Mispadu Trojan Targets Europe, Thousands of Credentials Compromised

The banking trojan known as Mispadu has expanded its focus beyond Latin America LATAM and Spanish-speaking individuals to target users in Italy, Poland, and Sweden. Targets of the ongoing campaign include entities spanning finance, services, motor vehicle manufacturing, law firms, and commercial...

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical...

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering...

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a...

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a...

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, th...

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of...

[Webinar] How Cyber Attack Groups Are Spinning a Larger Ransomware Web

Organizations today already have an overwhelming number of dangers and threats to look out for, from spam to phishing attempts to new infiltration and ransomware tactics. There is no chance to rest, since attack groups are constantly looking for more effective means of infiltrating and infecting...

A week in security (April 12 – 18)

Last week on Malwarebytes Labs, our podcast featured Troy Hunt, Chloé Messdaghi, and Tanya Janca who discussed security fatigue with us. We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021, a first-of-its-kind survey of the hardworking IT professionals on...

Investigating a unique “form” of email delivery for IcedID malware

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are...

Investigating a unique “form” of email delivery for IcedID malware

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are...