Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some […]
Commercial Spyware on the Rise
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos’ research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. PREDATOR is an interesting piece of […]
Harbot Banking Trojan Targets Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020. The threat actor appears to be targeting Spanish-speaking users in the Americas and, based […]
Apple “My Photo Stream” is shutting down
Apple’s “My Photo Stream” service is shutting its door on July 26, 2023. Most Apple users who are reliant on this FREE feature would be forced to pay for the premium iCloud Photo service. What is My Photo Stream: It is a free service that uploads the last 30 days of images (up to 1,000) to iCloud, […]
The iPhone is Dead
Apple’s smartphone isn’t the innovation machine it once was. But the ideas behind the iPhone and the world it helped create are as influential as ever. Many have predicted the death of the iPhone. We’ve been at Peak iPhone a bunch of different times. We’ve seen “stagnant growth,” “looming trouble,” and prognostications that other companies would steal […]
Amadey’s Multi-Stage Attack Malware Explained
McAfee Labs have identified an increase in Wextract.exe samples, that drop a malware payload at multiple stages. Wextract.exe is a Windows executable file that is used to extract files from a cabinet (.cab) file. Cabinet files are compressed archives that are used to package and distribute software, drivers, and other files. It is a legitimate […]
Phishing As A Service Tool
A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. Greatness, for now, is only focused on Microsoft 365 phishing pages, […]
Malicious firmware for TP-Link Routers
Check Point Research (CPR) exposes a malicious firmware implant for TP-Link routers allowed attackers to gain full control of infected devices and access compromised networks while evading detection. CPR attributes the attacks to a Chinese state-sponsored APT group dubbed “Camaro Dragon”. The firmware image contained several malicious components, including a custom MIPS32 ELF implant dubbed […]