Kronos Banking Trojan Surfaces After Years of Silence

The Kronos banking trojan is back from the malware dustbin. After years of lying dormant, hackers have reworked the underlying code and are actively targeting victims in Germany, Japan and Poland. The latest variant has incorporated a new command-and-control feature designed to work with the Tor...

This Week in Security News: Security and Safety on Social Media

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, California lawmakers passed a new online privacy bill guaranteeing more control over user data. Also, Typeform announced a breach involving...

RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...

RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...

Despite Ringleader’s Arrest, Cobalt Group Still Active

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March. The Cobalt Group, first burst on the scene in 2016: in a single night,...

A Five-Year Journey: How Trend Micro Helped Bring Down Scan4You

Trend Micro has always had a close relationship with law enforcement around the globe, because we believe that only together can we make the world a safer place in which to exchange digital information. As the business of cybercrime continues to grow and evolve, so must our response. That’s why w...

RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

Exploit kit activity has been declining since the latter half of 2016, but the RIG EK seems to buck the trend. It’s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealt...

A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan

As discussed in previous blogs, exploit kit activity has been on the decline since the latter half of 2016. However, we do still periodically observe significant developments in this space, and we have been observing interesting ongoing activity involving RIG Exploit Kit EK. Although the volume o...

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

Use of ‘StegWare’ Increases in Stealth Malware Attacks

SAN FRANCISCO – Researchers are warning of an uptick in the malicious use of steganography as a vehicle for delivering malware. Steganography, they say, is increasingly becoming a go-to tool for cybercriminals not just for infection, but also command-and-control, data exfiltration and as an...

PBot: a Python-based adware

Recently, we came across a Python-based sample dropped by an exploit kit. Although it arrives under the disguise of a MinerBlocker, it has nothing in common with miners. In fact, it seems to be PBot/PythonBot: a Python-based adware. Apart from a couple of posts on forums in Russian language and...

Magnitude exploit kit switches to GandCrab ransomware

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. While Magnitude EK remains...

Coins LTD Exploit Kits Traffic Distribution System

Coins LTD Traffic Distribution System TDS operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target...

RIG Exploit Kit URL

RIG exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

Suspicious Exploit Kit Website Redirection

An exploit kit is a type of toolkit cybercriminals use to attack vulnerabilities in systems so they can distribute malware or perform other malicious activities. Remote attackers can infect users by redirecting them to a malicious web page. Successful infection will allow the attacker to download...

Spelevo Exploit Kit Landing Page

Spelevo exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

RIG malvertising campaign uses cryptocurrency theme as decoy

For a couple of weeks, we have been observing a malvertising campaign that uses decoy websites to redirect users to the RIG exploit kit. Those sites, whose theme is about cryptocurrencies, were all registered recently and are swapped after a few days of use. The initial redirection starts off fro...

GrandSoft Exploit Kit Gate

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GrandSoft Exploit Kit Gate

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GrandSoft Exploit Kit Landing Page

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...