Search This Blog

Latest News

Winja (VirusTotal Uploader)- The Malware Detector!

Cyber-security is an important concern for everyone working from these days, amid the lock-down due to the current Coronavirus pandemic....

All the recent news you need to know

Hackers use fake Zoom domains to spread malware


The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people's video conferencing. This was reported by the security company Check Point.

Researchers note that since the beginning of the virus pandemic, 1,700 domains with the word Zoom have been registered. At the same time, 25% of new domains were registered in the last seven days, and 70 of them are considered suspicious by the company.

Check Point specialists found malicious files like "zoom-us-zoom_##########.exe", where # is a set of digits. After running such a file, the InstallCore batch application is installed on the user's computer, which is used for further downloading malware.

Fraudulent sites that simulate the work of Google Classroom or Google Hangouts have also appeared on the Internet. Disguised sites are created for the purpose of phishing: stealing passwords, credit card data, and other personal information from users. Check Point Cyber Research Manager Omer Dembinsky advised all users to make sure that links to video conferences are secure before using them.

In January of this year, Check Point published a report indicating that Zoom has security flaws. According to the company, hackers could connect to video conferences by generating random numbers that became conference URLs. Zoom then fixed the security breach and made some changes to the service, for example, introducing mandatory password protection for conferences.

Zeus Sphinx Malware Reappears amid Coronavirus Phishing Scams


In this particular scam, the recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. The scam works because people are constrained to stay at home as they can't work in the office because of the quarantine. Zeus Sphinx Banking Trojan is determined as it can replicate files and folders to expand while maintaining to generate the registry keys.


Amid the COVID-19 pandemic, the panic it has caused among the general public has proven to be an advantage for the hackers, as they see it as an opportunity to lure innocent victims in the name of relief funds for COVID-19. Cybercriminals are exploiting the COVID-19 theme by launching spams and phishing email campaigns on their targets. Joining this new stream of attacks, another malware has reappeared after a long time named Zeus Sphinx malware.

About Zeus Sphinx 

According to recent research conducted by a group of cybersecurity experts, the malware Zeus Sphinx, which is also famous as Terdot or Zloader, was used by Hackers to launch cyberattacks using the COVID-19 government relief funds as a bait to lure the victims.

  • Zeus Sphinx was first discovered in August last year, and it became famous as a banking trojan for commercial use, with Zeus v2 being the basis of its core elements. 
  • Zeus Sphinx was infamous for attacking banks over the US, UK, Brazil, and Australia. 
  • Zeus Sphinx has reappeared, but this time, it is using COVID-19 relief funds as a ploy while attacking the users of the corresponding banking institutions in the respected countries. 


How does it work?

The malware is spreading through COVID-19 relief funds files. Here's how it's being covered:

  • The recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. 
  • The forms in.DOC or DOCX file formats are used to gain entry. 
  • When downloaded, the file asks the user for access to enable content. 
  • This activates the Zeus Sphinx, which hijacks the window and establishes a C2 (command-and-control) server for malware. 

Note: Zeus Sphinx has an integrated flaw, which is, the trojan can't attack an updated version of the browser, once it has already been attacked before the update.

Hackers use Bill Gates themed video to sell off Ponzi Crypto Scheme


Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company's former CEO Bill Gates to invest in crypto.


This is not the only attack of it's kind, various other attacks like this have become frequent on YouTube where the hacker hijacks a popular account and broadcast a message from the account- a "crypto giveaway", where the user is offered that if they give some cryptocurrency they'll get it back doubled. And of course, this is a scam and the victim does not get any returns.

These frauds first made their appearance on Twitter but moved on to YouTube as Twitter started weeding these posers out.

These hackers very efficiently gave their scheme an air of legitimacy by live streaming (on 30+ accounts) one of Bill Gates talk given to an audience at Village Global in June 2019 and adding a pop of messages of the Ponzi Scheme. This Ponzi scheme was live streaming on these accounts on YouTube- Microsoft US, Microsoft Europe, Microsoft News, and others.

Though both YouTube and Microsoft denied that any official accounts were hacked some users did report that they found the stream on Microsoft's nonverified accounts.

Most of the scam videos were streaming from hacked accounts with high subscriber numbers, that were renamed as Microsoft US, Microsoft Europe and such to seem more official. The viewed number of the videos was in tens and thousands, also the Bitcoin address in the scheme received thousands of US dollars thus successfully scamming some users.

 Various other organizations have been used by such hackers like Chaos Computer Club, a famous Germany-based hacking community, had their accounts hacked and broadcasted with a similar cryptocurrency scheme.
The most recent and popular case was when the YouTube account of YouTube's founder was hacked back in January. So, these sorts of fraudulent schemes have now become a common affair and it's at the hands of the users not to pay heed to these. Always check the legitimacy of these accounts and it's good to remember to think twice before giving in to an offer that's too good to be real.

Hackers switched from direct theft of money to gaining control over the infrastructure of companies


According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to look for more vulnerable targets. Moreover, the demand for industrial espionage has increased on the black market. However, experts said that the activity of such hacker groups began to decrease against the background of the pandemic.

According to the report, by the end of 2019, the number of attacks aimed at gaining control over the infrastructure of companies and organizations has increased by 40%, while attacks for the purpose of stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure allows attackers to investigate its internal processes in detail, gain deeper access to IT systems and control over them, says Vladimir Drukov, Director of Solar JSOC. He notes that hackers monetize this information by selling it on the black market, blackmailing the victim organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at industrial and energy facilities, as well as government agencies whose control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate infrastructure is increasing. According to antivirus expert Denis Legezo, about 200 groups engaged in cyber espionage are currently being observed. However, the expert notes that during the coronavirus pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies Andrei Arsentyev noted that hackers are usually engaged in industrial espionage by order, including “hunting for various know-how, business development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but also by selling already configured connections to the victim’s local network to other criminals, says Evgeny Gnedin, head of Positive Technologies information security analytics department. Such a model of “access as a service” is gaining momentum today, which explains the increase in the number of such attacks.