9 matches found
MakeMoney malvertising campaign adds fake update template
Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely move away from drive-by downloads via exploit kit. In this quick blog post, we will look at this ne...
Taurus Project stealer now spreading via malvertising campaign
For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately...
‘Highly Competitive' Buer Loader Emerges in Underground Markets
A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...
Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...
CB TAU Threat Intelligence Notification: Maze Ransomware
Maze Ransomware, also known as ChaCha Ransomware, has been discovered being distributed by the Fallout exploit kit. After the encryption, it will create a ransom note named ‘DECRYPT-FILES.html’ in each of the encrypted file’s folders. The bottom of the ransom note is a base64 string which contain...
Vidar and GandCrab: stealer and ransomware combo observed in the wild
We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we initially identified as Arkei turned out to be Vidar, a new piece of malware recently analyzed in detail by Fumik0 in his post: Let’s dig into Vidar...
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway ofRecorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...
Fallout Exploit Kit Landing Page
Fallout exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...