Android devices. Nexus contains all the main features to perform Account Takeover attacks (ATO) against banking apps from all over the world and cryptocurrency services.

It can perform overlay attacks, keylogging activities, and steal SMS messages to obtain two-factor authentication codes. Through the abuse of the Accessibility Services, Nexus can steal some information from crypto wallets, the 2FA codes of the Google Authenticator app, and the cookies from specific websites.

Nexus is also equipped with a mechanism for autonomous updating. It asynchronously checks against its C2 server for updates when the malware is running. If the value sent back from the C2 does not correspond to the one installed on the device, the malware starts the update process. Otherwise, it ignores the value and continues with all its routine activities.

The malware is distributed through a MaaS platform called “Nexus Botnet,” which allows attackers to customize and distribute the malware as per their needs. The platform offers various features, including control panel access, auto-update, and anti-analysis techniques, making it harder for security researchers to detect and mitigate the threat.

Despite its authors claiming that the source code was written entirely from scratch, some code similarity with SOVA, an Android banking trojan that emerged in mid-2021, suggests that they may have reused some parts of its internals.

This is what the malware developer has to say about the Nexus Android banking trojan (Image: Cleafy)

The SOVA author, who operates under the alias “sovenok,” called out an affiliate who rented SOVA previously for stealing the entire source code of the project. This event could explain why parts of the SOVA source code have been passing through multiple banking trojans.

Nexus also contains a module equipped with encryption capabilities which point towards ransomware. However, the company clarified that the module appeared to be undergoing development due to the presence of debugging strings and the lack of useful references. 

“At the time of writing, the absence of a VNC module limits its action range and its capabilities; however, according to the infection rate retrieved from multiple C2 panels, Nexus is a real threat that is capable of infecting hundreds of devices around the world. Because of that, we cannot exclude that it will be ready to take the stage in the next few months,” the advisory concluded.

1.  ‘Geost’ banking botnet hits Android devices
2.  New Matryosh DDoS botnet hits Android devices
3.  Cryptomining botnet malware hits Android devices
4.  Sockbot Malware Turns Android Devices into Botnet
5.  Viking Horde malware turns Android phones into botnet

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

By Deeba Ahmed
As per a report from AhnLab Security Emergency Response Center (ASEC), poorly managed Linux SSH servers are becoming…
This is a post from HackRead.com Read the original post: ShellBot DDoS Malware Targets Linux SSH Servers

As per a report from AhnLab Security Emergency Response Center (ASEC), poorly managed Linux SSH servers are becoming the targets of a new campaign in which different variants of ShellBot malware are being deployed.

**What is meant by Poorly Managed Servers?**

Poorly managed services refer to weak account credentials, which make the server vulnerable to dictionary attacks. Services such as MS-SQL and RDP (remote desktop protocol) are often targeted.

In Linux servers, SSH (secure shell) services are the primary targets. In IoT environments, dictionary attacks are targeted against the Telnet service installed on an embedded Linux OS or an old Linux server.

**What is ShellBot?**

ShellBot, also known as PerIBot, is an old DDoS bot malware developed in Perl. The malware typically uses Internet Relay Chat/IRC protocol to establish communication with its C2 server.

Currently, the malware is being used to launch attacks against insecure Linux systems, targeting servers with weak credentials. It is deployed on a system after attackers use scanner malware to determine whether the system has SSH port 22 open.

**Attack Details**

ASEC researchers noted that ShellBot was used in attacks targeting Linux servers that were distributing cryptocurrency miners through a shell script compiler.

“If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets after receiving a command from the threat actor,” ASEC’s report read.

The attack begins by using a list of SSH credentials to launch a dictionary attack and breach the server. Once this is accomplished, the threat actor deploys the payload and leverages the IRC protocol to communicate with the C2 server and receive commands that instruct ShellBot to conduct DDoS attacks and steal data.

**Different ShellBot Variants Used in the Campaign**

According to ASEC researchers, three variants of ShellBot were identified, including LiGhT’s Modded perlbot v2, DDoS PBot v2.0, and PowerBots (C) GohacK. The first two versions feature a wide range of DDoS attack commands with HTTP, UDP, and TCP protocols.

