Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

We confirmed that both the legitimate and the malicious versions of the chat installer were unsigned, which means the users of MiMi chat were probably used to all these extra steps to finally install the application despite all the macOS watchguards. HyperBro The HyperBro malware family has been around since 2017 and has been extensively analyzed. It was updated in mid-2019, which we described in detail in our Operation DRBControl paper. The version used in…

Read More

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies Malware We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension. By: Jaromir Horejsi, Joseph C Chen August 11, 2022 Read time:  ( words) We published our analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Tracking the cybercriminal group’s latest…

Read More

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, we have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. These instances of so-called “protestware” occur in the form of code changes by certain open-source code maintainers or backers in what could only be surmised as…

Read More

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. By: Nathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio July 06,…

Read More

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups

Conti vs. LockBit: A Comparative Analysis of Ransomware Groups Ransomware We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022. By: Shingo Matsugaya, Matsukawa Bakuei, Vladimir Kropotov June 27, 2022 Read time:  ( words) Trend Micro has been monitoring the leak sites of multiple ransomware groups since November 2019 and continuously…

Read More

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

Websites Hosting Fake Cracks Spread Updated CopperStealer Malware Malware We found updated samples of the CopperStealer malware infecting systems via websites hosting fake software. By: Joseph C Chen, Jaromir Horejsi June 17, 2022 Read time:  ( words) We noticed a new version of CopperStealer and analyzed these samples to be related to a previous campaign we’ve documented. We examined this new version reusing parts of code and observed the following similarities from previous versions: The…

Read More

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report. By: Don Ovid Ladores June 08, 2022 Read time:  ( words) Cuba ransomware is a malware family that has been seasonally detected since it was first observed in February 2020. It resurfaced…

Read More

Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors

It starts with the malicious actors scraping the internet for public sites containing email addresses, which will be stored in a text file. They also use tools such as Lite Email Extractor to scrape email addresses. To expand their range of targets the malicious actors also search for specific keywords in Google, such as “LTD PLC” and “manufacturing suppliers.” After obtaining their list of targets, they may share this information with other malicious actors via…

Read More

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Conclusion Users with the affected products should immediately patch or apply the temporary mitigation procedures recommended by following the steps identified in the WSO2 security advisory. We also released an initial notification in April after we made a preliminary analysis to inform users and organizations. Three days after the vulnerability was disclosed and a day after the PoC was published, attacks abusing this gap have since been observed and are notably aggressive in installing web…

Read More

Celebrating 15 Years of Pwn2Own

Celebrating 15 Years of Pwn2Own

Exploits & Vulnerabilities Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own’s 15th anniversary, what we’ve learned, and how the program will continue to serve the cybersecurity community in the future. By: Trend Micro May 25, 2022 Read time:  ( words) Source link

Read More
1 4 5 6 7 8 11