Trend Micro Research : Malware

Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users

Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users 2025-10-04 at 01:35 By Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts. This article is an excerpt from Trend […]

React to this headline:

Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users Read More »

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks 2025-09-12 at 06:16 By Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide. This article is an excerpt from Trend Micro Research, News

React to this headline:

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks Read More »

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Expert Perspective, Trend Micro Research : Investigations, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps 2025-09-04 at 22:22 By Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation. This article is an excerpt from Trend Micro

React to this headline:

An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps Read More »

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets 2025-04-14 at 14:12 By A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt. This article is an

React to this headline:

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets Read More »

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware 2025-03-14 at 07:18 By Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware Read More »

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal 2025-03-03 at 11:24 By In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines. This article is an excerpt from Trend Micro Research, News

React to this headline:

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal Read More »

Updated Shadowpad Malware Leads to Ransomware Deployment

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Updated Shadowpad Malware Leads to Ransomware Deployment 2025-02-20 at 11:18 By In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Updated Shadowpad Malware Leads to Ransomware Deployment Read More »

Chinese-Speaking Group Manipulates SEO with BadIIS

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research, Trend Micro Research : Web / SecurityTicks

Chinese-Speaking Group Manipulates SEO with BadIIS 2025-02-07 at 11:48 By This blog post details our analysis of an SEO manipulation campaign targeting Asia. We also share recommendations that can help enterprises proactively secure their environment. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Chinese-Speaking Group Manipulates SEO with BadIIS Read More »

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response 2025-01-30 at 10:18 By The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform’s release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response Read More »

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 2025-01-17 at 11:19 By Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras. This article is an excerpt from Trend Micro Research, News

React to this headline:

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 Read More »

How Cracks and Installers Bring Malware to Your Device

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

How Cracks and Installers Bring Malware to Your Device 2025-01-10 at 09:35 By Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

How Cracks and Installers Bring Malware to Your Device Read More »

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2025-01-09 at 09:17 By Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit Read More »

Python-Based NodeStealer Version Targets Facebook Ads Manager

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Python-Based NodeStealer Version Targets Facebook Ads Manager 2024-12-19 at 09:46 By In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram. This article is an excerpt

React to this headline:

Python-Based NodeStealer Version Targets Facebook Ads Manager Read More »

Gafgyt Malware Targeting Docker Remote API Servers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Gafgyt Malware Targeting Docker Remote API Servers 2024-12-03 at 11:50 By Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Gafgyt Malware Targeting Docker Remote API Servers Read More »

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Attackers Target Exposed Docker Remote API Servers With perfctl Malware 2024-10-21 at 18:33 By We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Attackers Target Exposed Docker Remote API Servers With perfctl Malware Read More »

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Phishing / SecurityTicks

MDR in Action: Preventing The More_eggs Backdoor From Hatching 2024-09-30 at 18:16 By Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats. This article is an excerpt from

React to this headline:

MDR in Action: Preventing The More_eggs Backdoor From Hatching Read More »

Earth Preta Evolves its Attacks with New Malware and Strategies

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Earth Preta Evolves its Attacks with New Malware and Strategies 2024-09-09 at 10:48 By In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. This article is an excerpt from Trend Micro Research,

React to this headline:

Earth Preta Evolves its Attacks with New Malware and Strategies Read More »

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion 2024-09-04 at 11:02 By While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion Read More »

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence 2024-08-30 at 12:16 By Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence Read More »

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2024-08-29 at 12:16 By Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool Read More »