Conversely, PowerBots are equipped with backdoor-like capabilities that can provide shell access and upload arbitrary files from the infected host. Threat actors can use these backdoor capabilities for the installation of additional malware and launch different types of attacks, abusing the server.

1.  Windows, Linux and macOS Users Hit by APT Group
2.  Multi-platform SysJoker backdoor hits Linux Devices
3.  DDoS Malware ‘Chaos’ Hits Linux and Windows Devices

ShellBot DDoS Malware Targets Linux SSH Servers

By Waqas
Pinduoduo has confirmed the incident, but denied the presence of malware in its app.
This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

****The company has criticized the cherry-picking of its app, arguing that other apps have been suspended at the same time and it’s not fair to single out their app.****

Google has temporarily suspended Pinduoduo, a leading Chinese budget shopping app, from its Play Store due to the discovery of malware in certain versions of the app.

The news of Pinduoduo’s ban came just a couple of weeks after Shein, another Chinese shopping giant, was caught copying clipboard content on Android phones of users who were using its older version.

In a statement issued on Tuesday, Google stated that it found malware in some versions of the app that were not available on the Play Store. The company has enforced Google Play Protect, which scans installed Android phone apps for malicious behaviour, on these allegedly harmful apps.

Google has set the Play Protect enforcement to block the installation of these apps and prompt users to uninstall them if they have already downloaded them to their devices.

Pinduoduo has confirmed that it is in communication with Google for further information, and it has also stated that several other apps have been suspended at the same time. Pinduoduo has over 900 million users and is one of China’s most popular e-commerce platforms.

Pinduoduo made a name for itself with its group-buying business model, which allowed users to save money by pooling together and buying items in bulk.

The app’s US-listed parent company, PDD, launched Temu, an online shopping platform in the United States last year, which has quickly become the most downloaded app in the US for both iOS and Android.

The app has been downloaded 24 million times since its launch in September and has more than 11 million monthly active users.

At the time of publication, the Pinduoduo app was unavailable on the Play Store. (Screenshot: Hackread.com)

In a statement, Pinduoduo said that “we strongly reject the speculation and accusation by some anonymous researcher and non-conclusive response from Google that Pinduoduo app is malicious.”

Malware refers to any software developed to steal data or damage computer systems and mobile devices. When hidden in apps, it can be used to gain unauthorized access to information on a user’s phone.

Google has not mentioned Temu in its statement, and the app is still available to download on the Play Store. Pinduoduo has strongly rejected the accusations of malicious activity and speculation surrounding the suspension of its app.

1.  Google removes ClearURLs Chrome extension
2.  Google Ads drop FatalRAT in fake messenger apps
3.  Apple removes Clearview AI iPhone app from Store
4.  Zombinder Lets Hackers Add Malware to Legit Apps
5.  Google bans Avast security extensions over snooping

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

By Waqas
Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected.
This is a post from HackRead.com Read the original post: Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

****The vulnerability could potentially be used to access sensitive information by others.****

New research has revealed that Microsoft’s Snipping Tool for Windows 11 and the Snip & Sketch tool in Windows 10 has a vulnerability that could allow sensitive information to be accessed by others.

The vulnerability was discovered by David Buchanan, who found that if a screenshot was taken, saved and then cropped and saved again, the data may still be available in the file, and with a few “minor changes” the information could be accessed.

While the vulnerability appears to be somewhat limited, Buchanan warns that information people thought they had deleted may still be floating around on the internet.

> – Take a screenshot.  
> – Press the save icon.  
> – Crop the screenshot.  
> – Press the save icon and save to the same file (the default!)
> 
> — David Buchanan (@David3141593) March 21, 2023

This discovery comes on the heels of a previous report by Buchanan and researcher Simon Aarons about the “acropalypse” vulnerability for Pixels, which highlighted the risk of sensitive information being left intact in images created using the tool.

Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected.

