How account takeovers work Account takeover – the criminal use of compromised online accounts – has the potential to be immensely profitable. Hackers steal credentials from individuals (see phishing) or target an entire organization using bots. They then use these stolen credentials to take ownership of the compromised accounts or sell credentials lists to other cybercriminals. Whoever […]

Big Head Ransomware

TrendMicro analyze the technical details of a new ransomware family named Big Head. Big Head, which came out in May 2023, has at least three variants, all designed to encrypt files on victims’ machines to extort money, like other ransomware variants. One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the […]

MoveIT vulnerability exploited by Ransomware Gang

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. According to open source information, beginning on May 27, 2023, CL0P Ransomware Gang, also known as TA505, began exploiting […]

Info Stealer named Skuld

In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide. The malware targets sensitive information stored in certain applications, such as Discord and web browsers, and the Windows system. The author, Deathined, has taken inspiration from different open-source projects and malware samples to build up […]

Satacom Downloader Delivers Cryptocurrency Stealer

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom malware is delivered via third-party websites. Some […]

Commercial Spyware on the Rise

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos’ research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant.  PREDATOR is an interesting piece of […]

Harbot Banking Trojan Targets Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020. The threat actor appears to be targeting Spanish-speaking users in the Americas and, based […]

Amadey’s Multi-Stage Attack Malware Explained

McAfee Labs have identified an increase in Wextract.exe samples, that drop a malware payload at multiple stages.  Wextract.exe is a Windows executable file that is used to extract files from a cabinet (.cab) file. Cabinet files are compressed archives that are used to package and distribute software, drivers, and other files. It is a legitimate […]

Phishing As A Service Tool

A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. Greatness, for now, is only focused on Microsoft 365 phishing pages, […]

Malicious firmware for TP-Link Routers

Check Point Research (CPR) exposes a malicious firmware implant for TP-Link routers allowed attackers to gain full control of infected devices and access compromised networks while evading detection. CPR attributes the attacks to a Chinese state-sponsored APT group dubbed “Camaro Dragon”. The firmware image contained several malicious components, including a custom MIPS32 ELF implant dubbed […]

Gh0st RAT Still Haunting Inboxes

Gh0st RAT, a decades-old open-source remote administration tool (RAT), recently appeared in phishing campaigns targeting a healthcare organization. Gh0st Remote Administration Tool was created by a Chinese hacking group named C. Rufus Security Team that released it publicly in 2008. The public release of Gh0st RAT source code made it easy for threat actors to […]

Android Banking Malware

Check Point Research encountered an Android Banking Malware named FakeCalls, a malware that can masquerade as one of more than 20 financial applications and imitate phone conversations with bank or financial service employees – this attack is called voice phishing. FakeCalls malware targeted the South Korean market and possesses the functionality of a Swiss army […]

Royal Ransomware

Backed by threat actors from Conti, Royal ransomware is poised to wreak havoc in the threat landscape, starting strong by taking a spot among the most prolific ransomware groups within three months since it was first reported. Combining new and old techniques and quick evolution, it is likely to remain a big player in the […]

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts

A Chrome Extension propelling quick access to fake ChatGPT functionality was found to be hijacking Facebook accounts and installing hidden account backdoors. Particularly noticeable is the use of a malevolent silently forced Facebook app “backdoor” giving the threat actors super-admin permissions. By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of […]

Malvertising in Google Search Results Delivering Stealers

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys. The treat actors create copies of legit software websites while employing typosquatting (exploiting incorrectly spelled popular brands and company names as URLs) or combosquatting (using popular brands and company names […]

Chinese Espionage Attack on South East Asian Gov

At the beginning of 2021, Check Point Research identified an ongoing surveillance operation they named Sharp Panda that was targeting Southeast Asian government entities. The attackers used spear-phishing emails to gain initial access to the targeted networks. These emails typically contained a Word document with government-themed lures that leveraged a remote template to download and […]

OneNote Abused by Cybercriminals

Threat actors are taking advantage of Microsoft OneNote’s ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files. Once clicked, an attacker can use the embedded code for various malicious purposes, such as stealing data or […]

Emotet Malicous Mail is Back

After several months of inactivity, the Emotet botnet resumed email activity this morning at 8:00am EST. The malicious emails seem to be replying to already existing email chains, with the addition of an attached .zip file. The .zip files are not password protected. The themes of the attached files include finances and invoices. The .zip […]

Withsecure has developed Ransomware undo tech

Ransomware attacks have plagued organizations for the past several years, inflicting considerable financial losses. To help organizations manage ransomware and other threats, WithSecure™ (formerly known as F-Secure Business) has developed a new technology that can essentially undo the damage malware can cause. The technology, called Activity Monitor, was developed to make the capabilities of a sandbox […]

Scroll to top