Trend Micro Research : Malware

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 2026-06-18 at 05:51 By Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai’s own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware. This article […]

Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign Read More »

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware 2026-05-23 at 06:34 By Void Dokkaebi, a North Korea-aligned intrusion set, has updated its information-stealing malware, InvisibleFerret, shifting its delivery format to evade script-based detections. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware Read More »

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft 2026-05-14 at 03:45 By Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft Read More »

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do 2026-04-07 at 20:32 By Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk. This article is an excerpt from

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do Read More »

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Artificial Intelligence (AI), Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads 2026-04-03 at 17:52 By A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks. This article is an excerpt from

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads Read More »

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM 2026-03-30 at 18:52 By Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM Read More »

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries 2026-03-20 at 10:22 By We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages 2026-03-05 at 17:11 By The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users. This article is an excerpt from Trend Micro Research, News and

New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Read More »

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers 2026-01-19 at 13:40 By This blog entry provides an in-depth analysis of the multistage delivery of the Evelyn information stealer, which was used in a campaign targeting software developers. This article is an excerpt from Trend Micro Research, News and

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Read More »

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response 2026-01-12 at 13:43 By Threat actors exploited Cloudflare’s free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations. This article is an excerpt from Trend Micro Research, News and Perspectives

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response Read More »

Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security

Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security 2025-12-10 at 08:53 By The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

Trend Vision One™ Integration with AWS Security Hub CSPM: Unifying Cloud Security Read More »

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading 2025-12-03 at 23:11 By Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry. This article is an excerpt from Trend

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading Read More »

What’s your CNAPP maturity?

What’s your CNAPP maturity? 2025-12-02 at 04:53 By More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

What’s your CNAPP maturity? Read More »

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems 2025-11-27 at 14:02 By Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software supply chain, putting

Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems Read More »

Trend & AWS Partner on Cloud IPS: One-Click Protection

Trend & AWS Partner on Cloud IPS: One-Click Protection 2025-11-20 at 08:46 By In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.

Trend & AWS Partner on Cloud IPS: One-Click Protection Read More »

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware / SecurityTicks

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics 2025-11-13 at 21:17 By In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data. This article is an excerpt from Trend Micro Research, News and Perspectives

Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics Read More »

How are you managing cloud risk?

How are you managing cloud risk? 2025-11-05 at 10:08 By Learn why managing cloud risk demands unified visibility, continuous risk assessment, and efficient security operations. Discover how a full-featured CNAPP like Trend Vision One™ Cloud Security enables organizations to move from reactive to proactive cloud protection. This article is an excerpt from Trend Micro Research,

How are you managing cloud risk? Read More »

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C 2025-10-28 at 07:12 By Continuous investigation on the Water Saci campaign reveals innovative email-based C&C system, multi-vector persistence, and real-time command capabilities that allow attackers to orchestrate coordinated botnet operations, gather detailed campaign intelligence, and dynamically control malware activity across multiple infected

Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C Read More »

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities 2025-10-22 at 01:10 By Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left

Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities Read More »

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing 2025-10-16 at 17:45 By A targeted underground doxxing campaign exposed alleged core members of Lumma Stealer (Water Kurita), resulting in a sharp decline in its activity and a migration of customers to rival infostealer platforms. This article is an excerpt from Trend Micro

Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing Read More »