Python-Based NodeStealer Version Targets Facebook Ads Manager

Credit to Author: Aira Marcelo| Date: Thu, 19 Dec 2024 00:00:00 +0000

In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram.

Read more

Gafgyt Malware Broadens Its Scope in Recent Attacks

Credit to Author: Sunil Bharti| Date: Tue, 03 Dec 2024 00:00:00 +0000

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.

Read more

Gafgyt Malware Targeting Docker Remote API Servers

Credit to Author: Sunil Bharti| Date: Tue, 03 Dec 2024 00:00:00 +0000

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior.

Read more

MDR in Action: Preventing The More_eggs Backdoor From Hatching

Credit to Author: Ryan Soliven| Date: Mon, 30 Sep 2024 00:00:00 +0000

Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.

Read more

Earth Preta Evolves its Attacks with New Malware and Strategies

Credit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Read more

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Credit to Author: Mohamed Fahmy| Date: Thu, 29 Aug 2024 00:00:00 +0000

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.

Read more

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

Credit to Author: Abdelrahman Esmail| Date: Wed, 28 Aug 2024 00:00:00 +0000

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Read more