Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

Credit to Author: Jaromir Horejsi| Date: Thu, 01 Aug 2024 00:00:00 +0000

We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.

Read more

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Credit to Author: Cj Arsley Mateo| Date: Fri, 19 Jul 2024 00:00:00 +0000

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Read more

Network detection & response: the SOC stress reliever

Credit to Author: Trend Micro Research| Date: Tue, 09 Jul 2024 00:00:00 +0000

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Read more

Why You Need Network Detection & Response Now

Credit to Author: Trend Micro Research| Date: Tue, 09 Jul 2024 00:00:00 +0000

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Read more

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Credit to Author: Shubham Singh| Date: Fri, 05 Jul 2024 00:00:00 +0000

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Read more

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Credit to Author: Trend Micro Research| Date: Thu, 04 Jul 2024 00:00:00 +0000

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.

Read more

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Credit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.

Read more

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Read more

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Read more

Decoding Water Sigbin’s Latest Obfuscation Tricks

Credit to Author: Sunil Bharti| Date: Thu, 30 May 2024 00:00:00 +0000

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Read more