Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts.
Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability
Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.
The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions:
Legion Stealer V1 Attacking Users To Gain Webcam Access
A new and sophisticated malware threat has emerged in the cybersecurity landscape, targeting unsuspecting users and potentially compromising their privacy on an unprecedented scale.
Dubbed “Legion Stealer V1,” this malicious software is causing alarm among security experts due to its ability to gain unauthorized access to users’ webcams, among other invasive capabilities.
Legion Stealer V1, written in C#, is a multifaceted threat designed to harvest sensitive data and transmit it to the attacker’s Discord channel. What sets this malware apart is its diverse array of features, which go far beyond simple data theft.
Cybersecurity researchers at ThreatMon observed one of the most concerning aspects of Legion Stealer V1 is its ability to access and potentially record from the victim’s webcam without their knowledge or consent. This capability raises serious privacy concerns, as it could lead to blackmail or other forms of exploitation.
In addition to webcam access, the malware can capture screenshots, gather user and network information, collect disk data, and even perform system reboots.
It also attempts to disable antivirus software and the task manager, making it more difficult for users to detect and remove the threat.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
Legion Stealer V1
Legion Stealer V1 employs sophisticated evasion techniques, including anti-debugging measures and virtual machine detection, to avoid analysis by security researchers.
It can also collect sensitive information from popular chat platforms like Discord, including details about nitro subscriptions, badges, billing information, email addresses, phone numbers, and friend lists.
The malware’s browser compatibility is particularly worrying, as it can target multiple popular browsers including Chrome, Edge, Brave, and Opera GX. This wide-ranging compatibility increases the potential victim pool and makes the threat more difficult to mitigate.
Perhaps most alarmingly, Legion Stealer V1 is being marketed as “undetectable,” suggesting that traditional security measures may struggle to identify and neutralize this threat.
Security experts are urging users to exercise extreme caution, keep their systems updated, and use reputable antivirus software. They also recommend covering webcams when not in use and being vigilant about downloading files or clicking on links from unknown sources.
As the threat landscape continues to evolve, Legion Stealer V1 serves as a stark reminder of the importance of robust cybersecurity practices and the need for constant vigilance in the digital age.
Analyze Unlimited Phishing & Malware with ANY.RUN For Free - 14 Days Free Trial.
On this week’s episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target’s cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape. Read More