8220 Gang Evolves With New Strategies

Credit to Author: Sunil Bharti| Date: Tue, 16 May 2023 00:00:00 +0000

We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability.

Read more

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules

Credit to Author: Jaromir Horejsi| Date: Mon, 15 May 2023 00:00:00 +0000

Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.

Read more

Attack on Security Titans: Earth Longzhi Returns With New Tricks

Credit to Author: Ted Lee| Date: Tue, 02 May 2023 00:00:00 +0000

After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.

Read more

Rapture, a Ransomware Family With Similarities to Paradise

Credit to Author: Don Ovid Ladores| Date: Fri, 28 Apr 2023 00:00:00 +0000

In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.

Read more

ViperSoftX Updates Encryption, Steals Data

Credit to Author: Don Ovid Ladores| Date: Mon, 24 Apr 2023 00:00:00 +0000

We observed cryptocurrency and information stealer ViperSoftX evading initial loader detection and making its lure more believable by making the initial package loader via cracks, keygens, activators, and packers non-malicious. We also noted more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking.

Read more

Mac Malware MacStealer Spreads as Fake P2E Apps

Credit to Author: Qi Sun| Date: Thu, 30 Mar 2023 00:00:00 +0000

We detected Mac malware MacStealer spreading via websites, social media, and messaging platforms Twitter, Discord, and Telegram. Cybercriminals lure victims to download it by plagiarizing legitimate play-to-earn (P2E) apps’ images and offering jobs as beta testers.

Read more

New OpcJacker Malware Distributed via Fake VPN Malvertising

Credit to Author: Jaromir Horejsi| Date: Wed, 29 Mar 2023 00:00:00 +0000

We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.

Read more

Emotet Returns, Now Adopts Binary Padding for Evasion

Credit to Author: Ian Kenefick| Date: Mon, 13 Mar 2023 00:00:00 +0000

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails.

Read more