Trend Micro Research : Malware - Security Ticks

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer 2024-06-28 at 08:31 By We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer Read More »

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework 2024-06-19 at 10:17 By We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files

React to this headline:

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework Read More »

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups 2024-06-11 at 11:46 By This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups Read More »

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers 2024-06-06 at 11:01 By We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers Read More »

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 2024-05-16 at 10:46 By This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024 Read More »

Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan

Trend Micro Research : Latest News, Trend Micro Research : Malware / SecurityTicks

Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan 2024-04-24 at 10:46 By In this blog entry, we discuss Trend Micro’s contributions to an Interpol-coordinated operation to help Brazilian and Spanish law enforcement agencies analyze malware samples of the Grandoreiro banking trojan. This article is an excerpt from Trend Micro Research, News and

React to this headline:

Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan Read More »

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear 2024-04-11 at 13:16 By Our blog entry provides an in-depth analysis of Earth Hundun’s Waterbear and Deuterbear malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear Read More »

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections 2024-02-26 at 08:42 By During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections Read More »

LockBit Attempts to Stay Afloat With a New Version

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

LockBit Attempts to Stay Afloat With a New Version 2024-02-22 at 10:02 By This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations. This article is an excerpt

React to this headline:

LockBit Attempts to Stay Afloat With a New Version Read More »

Earth Preta Campaign Uses DOPLUGS to Target Asia

Earth Preta Campaign Uses DOPLUGS to Target Asia 2024-02-20 at 11:55 By In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Earth Preta Campaign Uses DOPLUGS to Target Asia Read More »

What Generative AI Means for Cybersecurity in 2024

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Foresight, Trend Micro Research : Malware, Trend Micro Research : Network, Trend Micro Research : Web / SecurityTicks

What Generative AI Means for Cybersecurity in 2024 2024-02-08 at 19:00 By After a full year of life with ChatGPT cybersecurity experts have a clearer sense of how criminals are using generative AI to enhance attacks – learn what generative AI means for cybersecurity in 2024. This article is an excerpt from Trend Micro Research,

React to this headline:

What Generative AI Means for Cybersecurity in 2024 Read More »

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases 11/12/2023 at 12:17 By This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. This article is an excerpt from Trend

React to this headline:

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases Read More »

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing 22/11/2023 at 10:11 By The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. This article is an excerpt from

React to this headline:

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing Read More »

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from

React to this headline:

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting Read More »

Beware: Lumma Stealer Distributed via Discord CDN

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Beware: Lumma Stealer Distributed via Discord CDN Read More »

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News

React to this headline:

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »

Exposing Infection Techniques Across Supply Chains and Codebases

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Network, Trend Micro Research : Research / SecurityTicks

Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Exposing Infection Techniques Across Supply Chains and Codebases Read More »

APT34 Deploys Phishing Attack With New Malware

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Network, Trend Micro Research : Phishing / SecurityTicks

APT34 Deploys Phishing Attack With New Malware 29/09/2023 at 12:17 By We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to

React to this headline:

APT34 Deploys Phishing Attack With New Malware Read More »

Attacks on 5G Infrastructure From Users’ Devices

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : ICS OT, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Network, Trend Micro Research : Privacy & Risks / SecurityTicks

Attacks on 5G Infrastructure From Users’ Devices 20/09/2023 at 11:03 By Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed,

React to this headline:

Attacks on 5G Infrastructure From Users’ Devices Read More »

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and

React to this headline:

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »