Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said...

Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails

Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. "The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often...

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif aka Gozi. "It is a sophisticated downloader with the objective of installing a...

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps...

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control GC2 amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group TAG attributed the campaign to ...

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGP...

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGP...

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The...

LDR4 is a new Ursnif variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In June 2022, a new aspect of the URSNIF malware was identified. Unlike prior URSNIF iterations, this new variation, code named LDR4, is a backdoor designed to facilitate operations such as ransomware an...

New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

Ursnif Malware Banks on News Events for Phishing Attacks

Ursnif aka Gozi, Dreambot, ISFB is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware. Among its core...

New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software

An ongoing search engine optimization SEO poisoning attack campaign has been observed abusing trust in legitimate software utilities to trick users into downloading BATLOADER malware on compromised machines. "The threat actor used 'free productivity apps installation' or 'free software developmen...

TA544 threat actors hit Italian firms with Ursnif banking trojan

By Waqas A new malware campaign from a group called TA544 is targeting organizations in Italy with Ursnif banking trojan - Here's how it works. This is a post from HackRead.com Read the original post: TA544 threat actors hit Italian firms with Ursnif banking trojan...

Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections,...

Valak Loader Revamped to Rob Microsoft Exchange Servers

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Security researchers from Cybereason Nocturnus have discovered Valak, a...

SAIGON, the Mysterious Ursnif Fork

Ursnif aka Gozi/Gozi-ISFB is one of the oldest banking malware families still in active distribution. While the first major version of Ursnif was identified in 2006, several subsequent versions have been released in large part due source code leaks. FireEye reported on a previously unidentified...

Elegant sLoad Carries Out Spying, Payload Delivery in BITS

A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

Threat Roundup for October 18 to October 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 18 and Oct. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...