Credit to Author: Hitomi Kimura| Date: Wed, 13 Sep 2023 00:00:00 +0000
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Read moreCredit to Author: Jaromir Horejsi| Date: Tue, 05 Sep 2023 00:00:00 +0000
We analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.
Read moreCredit to Author: Trend Micro Research| Date: Tue, 29 Aug 2023 00:00:00 +0000
The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.
Read moreCredit to Author: Jindrich Karasek| Date: Wed, 23 Aug 2023 00:00:00 +0000
In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.
Read moreCredit to Author: Nathaniel Morales| Date: Mon, 14 Aug 2023 00:00:00 +0000
The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.
Read moreCredit to Author: Trend Micro Research| Date: Wed, 09 Aug 2023 00:00:00 +0000
In this blog entry, we will provide details on Rhysida, including its targets and what we know about its infection chain.
Read moreCredit to Author: Junestherry Dela Cruz| Date: Mon, 07 Aug 2023 00:00:00 +0000
In June 2023, Trend Micro observed an upgrade to the evasion techniques used by the Batloader initial access malware, which we’ve covered in previous blog entries.
Read moreCredit to Author: Trend Micro Research| Date: Fri, 28 Jul 2023 00:00:00 +0000
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read more