1.  Fake Windows 11 Downloads Drop Vidar Malware
2.  9-year-old Windows flaw drops ZLoader malware
3.  Chinese Hackers Hiding Malware in Windows Logo
4.  QBot Exploits Windows Calculator to Hack Devices
5.  Software bug lets one gain admin rights on Windows

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

By ghostadmin
Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the company’s client data. According…
This is a post from HackRead.com Read the original post: Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

Ferrari, the renowned Italian luxury car manufacturer, suffered a cyber incident that compromised the company’s client data. According to a statement released by Ferrari, the incident resulted in unauthorized access to certain company systems.

The company has not disclosed the exact nature of the attack, but it has confirmed that it involved a ransomware attack.

“Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details,” the statement said.

**More Context**

1.  Ferrari Subdomain Hacked to Host NFT Scam
2.  Automotive Industry Have Major API Vulnerabilities
3.  Denso ransomware attack – Pandora gang steals data

The cyber incident is a significant blow to Ferrari’s reputation, given the company’s image as a symbol of luxury and exclusivity. The company has always prided itself on its attention to detail and its commitment to excellence, but this incident suggests that it may have been vulnerable to cyber threats.

Ferrari has not disclosed the extent of the data breach, but it has confirmed that some of its data was stolen by hackers. The company has also revealed that it was asked to pay a ransom to the hackers to prevent the stolen data from being made public. However, it made its stance clear in the refusal to pay the ransom. The amount of the ransom demanded has not been disclosed. 

“As a policy, Ferrari will not be held to ransom, as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks,” the company said.

“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident,” Ferrari said.

The incident underscores the importance of cybersecurity for all businesses, regardless of their industry or size. Even companies as prestigious as Ferrari are not immune to cyber threats, and they must take proactive steps to protect themselves against cyber attacks.

Ferrari has said that it is cooperating with law enforcement agencies to investigate the incident and has also engaged a third-party cybersecurity firm to help bolster its defences against future cyber threats. The company has also pledged to take all necessary measures to protect its customers’ and stakeholders’ data. It further confirmed that the breach did not affect the operational functions of the company.

The incident should serve as a wake-up call for other companies to take cybersecurity seriously and to invest in robust cybersecurity measures. Cyber threats are an ever-present danger in today’s interconnected world, and businesses must remain vigilant and proactive to protect themselves and their customers from cybercriminals.

In conclusion, the cyber incident at Ferrari is a reminder that no company is immune to cyber threats. Ferrari’s response to the incident demonstrates the importance of transparency and accountability in the face of a cyber attack. It also highlights the need for all businesses to prioritize cybersecurity and invest in comprehensive cybersecurity measures to protect themselves and their customers.

1.  PGA Golf Championship hit with Bitcoin ransomware
2.  Hackers show US Police Dept Vehicles can be hacked
3.  LockBit Ransomware Data Breach at SpaceX Contractor

Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

By Habiba Rashid
Are you wondering why your ChatGPT conversation history has been unavailable since yesterday? Well, here is why!
This is a post from HackRead.com Read the original post: ChatGPT Bug Exposes Conversation History Titles

****A ChatGPT user on Reddit first reported the bug after noticing Chinese language characters in the title of their conversation history.****

Recently, a major bug has been affecting ChatGPT, the language model trained by OpenAI, which resulted in the exposure of conversation histories and caused a temporary outage.

This bug has raised concerns over users’ privacy as some users were able to see other people’s conversation histories. Although the issue was first reported on Reddit by a user who suspected that their account was hacked, it turned out that the bug was responsible for the display of Chinese text in the sidebar.

“I never had these conversations, Reddit user

After the news spread, other users on Twitter also claimed to have seen someone else’s chat histories on their accounts.

Many users criticized ChatGPT for the exposure of conversation histories, calling it a severe violation of user privacy. However, it is important to note that the bug only leaked conversation titles and not the full histories.

Following the incident, ChatGPT temporarily disabled its chat service on Monday to investigate and fix the bug. The chat sidebar now states that the history feature is temporarily unavailable and will be restored as soon as possible.

