Trend Micro Research : Research

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research /

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source […]

React to this headline:

Loading spinner

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »

Analyzing a Facebook Profile Stealer Written in Node.js

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Analyzing a Facebook Profile Stealer Written in Node.js Read More »

Profile Stealers Spread via LLM-themed Facebook Ads

Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Profile Stealers Spread via LLM-themed Facebook Ads 23/08/2023 at 06:05 By In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

Profile Stealers Spread via LLM-themed Facebook Ads Read More »

The Current Security State of Private 5G Networks

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Network, Trend Micro Research : Privacy & Risks, Trend Micro Research : Research /

The Current Security State of Private 5G Networks 18/08/2023 at 19:01 By Private 5G networks offer businesses enhanced security, reliability, and scalability. Learn more about why private 5G could be the future of secure networking. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

The Current Security State of Private 5G Networks Read More »

Monti Ransomware Unleashes a New Encryptor for Linux

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Monti Ransomware Unleashes a New Encryptor for Linux 14/08/2023 at 11:32 By The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions. This article is an excerpt

React to this headline:

Loading spinner

Monti Ransomware Unleashes a New Encryptor for Linux Read More »

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector 09/08/2023 at 12:34 By In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector Read More »

Latest Batloader Campaigns Use Pyarmor Pro for Evasion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Latest Batloader Campaigns Use Pyarmor Pro for Evasion 04/08/2023 at 15:32 By In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Latest Batloader Campaigns Use Pyarmor Pro for Evasion Read More »

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Research /

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns 28/07/2023 at 12:03 By Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns Read More »

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad 14/07/2023 at 11:17 By We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad Read More »

Hunting for A New Stealthy Universal Rootkit Loader

Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Hunting for A New Stealthy Universal Rootkit Loader 11/07/2023 at 11:18 By In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module. This article is an excerpt from Trend

React to this headline:

Loading spinner

Hunting for A New Stealthy Universal Rootkit Loader Read More »

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research, Trend Micro Research : Web /

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator 30/06/2023 at 13:34 By We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that

React to this headline:

Loading spinner

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator Read More »

An Overview of the Different Versions of the Trigona Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

An Overview of the Different Versions of the Trigona Ransomware 23/06/2023 at 15:24 By The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously

React to this headline:

Loading spinner

An Overview of the Different Versions of the Trigona Ransomware Read More »

Gaps in Azure Service Fabric’s Security Call for User Vigilance

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Latest News, Trend Micro Research : Research /

Gaps in Azure Service Fabric’s Security Call for User Vigilance 21/06/2023 at 13:43 By In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Gaps in Azure Service Fabric’s Security Call for User Vigilance Read More »

Behind the Scenes: Unveiling the Hidden Workings of Earth Preta

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Research /

Behind the Scenes: Unveiling the Hidden Workings of Earth Preta 14/06/2023 at 15:00 By This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor. This article

React to this headline:

Loading spinner

Behind the Scenes: Unveiling the Hidden Workings of Earth Preta Read More »

Investigating BlackSuit Ransomware’s Similarities to Royal

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Investigating BlackSuit Ransomware’s Similarities to Royal 31/05/2023 at 13:02 By In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal Ransomware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Investigating BlackSuit Ransomware’s Similarities to Royal Read More »

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals 30/05/2023 at 17:19 By Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of

React to this headline:

Loading spinner

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Read More »

Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Research, Trend Micro Research : Web /

Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies 25/05/2023 at 11:52 By This blog entry features three case studies that show how malicious actors evade the antispam, antibot, and antiabuse measures of online web services via residential proxies and CAPTCHA-breaking services. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies Read More »

BlackCat Ransomware Deploys New Signed Kernel Driver

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

BlackCat Ransomware Deploys New Signed Kernel Driver 22/05/2023 at 13:03 By In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase. This article is an excerpt from Trend Micro Research, News and Perspectives View

React to this headline:

Loading spinner

BlackCat Ransomware Deploys New Signed Kernel Driver Read More »

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules 15/05/2023 at 13:12 By Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work. This article is

React to this headline:

Loading spinner

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules Read More »

Malicious AI Tool Ads Used to Deliver Redline Stealer

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Malicious AI Tool Ads Used to Deliver Redline Stealer 12/05/2023 at 12:25 By We’ve been observing malicious advertisement campaigns in Google’s search engine with themes that are related to AI tools such as Midjourney and ChatGPT. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Malicious AI Tool Ads Used to Deliver Redline Stealer Read More »

Scroll to Top