15 matches found
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick...
Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America
A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...
Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week,...
JSSLoader: the shellcode edition
The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...
Hackers Using Fake Trump's Scandal Video to Spread QNode Malware
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...
Hackers Using Fake Trump's Scandal Video to Spread QNode Malware
Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...
QBot Trojan delivered via malspam campaign exploiting US election uncertainties
This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided t...
Black Lives Matter Emails Deliver TrickBot Malware
Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist – this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. According to Swiss security firm Abuse.ch, threat actors are posing as government...
Hackers Update Age-Old Excel 4.0 Macro Attack
Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from securi...
How adversaries use politics for compromise
By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were utilizing the names and...
Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, whic...
Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last...
FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign
After a few months of absence, the FELIXROOT backdoor malware has been spotted in a fresh malspam campaign. The campaign uses weaponized lure documents claiming to contain seminar information on environmental protection efforts. This backdoor has a range of functions, including the ability to...
A week in security (April 30 – May 6)
Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be...