1667 matches found
Looking Over the Nation-State Actors’ Shoulders
Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes By Trellix and Marc Elias · Febraury 17, 2022 Have you ever been curious about how nation-state actors operate and what their day-to-day work looks like? This blog reveals some of these details observed base...
Looking Over the Nation-State Actors’ Shoulders
Looking over the nation-state actors’ shoulders: Even they have a difficult day sometimes By Trellix and Marc Elias · Febraury 17, 2022 Have you ever been curious about how nation-state actors operate and what their day-to-day work looks like? This blog reveals some of these details observed base...
TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...
FritzFrog: P2P Botnet Hops Back on the Scene
FritzFrog is a peer-to-peer botnet, which means its command and control server is not limited to a single, centralized machine, but rather can be done from every machine in its distributed network. In other words, every host running the malware process becomes part of the network, and is capable ...
Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables
THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...
New CapraRAT Android Malware Targets Indian Government and Military Personnel
A politically motivated advanced persistent threat APT group has expanded its malware arsenal to include a new remote access trojan RAT in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high...
The evolution of a Mac trojan: UpdateAgent’s progression
Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...
The evolution of a Mac trojan: UpdateAgent’s progression
Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...
Android malware BRATA can wipe devices
Cleafy, a cybersecurity firm specializing in online fraud, has published new details about banking Trojan BRATA Brazilian Remote Access Tool, Android, a known malware strain that first became widespread in 2019. BRATA is now being used to perform factory resets on victims machines. Its rare for...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks
A new family of cyber-espionage malware targeting macOS and delivered via a Safari exploit was used against politically active, pro-democracy residents of Hong Kong, in August watering-hole attacks initially discovered by Google TAG, researchers said on Tuesday. The watering-hole attacks – which...
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign By Marc Elias · January 25, 2022 A special thanks to Christiaan Beek, Alexandre Mundo, Leandro Velasco and Max Kersten for malware analysis and support during this investigation. Executive Summary Our Advanced Threat Resear...
Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
A new .NET malware packer being used to deliver a variety of remote access trojans RATs and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by...
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans RATs such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, whi...
Telegram Abused to Steal Crypto-Wallet Credentials
Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber’s Division Seven threat...
New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency
Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which...
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware
A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...
New Fileless Malware Uses Windows Registry as Storage to Evade Detection
A new JavaScript-based remote access Trojan RAT propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial...
Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the...