Trend Micro Research : Malware

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Research /

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 2025-01-17 at 11:19 By Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras. This article is an excerpt from Trend Micro Research, News […]

React to this headline:

Loading spinner

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 Read More »

How Cracks and Installers Bring Malware to Your Device

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

How Cracks and Installers Bring Malware to Your Device 2025-01-10 at 09:35 By Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Loading spinner

How Cracks and Installers Bring Malware to Your Device Read More »

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit 2025-01-09 at 09:17 By Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit Read More »

Python-Based NodeStealer Version Targets Facebook Ads Manager

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research /

Python-Based NodeStealer Version Targets Facebook Ads Manager 2024-12-19 at 09:46 By In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram. This article is an excerpt

React to this headline:

Loading spinner

Python-Based NodeStealer Version Targets Facebook Ads Manager Read More »

Gafgyt Malware Targeting Docker Remote API Servers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research /

Gafgyt Malware Targeting Docker Remote API Servers 2024-12-03 at 11:50 By Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Loading spinner

Gafgyt Malware Targeting Docker Remote API Servers Read More »

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Malware, Trend Micro Research : Research /

Attackers Target Exposed Docker Remote API Servers With perfctl Malware 2024-10-21 at 18:33 By We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Attackers Target Exposed Docker Remote API Servers With perfctl Malware Read More »

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Phishing /

MDR in Action: Preventing The More_eggs Backdoor From Hatching 2024-09-30 at 18:16 By Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats. This article is an excerpt from

React to this headline:

Loading spinner

MDR in Action: Preventing The More_eggs Backdoor From Hatching Read More »

Earth Preta Evolves its Attacks with New Malware and Strategies

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Earth Preta Evolves its Attacks with New Malware and Strategies 2024-09-09 at 10:48 By In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. This article is an excerpt from Trend Micro Research,

React to this headline:

Loading spinner

Earth Preta Evolves its Attacks with New Malware and Strategies Read More »

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion 2024-09-04 at 11:02 By While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion Read More »

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence 2024-08-30 at 12:16 By Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence Read More »

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool 2024-08-29 at 12:16 By Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool Read More »

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research /

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem 2024-08-28 at 08:02 By A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem Read More »

A Dive into Earth Baku’s Latest Campaign

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

A Dive into Earth Baku’s Latest Campaign 2024-08-09 at 07:16 By Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command

React to this headline:

Loading spinner

A Dive into Earth Baku’s Latest Campaign Read More »

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft 2024-08-01 at 12:16 By We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites. This article is an excerpt from Trend Micro Research, News and

React to this headline:

Loading spinner

Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft Read More »

An In-Depth Look at Crypto-Crime in 2023 Part 2

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : ICS OT, Trend Micro Research : Malware, Trend Micro Research : Privacy & Risks, Trend Micro Research : Ransomware, Trend Micro Research : Reports /

An In-Depth Look at Crypto-Crime in 2023 Part 2 2024-07-12 at 02:01 By In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. This article is an

React to this headline:

Loading spinner

An In-Depth Look at Crypto-Crime in 2023 Part 2 Read More »

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research /

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective 2024-07-05 at 12:02 By In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective Read More »

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Mekotio Banking Trojan Threatens Financial Systems in Latin America 2024-07-04 at 12:16 By We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Loading spinner

Mekotio Banking Trojan Threatens Financial Systems in Latin America Read More »

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research /

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer 2024-06-28 at 08:31 By We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer Read More »

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2024-06-19 at 10:17 By We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files

React to this headline:

Loading spinner

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework Read More »

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups 2024-06-11 at 11:46 By This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Loading spinner

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups Read More »

Scroll to Top