Security

Aurora a trending infostealer Malware

Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset. Furthermore, SEKOIA.IO observed an increase in the number of Aurora samples distributed in the wild, as well as C2 servers. First advertised on Russian-speaking underground forums in April 2022, Aurora is a multi-purpose […]

Vulnerable SDK components lead to supply chain risks

Vulnerable SDK components lead to supply chain risks in IoT and OT environments Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets […]

Social Engineering Attack Costs Billions

Eli Lilly lost USD15 billion in market cap to a social engineering attack. The attack happened only days after Twitter announced a USD8 fee for the blue check mark verification last Wednesday. Following the social engineering attack, Twitter suspended the option. Since Twitter first applied the option, parody accounts of known companies and individuals got […]

Malware Delivered via Contact Forms

The DFIR Report expands on an intrusion from May 2022, where threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike […]

Spear-phising for Malware Delivery

Since it first started being active in 2020, Earth Longzhi’s long-running campaign can be divided into two based on the range of time and toolset. During its first campaign deployed from 2020 to 2021, Earth Longzhi targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China. In its second campaign […]

Evasive Techniques used by injected Websites

Analysis of a new technique to inject websites with SocGholish malware found using zip compression, obfuscation, strrev functions, and other evasive techniques to avoid detection. Once installed, fake browser updates infect the victim’s computer with various types of malware including remote access trojans (RATs). SocGholish malware is often the first step in severe targeted ransomware […]

Hive Ransomware

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022. As of November 2022, Hive ransomware actors have victimized over 1,300 companies […]

Cloud 9 Chrome Botnet

The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user’s device and subsequently assume control of the entire device. The extension, Cloud9, was never found on any official browser extension store; instead relying […]

Why Cybercriminal like IPFS

The InterPlanetary File System (IPFS) is a Web3 technology designed to enable decentralized storage of resources on the internet. When content is stored on the IPFS network, it is mirrored across many systems that participate in the network, so that when one of these systems is unavailable, other systems can service requests for this content. […]

Google PlayStore Apps Leads to Phishing Sites

A family of malicious apps from developer “Mobile apps Group sic” are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. When users first install this malicious app, it takes a couple of days before it begins to display malicious behavior. […]

RomCom Threat Actor Spoofs Keepass and Solarwinds

The threat actor known as RomCom is actively deploying new campaigns aimed at victims in Ukraine and English-speaking regions. The BlackBerry Threat Research and Intelligence Team discovered new campaigns that spoof popular brand-name software packages. The United Kingdom is possibly a new target, while Ukraine is still the main focus. Blackberry found RomCom leveraging the […]

FormBook Stealer Is Gaining Traction

FormBook stealer is an infostealer‍ trojan available as a malware-as-service. This malware is often used by attackers with low technical literacy and little programming knowledge. FormBook can be used to steal various information from infected machines. Despite how easy it is to set up and use, the malware has advanced stealing and evasion functions including […]

BlackCat Ransomware

First observed in mid-November 2021 by researchers from the MalwareHunterTeam, BlackCat (aka AlphaVM, AlphaV, or ALPHV) swiftly gained notoriety for being the first major professional ransomware family to be written in Rust, a cross-platform language that enables malicious actors to customize malware with ease for different operating systems like Windows and Linux, thus affording a […]

Venus Ransomware Targets Remote Desktop Services

Threat actors behind the relatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop services to encrypt Windows devices. Venus Ransomware appears to have begun operating in the middle of August 2022 and has since encrypted victims worldwide. However, there was another ransomware using the same encrypted file extension since 2021, but it is unclear […]

Self-Unlocking Password-Protected RAR

Archive Sidestepping: Self-Unlocking Password-Protected RAR Trustwave SpiderLabs’ spam traps have identified an increase in threats packaged in password-protected archives with about 96% of these being spammed by the Emotet Botnet. In the first half of 2022, Spiderlabs identified password-protected ZIP files as the third most popular archive format used by cybercriminals to conceal malware. Disguised […]

New Malicious Clicker Found in Android App

Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations. The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, […]

WIP19 Espionage

New Chinese APT Targets IT Service Providers and Telcos With Signed Malware SentinelLabs has been monitoring a threat cluster they track as WIP19, a group characterized by the usage of a legitimate, stolen digital certificate issued by a company called “DEEPSoft”. WIP19 has been targeting telecommunications and IT service providers in the Middle East and […]

Scroll to top
× How can I help you? Available from 08:00 to 22:00