1. Home
  2. Discover
  3. Technology
  4. The Hacker News

Watch Out! Trojanized macOS Apps Deploying Evasive Cryptocurrency Mining Malware

The Hacker News Daily Updates
Newsletter
cover

Cloud Security For Dummies ($21.00 Value) FREE for a Limited Time

Embrace the cloud and kick hackers to the curb with this accessible guide on cloud security

Download Now Sponsored
LATEST NEWS Feb 24, 2023

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and labels of the 20 most popular paid apps and the 20 most popular ...

Read More
Twitter Facebook LinkedIn

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software from Apple. "This malware makes use of the Invisible Internet Project (i2p) [...] to download ...

Read More
Twitter Facebook LinkedIn

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as 24 different products, including ...

Read More
Twitter Facebook LinkedIn

The Secret Vulnerability Finance Execs are Missing

The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd part, he told a reporter, was that if he changed a single digit in the URL, suddenly, he could ...

Read More
Twitter Facebook LinkedIn

New Hacking Cluster 'Clasiopa' Targeting Materials Research Organizations in Asia

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools. Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India. This includes references to ...

Read More
Twitter Facebook LinkedIn

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying ...

Read More
Twitter Facebook LinkedIn

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components. "Once infected, S1deload Stealer ...

Read More
Twitter Facebook LinkedIn

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The names of the packages are as follows: aio5, aio6, htps1, httiop, httops, httplat, ...

Read More
Twitter Facebook LinkedIn
cover

Cloud Security For Dummies ($21.00 Value) FREE for a Limited Time

Embrace the cloud and kick hackers to the curb with this accessible guide on cloud security

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Key phrases

remote code execution flaw Washingtonbased real estate developer several Zoho ManageEngine products Users Social Media Accounts Evasive Cryptocurrency Mining Malware Misleading Data Safety Labels critical security vulnerability real estate industry Google Play Store XMRig coin miner Final Cut Pro Invisible Internet Project financial services company DLL sideloading techniques outright false information Jamf Threat Labs multiple threat actors active malware campaign video editing software Python Package Index Trojanized PyPI Packages new information stealer Trojanized macOS Apps

Older messages

Lazarus Hackers Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

Thursday, February 23, 2023

The Hacker News Daily Updates Newsletter cover Cybersecurity Webinar: How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-led

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

Wednesday, February 22, 2023

The Hacker News Daily Updates Newsletter cover Ultimate Guide to Connected Device Security Six steps to secure products and software supply chains Download Now Sponsored LATEST NEWS Feb 22, 2023 Apple

Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

Tuesday, February 21, 2023

The Hacker News Daily Updates Newsletter cover The Hacker News Webinar: A MythBusting Special -- 9 Myths about File-based Threats Say goodbye to the myths and hello to the facts - Register for our

Security Basics Quick Reference Guide

Monday, February 20, 2023

The Hacker News eBook Update Newsletter Security Basics Quick Reference Guide Download For Free Businesses worldwide are at risk for security breaches. Download your free resource now > Request This

Samsung's New Feature Protects Users from Zero-Click Malware Attacks

Monday, February 20, 2023

The Hacker News Daily Updates Newsletter cover The Hacker News Webinar -- How to Tackle the Top SaaS Security Challenges of 2023 Don't let your SaaS apps become the next target - Join our expert-

You Might Also Like

Learning about Android Runtime

Thursday, April 25, 2024

View in browser 🔖 Articles Learning about Android Runtime I always enjoy reading articles that explore how something works under the hood. Here's an article that does exactly that, providing

Stripe changes its … stripes

Wednesday, April 24, 2024

TikTok on the president's docket and Nvidia acquires Run:ai View this email online in your browser By Christine Hall Wednesday, April 24, 2024 Good afternoon, and welcome to TechCrunch PM! Today

💪 You Can Use Copilot AI as a Personal Trainer — Why Your Laptop Needs a Docking Station

Wednesday, April 24, 2024

Also: Here's How to Make Your Apple ID Recoverable, and More! How-To Geek Logo April 24, 2024 📩 Get expert reviews, the hottest deals, how-to's, breaking news, and more delivered directly to

JSK Daily for Apr 24, 2024

Wednesday, April 24, 2024

JSK Daily for Apr 24, 2024 View this email in your browser A community curated daily e-mail of JavaScript news JSK Weekly - 24th April, 2024 React 19 has introduced many great functionalities and

Daily Coding Problem: Problem #1422 [Hard]

Wednesday, April 24, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Airbnb. Given a list of integers, write a function that returns the largest sum of non-

Charted | Artificial Intelligence Patents, by Country 🤖

Wednesday, April 24, 2024

This visualization shows which countries have been granted the most AI patents each year, from 2012 to 2022. View Online | Subscribe Presented by: New on VC+: Our Visual Briefing on the IMF's World

Save your seat: 1Password’s 2024 Security report insights webinar

Wednesday, April 24, 2024

Join us April 25th. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Top Tech Deals 📱 LG Flex TV, Google Pixel 7, DJI Mini 3, and More

Wednesday, April 24, 2024

Get yourself a discounted DJI drone, save on the Pixel 7, or score some PC and phone accessories. How-To Geek Logo April 24, 2024 Top Tech Deals: LG Flex TV, Google Pixel 7, DJI Mini 3, and More Find

The Protest Song Wakes Up 🎙️

Wednesday, April 24, 2024

Is this song the future of musical protest? Here's a version for your browser. Hunting for the end of the long tail • April 24, 2024 The Protest Song Wakes Up A buzzy protest song about the

JSK Weekly - 24th April, 2024

Wednesday, April 24, 2024

React 19 has introduced many great functionalities and features, among which the useOptimistic hook stands out. The useOptimistic hook offers a seamless way to manage UI states during asynchronous