Credit to Author: Trend Micro Research| Date: Fri, 28 Jul 2023 00:00:00 +0000
Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Sherif Magdy| Date: Tue, 11 Jul 2023 00:00:00 +0000
In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module.
Read moreCredit to Author: Lucas Silva| Date: Fri, 30 Jun 2023 00:00:00 +0000
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Read moreCredit to Author: Arianne Dela Cruz| Date: Fri, 23 Jun 2023 00:00:00 +0000
The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.
Read moreCredit to Author: David Fiser| Date: Wed, 21 Jun 2023 00:00:00 +0000
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
Read moreCredit to Author: Sunny Lu| Date: Wed, 14 Jun 2023 00:00:00 +0000
This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor.
Read moreCredit to Author: Cedric Pernet| Date: Tue, 06 Jun 2023 00:00:00 +0000
We have been able to uncover a massive cryptocurrency scam involving more than a thousand websites handled by different affiliates linked to a program called Impulse Project, run by a threat actor named Impulse Team.
Read moreCredit to Author: Earle Maui Earnshaw| Date: Tue, 06 Jun 2023 00:00:00 +0000
This blog talks about the latest TargetCompany ransomware variant, Xollam, and the new initial access technique it uses. We also investigate previous variants’ behaviors and the ransomware family’s extortion scheme.
Read more