Threat analysis – Page 2 – PossibleThreat Articles

Hundreds of counterfeit online shoe stores injected with credit card skimmer

December 10, 2019 0 Comments counterfeit, credit card, fraud, Magecart, shoes, skimmers, Threat analysis

Credit to Author: Jérôme Segura| Date: Tue, 10 Dec 2019 17:30:50 +0000

A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.

Categories:

Threat analysis

Tags: counterfeit credit card fraud Magecart shoes skimmers

MalwareBytes Security

New version of IcedID Trojan uses steganographic payloads

December 3, 2019 0 Comments backdoor, banking trojan, banking trojans, credential stealing, downloader, hooking browsers, icedid trojan, malware, malware analysis, man-in-the-browser attacks, passwords, stealer, stealer functionality, stealing passwords, stealthy malware, Threat analysis, trickbot, Trojans

Credit to Author: Threat Intelligence Team| Date: Tue, 03 Dec 2019 18:06:13 +0000

We take a deep dive into the IcedID Trojan, describing the new payloads of this advanced malware.

Categories:

Threat analysis

Tags: backdoor banking Trojan banking Trojans credential stealing downloader hooking browsers IcedID Trojan malware malware analysis man-in-the-browser attacks passwords stealer stealer functionality stealing passwords stealthy malware trickbot Trojans

MalwareBytes Security

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

October 22, 2019 0 Comments advanced persistent threats, apts, attribution, carbanak, cybercriminal groups, dridex, group5, Magecart, malicious domains, malicious websites, skimmer, Threat analysis

Credit to Author: Threat Intelligence Team| Date: Tue, 22 Oct 2019 15:00:00 +0000

Bread crumbs left behind open up a possible connection between Magecart Group 5 and Carbanak.

Categories:

Threat analysis

Tags: advanced persistent threats APTs attribution carbanak cybercriminal groups dridex Group5 Magecart malicious domains malicious websites skimmer

MalwareBytes Security

Magecart Group 4: A link with Cobalt Group?

October 3, 2019 0 Comments carbanak, colbalt group, credit cards, data theft, ecommerce, Fin7, group 4, Hyas, JavaScript, Magecart, skimmers, threat actor, threat actor group, threat actors, Threat analysis

Credit to Author: Threat Intelligence Team| Date: Thu, 03 Oct 2019 15:00:00 +0000

Malwarebytes threat intel partnered with security firm HYAS to connect the dots between Magecart Group 4 and the advanced threat group Cobalt.

Categories:

Threat analysis

Tags: carbanak colbalt group credit cards data theft ecommerce FIN7 group 4 HYAS JavaScript Magecart skimmers threat actor threat actor group threat actors

(Read more…)

The post Magecart Group 4: A link with Cobalt Group? appeared first on Malwarebytes Labs.

MalwareBytes Security

Magecart criminals caught stealing with their poker face on

August 20, 2019 0 Comments drupal, JavaScript, Magecart, magento, poker, skimmer, Threat analysis

Credit to Author: Jérôme Segura| Date: Tue, 20 Aug 2019 15:00:38 +0000

This blog post details the curious case of a web skimmer encountered in a poker application.

Categories:

Threat analysis

Tags: drupal JavaScript Magecart magento poker skimmer

MalwareBytes Security

The Hidden Bee infection chain, part 1: the stegano pack

August 15, 2019 0 Comments cryptominers, custom code, exploit kits, exploits, hidden bee, infection chain, infection vector, malware modules, miner, miners, obfuscation, payloads, Threat analysis, Underminer, Underminer EK

Credit to Author: hasherezade| Date: Thu, 15 Aug 2019 15:26:55 +0000

The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That’s why we’re dedicating a series of posts to exploring its elements and updates made during one year of its evolution.

Categories:

Threat analysis

Tags: cryptominers custom code exploit kits exploits hidden bee infection chain infection vector malware modules miner miners obfuscation payloads Underminer Underminer EK

MalwareBytes Security

Say hello to Lord Exploit Kit

August 2, 2019 0 Comments EK, eris, exploit kit, exploits, Lord EK, malvertising, njRAT, Ransomware, Threat analysis

Credit to Author: Jérôme Segura| Date: Fri, 02 Aug 2019 18:15:24 +0000

In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.

Categories:

Tags: EK eris exploit kit Lord EK malvertising njRAT ransomware

(Read more…)

The post Say hello to Lord Exploit Kit appeared first on Malwarebytes Labs.

MalwareBytes Security

Exploit kits: summer 2019 review

July 30, 2019 0 Comments drive-by, EK, EKs, exploit kits, exploits, Fallout, GreenFlash Sundown, Magnitude, RIG, Spelevo, Threat analysis, Underminer

Credit to Author: Jérôme Segura| Date: Tue, 30 Jul 2019 16:20:33 +0000

In this edition of our seasonal review of exploit kits, we review active and unique EKs hitting consumers and businesses over the summer 2019 season.

Categories:

Threat analysis

Tags: drive-by EK EKs exploit kits exploits Fallout GreenFlash Sundown Magnitude RIG Spelevo Underminer

(Read more…)

The post Exploit kits: summer 2019 review appeared first on Malwarebytes Labs.

MalwareBytes Security

A deep dive into Phobos ransomware

July 24, 2019 0 Comments crysis, dharma, Phobos, Ransomware, Threat analysis

Credit to Author: hasherezade| Date: Wed, 24 Jul 2019 18:09:33 +0000

We take an in-depth look into Phobos ransomware which threat actors distribute via RDP and look at similarities with Dharma (AKA CrySis) ransomware.

Categories:

Threat analysis

Tags: crysis dharma Phobos ransomware

(Read more…)

The post A deep dive into Phobos ransomware appeared first on Malwarebytes Labs.

MalwareBytes Security

GreenFlash Sundown exploit kit expands via large malvertising campaign

July 19, 2019 0 Comments EK, exploit kit, GreenFlash Sundown, malvertising, seon ransomware, Threat analysis

Credit to Author: Jérôme Segura| Date: Wed, 26 Jun 2019 18:30:48 +0000

The GreenFlash exploit kit, which we typically saw targeting South Korean users, reaches globally with a large malvertising campaign via a popular website.

Categories:

Threat analysis

Tags: EK exploit kit GreenFlash Sundown malvertising seon ransomware