Npav Lab

We are thrilled to announce that NPAV (Net Protector Antivirus) has been awarded the prestigious AV-Test Advanced Threat Protection (ATP) Certificate, a testament to our cutting-edge capabilities in defending against today’s most sophisticated cyber threats.

The recent ransomware attack on Blue Yonder, a leading supply chain management firm, has caused significant disruptions to grocery store operations in the UK. The incident highlights the vulnerability of supply chain systems and the cascading impact on essential services like retail and logistics.

Russian-linked cyber espionage group TAG-110, using the custom malware tools HATVIBE and CHERRYSPY, has targeted government agencies, human rights organizations, and research institutions across Europe and Asia. This campaign, tied to geopolitical objectives, highlights the growing threats posed by Russian hybrid warfare tactics in the cyber domain.

Chinese APT groups, including the notorious Gelsemium, are targeting Linux systems with new backdoors like WolfsBane and FireWood. These advanced malware families exploit Linux vulnerabilities for data exfiltration, system control, and stealthy espionage, marking a significant shift in attack strategies as Windows security becomes more robust.

Hackers are exploiting a technique called Ghost Tap, leveraging NFCGate to steal funds via mobile payment systems like Google Pay and Apple Pay. By relaying stolen NFC data, criminals conduct fraudulent transactions worldwide without needing physical access to victim devices. This alarming development underscores the need for heightened cybersecurity measures for mobile payment platforms.

The Helldown ransomware, derived from LockBit 3.0, has expanded its attack scope to include VMware and Linux systems. Targeting critical industries such as IT, telecommunications, and healthcare, the ransomware exploits vulnerabilities in Zyxel firewalls and virtualized infrastructures. With aggressive tactics like double extortion and data encryption, Helldown poses a significant threat while showing signs of ongoing evolution.

A new fraud campaign led by the Chinese threat actor SilkSpecter is leveraging 4,700 fake e-commerce websites to steal payment card details and personal information. These sites mimic popular brands and utilize legitimate payment processors like Stripe to deceive victims.

A new ransomware strain, Ymir, is causing alarm with its unique memory exploitation tactics to evade detection. This advanced ransomware, following an initial breach via RustyStealer malware, recently hit a corporate network in Colombia, signaling the growing complexity and sophistication of ransomware strategies that target high-value corporate credentials.

Amazon has confirmed an employee data breach following the massive MOVEit cyberattacks, after threat actor "Nam3L3ss" leaked over 2.8 million lines of employee data, including contact details and office locations, stolen through a third-party vendor. This attack is part of a larger breach that has impacted dozens of global companies through a vendor exploit.

A new method in cyberattacks uses ZIP file concatenation to deliver malicious payloads undetected. By leveraging differences in ZIP parser handling, attackers can hide trojans in ZIP files, targeting unsuspecting users via phishing emails disguised as legitimate notices.