This ChatGPT bug that exposed conversation histories highlights the need for robust privacy and security measures in online communication platforms. It serves as a reminder of the vulnerability of online communication and the importance of keeping sensitive information secure.

1.  ChatGPT Clone Apps Collecting Data on iOS, Play Store
2.  Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware
3.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
4.  Polymorphic Blackmamba malware created with ChatGPT
5.  Russian Hackers Eager to Bypass Restrictions in ChatGPT

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

ChatGPT Bug Exposes Conversation History Titles

By Waqas
One of the Breach Forums administrators who goes by the alias Baphomet has decided to shut down the forum permanently.
This is a post from HackRead.com Read the original post: Breach Forums to Remain Offline Permanently

****The decision to shut down the Breach Forums came after the admin noticed someone had logged into an old forum CDN server on March 19th, 1:34 EST, 2023, indicating that federal authorities had access to Fitzpatrick’s devices.****

Hackread.com has learned that the infamous hacker and cybercrime forum Breach Forums has been permanently shut down. On March 18th, 2023, it was reported that Conor Brian Fitzpatrick (aka Pompompurin, aka Pom), the owner, founder, and administrator of Breach Forums, was arrested in New York.

The question regarding the forum’s future after Fitzpatrick’s arrest was echoed across different forums, with speculations about whether the forum would be seized by authorities, like its predecessor forum Raid Forums.

The day the news of Fitzpatrick’s arrest surfaced, one of its administrators, who goes by the alias Baphomet, claimed responsibility for taking over the forum to keep it running and protect it from being seized. They also claimed to have cut all of Fitzpatrick’s access to the forum.

However, in a statement made on the official Telegram channel of Breach Forums earlier today, Baphomet has announced the permanent shutdown of the forum. In a statement, Baphomet apologized to forum users for any inconvenience and emphasized that their decision was made for the betterment and safety of everyone.

It is worth noting that Baphomet plans to start a new Breach Forums-like community in the near future. However, for now, all forum domains will be redirected to a website owned by Baphomet.

**Reason for Sudden Shutdown**

The initial plan of administrator Baphomet was to keep Breach Forums online, but what changed their mind? In a statement, the administrator explained that the decision to shut down the forum came after they noticed someone had logged into an old forum CDN server on March 19th at 1:34 EST, 2023, which indicated that federal authorities had access to Fitzpatrick’s devices.

Baphomet stated that running a forum with the fear of law enforcement access would be risky, and the best solution for everyone’s safety was to permanently shut it down. Here’s what Baphomet had to say:

    This will be my final update on Breached, as I've decided to shut it down. I'm aware this news will not please anyone, but it's the only safe decision now that I've confirmed that the glowies likely have access to Pom's machine.
    
    As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately - however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CDN from months ago that no longer hosts any CDN files or configs but rather was used to just download large files from time to time.
    
    Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. 
    
    Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I'm put into a position where nothing can be assumed safe, whether it is our configs, source code, or information about our users - the list is endless. This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow.
    
    As for what this means now, It's complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community.
    
    While the community of Breached will die, I'm going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I'm hoping to work with some of those people to build a new community, that will have the best features of Breached while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.
    
    I'll be taking 24 hours from the sharing of this message to just rest and think. I'll be back online to talk with everyone, and we'll go from there. The domains for the time being shouldn't be seized, but I'll let the community know if any of that happens.
    
    For now - see you, space cowboy.
    
    Baphomet

**What’s Next?**

Although the shutdown of Breach Forums is seen as a positive initiative, for investigators, cybersecurity journalists, and researchers, it may become a rabbit hole. With no reliable community to turn to, cybercriminals could move to Russian-language forums to dump stolen databases, which is a bigger and larger-scale threat to unsuspecting users and organizations.

It is worth noting that Russian hacker forums are already forming alliances with Chinese-speaking hacker groups, which could eventually become a perfect recipe for disaster for adversaries on the opposite side.

