Oyster Backdoor Spreading via Trojanized Popular Software Downloads

A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster aka Broomstick and CleanUpLoader. That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payload...

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice DoJ said. The development comes nearly two months after Dunaev pleaded guilty to committing comput...

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine

In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align...

Staff Think Conti Group Is a Legit Employer – Podcast

Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities

Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...

Shipment-Delivery Scams Become the Favored Way to Spread Malware

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

CVE-2021-43890

We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker...

Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being...

Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law...

TrickBot Malware

Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and Federal...

CISA-FBI Joint Advisory on TrickBot Malware

CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly...

FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems

The US Federal Bureau of Investigation FBI, Departments of Homeland Security, and Health and Human Services HHS issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare providers. "Malicious cyber actors are targeting t...

Black Lives Matter Emails Deliver TrickBot Malware

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. According to Swiss security firm Abuse.ch, threat actors are posing as government...

Black Lives Matter movement exploited to spread Trickbot malware

By Deeba Ahmed This shows there’s certainly no limit to the meanness and notoriety of cybercriminals. This is a post from HackRead.com Read the original post: Black Lives Matter movement exploited to spread Trickbot malware...

This Week in Security News: Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode and TrickBot Adds Enterprise-grade Module to Malware Arsenal

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a new module for the infamous trojan known as TrickBot that has been deployed. Also, read about Google’s $5 billion class-action...

Millions of Brute-Force Attacks Hit Remote Desktop Accounts

A rash of brute-forcing attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol RDP has come to light, striking millions per week. The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the...

Malware Risks Triple on WFH Networks: Experts Offer Advice

Home office networks are 3.5 times more likely than corporate networks to be infected by malware, according a report from BitSight. That statistic comes into sharp focus as the coronavirus pandemic forces companies to shift to a work-from-home workforce. Those home networks that remote workers ar...

FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...