IT threat evolution in Q1 2023. Non-mobile statistics

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

Threat Roundup for May 19 to May 26

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between May 19 and May 26. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN

Italian corporate banking clients are the target of an ongoing financial fraud campaign that has been leveraging a new web-inject toolkit called drIBAN since at least 2019. "The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments trying to alter...

Threat Roundup for April 21 to April 28

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 21 and April 28. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Roundup for April 7 to April 14

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between April 7 and April 14. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Threat Round up for February 10 to February 17

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Feb. 10 and Feb. 17. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholders appropriate security level. But many government employe...

Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It...

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the...

Elegant sLoad Carries Out Spying, Payload Delivery in BITS

A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan

Ramnit Banking Trojan was first discovered in 2010 and is still evolving and staying actively as the second rank on the top banking trojan list in October 2019 as from the source post. It may be distributing via malvertising, exploit kit, spear-phishing campaign or others method to infect on the...

MalConfScan - Volatility Plugin For Extracts Configuration Data Of Known Malware

MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function ...

Threat Roundup for June 21 to June 28

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 21 and June 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Ramnit in the UK

By Asaf Nadler and Lior Lahav Ramnit is a family of trojans that allows attackers to remotely control infected machines, in order steal personal and banking information 1, and open backdoors to download additional malware 2. Initial versions of Ramnit appeared in late 2011 and infected more than...

sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting

A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts. First spotted in May 2018, sLoad typically delivers the Ramnit banking trojan but h...

Exploit kits: fall 2018 review

Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...

A week in security (September 10 – 16)

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer's time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat

The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the top ranks, starring in the APAC as...

RIG malvertising campaign uses cryptocurrency theme as decoy

For a couple of weeks, we have been observing a malvertising campaign that uses decoy websites to redirect users to the RIG exploit kit. Those sites, whose theme is about cryptocurrencies, were all registered recently and are swapped after a few days of use. The initial redirection starts off fro...