1.  WT1SHOP Cybercrime Market Seized
2.  SSNDOB Cybercrime Marketplace Seized
3.  World’s largest private torrent site Filelist seized
4.  Hive ransomware disrupted; servers, site Seized
5.  NetWire malware site, server seized, admin arrested

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Breach Forums to Remain Offline Permanently

By Habiba Rashid
The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack.
This is a post from HackRead.com Read the original post: Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

****The hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.****

On March 17th, 2023, General Bytes, a major manufacturer of cryptocurrency automated teller machines (ATMs), experienced a security incident that resulted in the theft of over $1.5 million worth of Bitcoin. The incident was first reported by General Bytes on their official Twitter account on March 18th.

On Saturday, the company explained, “We released a statement urging customers to take immediate action to protect their personal information. We urge all our customers to take immediate action to protect their funds and personal information and carefully read the security bulletin.”

According to the company’s security bulletin, an attacker was able to remotely upload a Java application using the master service interface, which allowed access to BATM user privileges, the database, and API keys used to access funds in hot wallets and exchanges.

As a result, the hacker was able to download usernames, access password hashes, turn off two-factor authentication, and send funds from hot wallets.

General Bytes has produced 9,505 ATM machines globally, thousands of which are located in the US. However, following the attack, all US operators using General Bytes machines were shut down, and the servers will have to be rebuilt from scratch.

General Bytes is reportedly transitioning crypto ATM operators to self-hosted servers after discontinuing its cloud service. This process can be time-consuming, and it is likely that some operators will be offline for an extended period.

The hacker was able to steal 56.28 bitcoin, worth around $1.5 million, and liquidated other cryptocurrencies, including ETH, USDT, BUSD, ADA, DAI, DOGE, SHIB, and TRX. The bitcoin address holding the stolen funds has not moved since March 18, and some digital currencies were transferred to different locations, including a decentralized exchange platform.

The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack. However, some sources have indicated that the company’s full node is secure enough to prevent unauthorized access to funds.

If you or someone you know has been affected by this incident, follow the solution detailed in General Bytes’ security bulletin, which can also be found below:

A user on Twitter speculated similar sentiments stating that it is likely that the attack was conducted by an individual familiar with the cryptocurrency ATM industry.

“This was made by somebody that knows the system very well, a crypto ATM company/ rogue employee that owns GB ATMs. Is not like the hacker go with a USB stick and plugs it into the ATM and uploads the attack,” they said.

Nonetheless, the breach highlights the need for increased security measures in the cryptocurrency industry to prevent future attacks.

1.  ATMJackpot Malware Stealing Cash From ATMs
2.  OpenSea flaw allowed crypto theft with malicious NFTs
3.  You can now buy ATM malware on Dark Web for $5000
4.  Access:7 Supply Chain Flaws Impact ATMs, IoT devices
5.  ATM bombing suspect blew himself while filming tutorial

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

By Owais Sultan
Revolutionizing Business Operations with Innovative Software Solutions: How Technology is Reshaping the Business Landscape. Starting a business is…
This is a post from HackRead.com Read the original post: Technology and Software Redefine Business Operations

****Revolutionizing Business Operations with Innovative Software Solutions: How Technology is Reshaping the Business Landscape.****

  
Starting a business is something that can come with certain preconceptions. While these preconceptions may occasionally help you (gut feeling should be considered), they can also blind you to elements, and because you weren’t expecting to encounter them, they can have a serious impact on your new business.

Prejudging the steps of starting a business is the equivalent of taking a lax or half-hearted approach to your business. Instead, you want to incorporate a more widespread and thorough understanding into your business plan, as this can make you as prepared and informed as possible, which can only be positive.

However, there are so many possibilities in the entrepreneurial world that it can be easy to place some of them on the backburner compared to more seemingly pressing priorities. To give a helping hand, make sure not to forget about these 3 things. 

**Compliance**

There will always be standards, usually established by the government, that you will need to be compliant with, and these are going to change how you run your business in often crucial ways. Sometimes, this might be something such as health and safety, which can become a routine concern for those in the hospitality industry.

For businesses that aim to be more technologically focused, though, it might be about SOX compliance, which can lead you to software solutions that can help you to meet it. It’s easy to think when starting out that you have total freedom in how you run your business, but limitations such as this can restrict your movements somewhat.

