Trend Micro Research : Malware

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research /

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source […]

React to this headline:

Loading spinner

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Compliance & Risks, Trend Micro Research : Data center, Trend Micro Research : Malware, Trend Micro Research : Network, Trend Micro Research : Ransomware, Trend Micro Research : Security Strategies, Trend Micro Research : Web /

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms 09/09/2023 at 01:01 By Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms Read More »

Analyzing a Facebook Profile Stealer Written in Node.js

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Analyzing a Facebook Profile Stealer Written in Node.js Read More »

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing /

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership 01/09/2023 at 12:04 By In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign. This article is an excerpt

React to this headline:

Loading spinner

Revisiting 16shop Phishing Kit, Trend-Interpol Partnership Read More »

Earth Estries Targets Government, Tech for Cyberespionage

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Network /

Earth Estries Targets Government, Tech for Cyberespionage 30/08/2023 at 12:46 By We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the

React to this headline:

Loading spinner

Earth Estries Targets Government, Tech for Cyberespionage Read More »

Profile Stealers Spread via LLM-themed Facebook Ads

Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Profile Stealers Spread via LLM-themed Facebook Ads 23/08/2023 at 06:05 By In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

Profile Stealers Spread via LLM-themed Facebook Ads Read More »

Latest Batloader Campaigns Use Pyarmor Pro for Evasion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Latest Batloader Campaigns Use Pyarmor Pro for Evasion 04/08/2023 at 15:32 By In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Latest Batloader Campaigns Use Pyarmor Pro for Evasion Read More »

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Research /

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns 28/07/2023 at 12:03 By Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns Read More »

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad 14/07/2023 at 11:17 By We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad Read More »

Detecting BPFDoor Backdoor Variants Abusing BPF Filters

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Network /

Detecting BPFDoor Backdoor Variants Abusing BPF Filters 13/07/2023 at 13:02 By An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Detecting BPFDoor Backdoor Variants Abusing BPF Filters Read More »

Hunting for A New Stealthy Universal Rootkit Loader

Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Hunting for A New Stealthy Universal Rootkit Loader 11/07/2023 at 11:18 By In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module. This article is an excerpt from Trend

React to this headline:

Loading spinner

Hunting for A New Stealthy Universal Rootkit Loader Read More »

Tailing Big Head Ransomware’s Variants, Tactics, and Impact

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Network, Trend Micro Research : Ransomware /

Tailing Big Head Ransomware’s Variants, Tactics, and Impact 07/07/2023 at 15:33 By We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware. This article is an excerpt from

React to this headline:

Loading spinner

Tailing Big Head Ransomware’s Variants, Tactics, and Impact Read More »

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research, Trend Micro Research : Web /

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator 30/06/2023 at 13:34 By We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that

React to this headline:

Loading spinner

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator Read More »

SeroXen Incorporates Latest BatCloak Engine Iteration

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Privacy & Risks, Trend Micro Research : Spam /

SeroXen Incorporates Latest BatCloak Engine Iteration 15/06/2023 at 12:16 By We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s

React to this headline:

Loading spinner

SeroXen Incorporates Latest BatCloak Engine Iteration Read More »

To Fight Cyber Extortion and Ransomware, Shift Left

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Network, Trend Micro Research : Ransomware, Trend Micro Research : Security Strategies /

To Fight Cyber Extortion and Ransomware, Shift Left 15/06/2023 at 12:16 By How can organizations defend themselves more effectively against ransomware and other forms of cyber extortion? By “shifting left” and adopting proactive cybersecurity strategies to detect attacks sooner, mitigating breaches before they cause harm. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

To Fight Cyber Extortion and Ransomware, Shift Left Read More »

Analyzing the FUD Malware Obfuscation Engine BatCloak

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Privacy & Risks /

Analyzing the FUD Malware Obfuscation Engine BatCloak 09/06/2023 at 13:01 By We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Analyzing the FUD Malware Obfuscation Engine BatCloak Read More »

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals 30/05/2023 at 17:19 By Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of

React to this headline:

Loading spinner

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Read More »

New Info Stealer Bandit Stealer Targets Browsers, Wallets

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Malware /

New Info Stealer Bandit Stealer Targets Browsers, Wallets 26/05/2023 at 12:16 By This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

New Info Stealer Bandit Stealer Targets Browsers, Wallets Read More »

Rust-Based Info Stealers Abuse GitHub Codespaces

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Malware, Trend Micro Research : Privacy & Risks /

Rust-Based Info Stealers Abuse GitHub Codespaces 19/05/2023 at 12:32 By This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Loading spinner

Rust-Based Info Stealers Abuse GitHub Codespaces Read More »

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Connected Car, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : IoT, Trend Micro Research : Malware, Trend Micro Research : Mobile /

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices 17/05/2023 at 16:44 By An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore

React to this headline:

Loading spinner

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices Read More »

Scroll to Top