Share Blog post
The authors of Smoke Loader have revamped its infection technique and introduced 64bit payload. Significant changes have been made to the malware in order to bypass Windows Defender and other Antivirus software after Microsoft came out with its countermeasures. The current version injects itself into a running instance of Windows Explorer instead of creating a hallow process.
The PlugX remote access trojan (RAT) has been found spreading via campaigns targeting pharmaceutical organizations in Vietnam, in order to steal drug formulas and business information. Once infecting a system, the malware allows hackers to modify files, log keystrokes, steal passwords and capture screenshots of user activity.
A new VBScript downloader, dubbed ARS VBS Loader, has been found affecting computers running the Microsoft Windows operating system that supports Windows 10. It is a spin-off of a downloader called SafeLoader VBS. The downloader uses fake email attachments to trick users into clicking on them.
Reports have been released that several Instagram accounts have been hacked, leading to assumptions that the Instagram servers have been compromised. Researchers are suspecting a group called the Saudi Electronic Army behind the breach. However, Instagram says that the problem is a result of a system bug.
Patient data exposed
An unauthorized third party might have gained access to Texas Health Resources last October. The event was part of a larger incident affecting multiple entities across the country. Exposed patient information included names, medical record numbers, birth dates, addresses, insurance information, and clinical information of around 4000 patients.
Posted on: April 17, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.