How account takeovers work Account takeover – the criminal use of compromised online accounts – has the potential to be immensely profitable. Hackers steal credentials from individuals (see phishing) or target an entire organization using bots. They then use these stolen credentials to take ownership of the compromised accounts or sell credentials lists to other cybercriminals. Whoever […]

Big Head Ransomware

TrendMicro analyze the technical details of a new ransomware family named Big Head. Big Head, which came out in May 2023, has at least three variants, all designed to encrypt files on victims’ machines to extort money, like other ransomware variants. One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the […]

MoveIT vulnerability exploited by Ransomware Gang

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. According to open source information, beginning on May 27, 2023, CL0P Ransomware Gang, also known as TA505, began exploiting […]

Info Stealer named Skuld

In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide. The malware targets sensitive information stored in certain applications, such as Discord and web browsers, and the Windows system. The author, Deathined, has taken inspiration from different open-source projects and malware samples to build up […]

Satacom Downloader Delivers Cryptocurrency Stealer

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some […]

Commercial Spyware on the Rise

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos’ research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant.  PREDATOR is an interesting piece of […]

Harbot Banking Trojan Targets Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020. The threat actor appears to be targeting Spanish-speaking users in the Americas and, based […]

Apple “My Photo Stream” is shutting down

Apple’s “My Photo Stream” service is shutting its door on July 26, 2023. Most Apple users who are reliant on this FREE feature would be forced to pay for the premium iCloud Photo service. What is My Photo Stream: It is a free service that uploads the last 30 days of images (up to 1,000) to iCloud, […]

The iPhone is Dead

Apple’s smartphone isn’t the innovation machine it once was. But the ideas behind the iPhone and the world it helped create are as influential as ever. Many have predicted the death of the iPhone. We’ve been at Peak iPhone a bunch of different times. We’ve seen “stagnant growth,” “looming trouble,” and prognostications that other companies would steal […]

Amadey’s Multi-Stage Attack Malware Explained

McAfee Labs have identified an increase in Wextract.exe samples, that drop a malware payload at multiple stages.  Wextract.exe is a Windows executable file that is used to extract files from a cabinet (.cab) file. Cabinet files are compressed archives that are used to package and distribute software, drivers, and other files. It is a legitimate […]

Phishing As A Service Tool

A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. Greatness, for now, is only focused on Microsoft 365 phishing pages, […]

Malicious firmware for TP-Link Routers

Check Point Research (CPR) exposes a malicious firmware implant for TP-Link routers allowed attackers to gain full control of infected devices and access compromised networks while evading detection. CPR attributes the attacks to a Chinese state-sponsored APT group dubbed “Camaro Dragon”. The firmware image contained several malicious components, including a custom MIPS32 ELF implant dubbed […]

Gh0st RAT Still Haunting Inboxes

Gh0st RAT, a decades-old open-source remote administration tool (RAT), recently appeared in phishing campaigns targeting a healthcare organization. Gh0st Remote Administration Tool was created by a Chinese hacking group named C. Rufus Security Team that released it publicly in 2008. The public release of Gh0st RAT source code made it easy for threat actors to […]

Android Banking Malware

Check Point Research encountered an Android Banking Malware named FakeCalls, a malware that can masquerade as one of more than 20 financial applications and imitate phone conversations with bank or financial service employees – this attack is called voice phishing. FakeCalls malware targeted the South Korean market and possesses the functionality of a Swiss army […]

Royal Ransomware

Backed by threat actors from Conti, Royal ransomware is poised to wreak havoc in the threat landscape, starting strong by taking a spot among the most prolific ransomware groups within three months since it was first reported. Combining new and old techniques and quick evolution, it is likely to remain a big player in the […]

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts

A Chrome Extension propelling quick access to fake ChatGPT functionality was found to be hijacking Facebook accounts and installing hidden account backdoors. Particularly noticeable is the use of a malevolent silently forced Facebook app “backdoor” giving the threat actors super-admin permissions. By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of […]

Malvertising in Google Search Results Delivering Stealers

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys. The treat actors create copies of legit software websites while employing typosquatting (exploiting incorrectly spelled popular brands and company names as URLs) or combosquatting (using popular brands and company names […]

Chinese Espionage Attack on South East Asian Gov

At the beginning of 2021, Check Point Research identified an ongoing surveillance operation they named Sharp Panda that was targeting Southeast Asian government entities. The attackers used spear-phishing emails to gain initial access to the targeted networks. These emails typically contained a Word document with government-themed lures that leveraged a remote template to download and […]

Scroll to top