Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from […]
React to this headline:
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores 24/10/2023 at 06:43 By In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. This article is an excerpt from Trend
React to this headline:
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores Read More »
Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
Beware: Lumma Stealer Distributed via Discord CDN Read More »
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News
React to this headline:
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »
Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
Exposing Infection Techniques Across Supply Chains and Codebases Read More »
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and
React to this headline:
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source
React to this headline:
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »
Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News
React to this headline:
Analyzing a Facebook Profile Stealer Written in Node.js Read More »
Profile Stealers Spread via LLM-themed Facebook Ads 23/08/2023 at 06:05 By In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. This article is an excerpt from Trend Micro Research, News and Perspectives
React to this headline:
Profile Stealers Spread via LLM-themed Facebook Ads Read More »
The Current Security State of Private 5G Networks 18/08/2023 at 19:01 By Private 5G networks offer businesses enhanced security, reliability, and scalability. Learn more about why private 5G could be the future of secure networking. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
The Current Security State of Private 5G Networks Read More »
Monti Ransomware Unleashes a New Encryptor for Linux 14/08/2023 at 11:32 By The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions. This article is an excerpt
React to this headline:
Monti Ransomware Unleashes a New Encryptor for Linux Read More »
An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector 09/08/2023 at 12:34 By In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:
React to this headline:
An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector Read More »
Latest Batloader Campaigns Use Pyarmor Pro for Evasion 04/08/2023 at 15:32 By In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to
React to this headline:
Latest Batloader Campaigns Use Pyarmor Pro for Evasion Read More »
Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns 28/07/2023 at 12:03 By Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns Read More »
Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad 14/07/2023 at 11:17 By We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React
React to this headline:
Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad Read More »
Hunting for A New Stealthy Universal Rootkit Loader 11/07/2023 at 11:18 By In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module. This article is an excerpt from Trend
React to this headline:
Hunting for A New Stealthy Universal Rootkit Loader Read More »
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator 30/06/2023 at 13:34 By We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that
React to this headline:
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator Read More »
An Overview of the Different Versions of the Trigona Ransomware 23/06/2023 at 15:24 By The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously
React to this headline:
An Overview of the Different Versions of the Trigona Ransomware Read More »
Gaps in Azure Service Fabric’s Security Call for User Vigilance 21/06/2023 at 13:43 By In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications. This article is an excerpt from Trend Micro Research, News
React to this headline:
Gaps in Azure Service Fabric’s Security Call for User Vigilance Read More »
Behind the Scenes: Unveiling the Hidden Workings of Earth Preta 14/06/2023 at 15:00 By This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor. This article
React to this headline:
Behind the Scenes: Unveiling the Hidden Workings of Earth Preta Read More »