malware

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

Posted on by Admin
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

Conclusion Despite having different deployment periods, we found the social media phishing campaigns and network infrastructure targeting Taiwan, Indonesia, and Thailand similar. When the victim downloads the fake app from the website given by the threat actor, or if victim tries to send a direct message to the threat actor through messaging apps such as WhatsApp or Viber, the cybercriminal deceives the user into registering, installing the malware, and enabling the permissions it needs. Once…

Read More

New APT34 Malware Targets The Middle East

Posted on by Admin
New APT34 Malware Targets The Middle East

APT34 Targeting and Arsenal Evolution APT34 has been documented to target organizations worldwide, particularly companies from the financial, government, energy, chemical, and telecommunications industries in the Middle East since at least 2014. Documented as a group primarily involved for cyberespionage, APT34 has been previously recorded targeting government offices and show no signs of stopping with their intrusions. Our continuous monitoring of the group proves it continues to create new and updated tools to minimize the detection…

Read More

Defense-in-depth protects against known and unknown cyber threats

Posted on by Admin
Defense-in-depth protects against known and unknown cyber threats

Defense-in-depth protects against known and unknown cyber threats | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website…

Read More

Most wanted malware: Glupteba in top 10 and Qbot in 1st place

Posted on by Admin
Most wanted malware: Glupteba in top 10 and Qbot in 1st place

Most Wanted Malware: Glupteba Entering Top Ten and Qbot in First Place | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn…

Read More

Attacking The Supply Chain: Developer

Posted on by Admin
Attacking The Supply Chain: Developer

In 2021, we published an entry identifying the weak parts of the supply chain security. In the face of the surge in documented attacks, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions. In this entry, we focus on one specific part of the supply chain: the developers themselves. To find a suitable attack model focusing on the developer, we must…

Read More

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Posted on by Admin
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures Malware We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. By: Peter Girnus, Aliakbar Zahravi January 17, 2023 Read time:  ( words) While threat hunting, we found an active campaign using Middle Eastern geopolitical themes as a lure to target potential…

Read More

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Posted on by Admin
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks Malware We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader). By: Junestherry Dela Cruz January 17, 2023 Read time:  ( words) We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis…

Read More

Abusing a GitHub Codespaces Feature For Malware Delivery

Posted on by Admin
Abusing a GitHub Codespaces Feature For Malware Delivery

GitHub Codespaces, initially in preview for specific users, became widely available for free in November 2022. This cloud-based integrated development environment (IDE) allows developers and organizations to customize projects via configuring dev container files, easing some previous pain points in project development. We investigated the services offered by this cloud IDE and found that one of its features for code development and collaboration – sharing forwarded ports publicly – can be abused by malicious actors…

Read More

Gootkit Loader Actively Targets Australian Healthcare Industry

Posted on by Admin
Gootkit Loader Actively Targets Australian Healthcare Industry

Credential access The file krb.txt was created by one of the injected processes that contains Kerberos hashes for several accounts. Given that we did not see any dumping activity in the process telemetry, the dumping process transpired in the memory; it did not introduce a new tool or an executable file to do the dumping.   Impact The final payload is unknown for this case since we detected it and responded to it while it was…

Read More

Dridex Returns, Targets MacOS Using New Entry Method

Posted on by Admin
Dridex Returns, Targets MacOS Using New Entry Method

Dridex Returns, Targets MacOS Using New Entry Method Malware The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users. By: Armando Nathaniel Pedragoza January 05, 2023 Read time:  ( words) Normally, documents containing malicious macros enter a user’s system via email attachments posing as normal document files. However, while this might be the primary method of arrival, malicious actors have other ways of entering…

Read More
1 7 8 9 10 11 23