Trend Micro Research : Research

Opening Critical Infrastructure: The Current State of Open RAN Security

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : ICS OT, Trend Micro Research : Research /

Opening Critical Infrastructure: The Current State of Open RAN Security 01/12/2023 at 11:17 By The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem. […]

React to this headline:

Loading spinner

Opening Critical Infrastructure: The Current State of Open RAN Security Read More »

ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : Research /

ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil 23/11/2023 at 11:31 By We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil Read More »

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing 22/11/2023 at 10:11 By The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. This article is an excerpt from

React to this headline:

Loading spinner

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing Read More »

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Network, Trend Micro Research : Research /

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 20/11/2023 at 12:17 By We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits Read More »

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 10/11/2023 at 13:18 By We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 Read More »

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from

React to this headline:

Loading spinner

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting Read More »

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : ICS OT, Trend Micro Research : Mobile, Trend Micro Research : Research /

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores 24/10/2023 at 06:43 By In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. This article is an excerpt from Trend

React to this headline:

Loading spinner

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores Read More »

Beware: Lumma Stealer Distributed via Discord CDN

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research /

Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Beware: Lumma Stealer Distributed via Discord CDN Read More »

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »

Exposing Infection Techniques Across Supply Chains and Codebases

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Network, Trend Micro Research : Research /

Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

Exposing Infection Techniques Across Supply Chains and Codebases Read More »

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research /

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and

React to this headline:

Loading spinner

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research /

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

React to this headline:

Loading spinner

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »

Analyzing a Facebook Profile Stealer Written in Node.js

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research /

Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News

React to this headline:

Loading spinner

Analyzing a Facebook Profile Stealer Written in Node.js Read More »

Profile Stealers Spread via LLM-themed Facebook Ads

Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research /

Profile Stealers Spread via LLM-themed Facebook Ads 23/08/2023 at 06:05 By In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Loading spinner

Profile Stealers Spread via LLM-themed Facebook Ads Read More »

The Current Security State of Private 5G Networks

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Network, Trend Micro Research : Privacy & Risks, Trend Micro Research : Research /

The Current Security State of Private 5G Networks 18/08/2023 at 19:01 By Private 5G networks offer businesses enhanced security, reliability, and scalability. Learn more about why private 5G could be the future of secure networking. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

The Current Security State of Private 5G Networks Read More »

Monti Ransomware Unleashes a New Encryptor for Linux

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

Monti Ransomware Unleashes a New Encryptor for Linux 14/08/2023 at 11:32 By The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions. This article is an excerpt

React to this headline:

Loading spinner

Monti Ransomware Unleashes a New Encryptor for Linux Read More »

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research /

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector 09/08/2023 at 12:34 By In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to this headline:

React to this headline:

Loading spinner

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector Read More »

Latest Batloader Campaigns Use Pyarmor Pro for Evasion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Latest Batloader Campaigns Use Pyarmor Pro for Evasion 04/08/2023 at 15:32 By In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React to

React to this headline:

Loading spinner

Latest Batloader Campaigns Use Pyarmor Pro for Evasion Read More »

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Research /

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns 28/07/2023 at 12:03 By Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns Read More »

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research /

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad 14/07/2023 at 11:17 By We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source React

React to this headline:

Loading spinner

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad Read More »

Scroll to Top