Trend Micro Research : Research - Security Ticks

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing 22/11/2023 at 10:11 By The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023. This article is an excerpt from […]

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing Read More »

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Network, Trend Micro Research : Research / SecurityTicks

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits 20/11/2023 at 12:17 By We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner. This article is an excerpt from Trend Micro Research, News and Perspectives

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits Read More »

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 10/11/2023 at 13:18 By We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518 Read More »

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting 09/11/2023 at 12:01 By We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies. This article is an excerpt from

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting Read More »

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cyber Threats, Trend Micro Research : ICS OT, Trend Micro Research : Mobile, Trend Micro Research : Research / SecurityTicks

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores 24/10/2023 at 06:43 By In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane. This article is an excerpt from Trend

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores Read More »

Beware: Lumma Stealer Distributed via Discord CDN

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Beware: Lumma Stealer Distributed via Discord CDN 16/10/2023 at 11:31 By This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Beware: Lumma Stealer Distributed via Discord CDN Read More »

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant 13/10/2023 at 11:02 By Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor. This article is an excerpt from Trend Micro Research, News

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant Read More »

Exposing Infection Techniques Across Supply Chains and Codebases

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Network, Trend Micro Research : Research / SecurityTicks

Exposing Infection Techniques Across Supply Chains and Codebases 05/10/2023 at 12:47 By This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Exposing Infection Techniques Across Supply Chains and Codebases Read More »

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement

Trend Micro Research : APT & Targeted Attacks, Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement 18/09/2023 at 14:32 By While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor’s server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we’ve dubbed SprySOCKS due to its swift behavior and

Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement Read More »

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Exploits & Vulnerabilities, Trend Micro Research : Malware, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware 13/09/2023 at 14:01 By In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware Read More »

Analyzing a Facebook Profile Stealer Written in Node.js

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Phishing, Trend Micro Research : Research / SecurityTicks

Analyzing a Facebook Profile Stealer Written in Node.js 05/09/2023 at 12:33 By We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication. This article is an excerpt from Trend Micro Research, News

Analyzing a Facebook Profile Stealer Written in Node.js Read More »

Profile Stealers Spread via LLM-themed Facebook Ads

Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Profile Stealers Spread via LLM-themed Facebook Ads 23/08/2023 at 06:05 By In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials. This article is an excerpt from Trend Micro Research, News and Perspectives

Profile Stealers Spread via LLM-themed Facebook Ads Read More »

The Current Security State of Private 5G Networks

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Network, Trend Micro Research : Privacy & Risks, Trend Micro Research : Research / SecurityTicks

The Current Security State of Private 5G Networks 18/08/2023 at 19:01 By Private 5G networks offer businesses enhanced security, reliability, and scalability. Learn more about why private 5G could be the future of secure networking. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

The Current Security State of Private 5G Networks Read More »

Monti Ransomware Unleashes a New Encryptor for Linux

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

Monti Ransomware Unleashes a New Encryptor for Linux 14/08/2023 at 11:32 By The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions. This article is an excerpt

Monti Ransomware Unleashes a New Encryptor for Linux Read More »

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Ransomware, Trend Micro Research : Research / SecurityTicks

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector 09/08/2023 at 12:34 By In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector Read More »

Latest Batloader Campaigns Use Pyarmor Pro for Evasion

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Latest Batloader Campaigns Use Pyarmor Pro for Evasion 04/08/2023 at 15:32 By In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Latest Batloader Campaigns Use Pyarmor Pro for Evasion Read More »

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Malware, Trend Micro Research : Mobile, Trend Micro Research : Research / SecurityTicks

Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns 28/07/2023 at 12:03 By Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad 14/07/2023 at 11:17 By We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack. This article is an excerpt from Trend Micro Research, News and Perspectives View Original Source

Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad Read More »

Hunting for A New Stealthy Universal Rootkit Loader

Trend Micro Research : Cyber Threats, Trend Micro Research : Latest News, Trend Micro Research : Malware, Trend Micro Research : Research / SecurityTicks

Hunting for A New Stealthy Universal Rootkit Loader 11/07/2023 at 11:18 By In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module. This article is an excerpt from Trend

Hunting for A New Stealthy Universal Rootkit Loader Read More »

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Endpoints, Trend Micro Research : Malware, Trend Micro Research : Research, Trend Micro Research : Web / SecurityTicks

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator 30/06/2023 at 13:34 By We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that

Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator Read More »