**Insurance**

  
Additionally, when you’re making your business plan, and you’re thinking about how you’re going to spend the income that you’re predicting to make early on, it’s important that you consider absolutely everything that you need.

Insurance is always frustrating in this regard, as it can feel like preparing for something that might never come. If the event in question does occur, though, you’ll be more than glad to have business insurance, and it’s often a legal requirement besides.

Tallying up unexpected costs can be disheartening and cost a lot more than if you had just paid the insurance fee in the first place. Therefore, thoroughly understand everything you need to pay to make your business plan as comprehensive as possible and prevent you from getting caught off-guard by something you left off the list down the road. 

**Tax**

  
The way that you pay tax as a business is going to function differently from what you’re used to, and that is easy to forget or simply not think about as being a problem. As an individual who registers as self-employed, you might technically be categorized as a business entity and know your way around tax, but the kind of money that you’re dealing with for your business, and the type of business you are, could see you handling more tax tasks than you envisioned.

Business tax in itself could refer to any number of different types of tax, which can make this a slightly overwhelming topic to dive into. Don’t forget about this or ignore it. You might find that they don’t all apply to you right off the bat, but going through it, maybe even with financial assistance, could once again put you in a prepared and informed position for your business. 

1.  Businesses Need to Focus More on Cybersecurity
2.  How to choose secure software for your business
3.  Find Trustworthy Tools and Software for Business
4.  Top learning management system (LMS) software
5.  What are the benefits of having ‘pandemic’ software

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Technology and Software Redefine Business Operations

By Deeba Ahmed
Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code.
This is a post from HackRead.com Read the original post: DotRunpeX: The Malware That Infects Systems with Multiple Families

****Currently, **DotRunpeX malware**** **appears to be primarily distributed through phishing emails and malicious Google Ads, presenting a significant threat to users’ systems.****

A new malware that distributes multiple known malware families, including Agent Tesla, FormBook, Ave Maria, NetWire, LokiBot, Raccoon Stealer, Remcos, RedLine Stealer, Vidar, and Rhadamanthys, has been discovered by Checkpoint researchers.

Dubbed DotRunpeX, the malware is a new injector written in .NET, created using the Process Hollowing technique, and used to infect systems with different malware families.

The researchers noted that DotRunpeX is being actively developed. Its infection chain invades the system as a second-stage malware, usually deployed via a downloader or loader delivered via malicious attachments in phishing emails.

Additionally, it can leverage malicious Google Ads that appear in search results to direct unsuspecting users when they search for commonly used software such as LastPass and AnyDesk and send them to copycat sites delivering trojanized installers.

A malicious Google Ad and phishing email that drop the malware (Image: Check Point)

Though the injector is fairly new, there are several similarities it shares with its previous versions. For example, the injector’s name is derived from its version information, which is the same for both versions across all samples the researchers analyzed. They also noted that it contained ProductName – RunpeX.Stub.Framework.

Their analysis revealed that each malware sample had an embedded payload of a specific malware family to be injected, which becomes possible by abusing the vulnerable procexp.sys process explorer driver incorporated into the malware for obtaining kernel mode execution.

They analyzed publicly shared data by independent researchers regarding DotRunpeX but learned that the malware was misattributed to a well-known malware family. Furthermore, they learned that the first-stage loader and the second-stage loader had no connection.

The most recent activity of DotRunpeX was detected in October 2022. It was noticed that using the KoiVM virtualizing protector adds an extra obfuscation layer. These findings were somewhat similar to a malvertising campaign discovered by SentinelOne in February 2023. In that instance, the loader and injector components were referred to as MalVirt.

Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code.

1.  New YTStealer Malware is Hijacking YouTube Channels
2.  YouTube Tutorial Videos Spread Vidar, Raccoon Malware
3.  Adsense abused: 11,000 sites hacked in a backdoor attack
4.  Google Drive behind most malicious Office doc downloads
5.  Google Ads drop FatalRAT in fake messenger, browser apps

Source

HackRead