Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Credit to Author: Joseph C Chen| Date: Fri, 17 Feb 2023 00:00:00 +0000

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea.

Read more

“Payzero” Scams and The Evolution of Asset Theft in Web3

Credit to Author: Fyodor Yarochkin| Date: Wed, 18 Jan 2023 00:00:00 +0000

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.

Read more

Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks

Credit to Author: Ivan Nicole Chavez| Date: Wed, 21 Dec 2022 00:00:00 +0000

From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings from our investigation of this ransomware and the tools that Royal ransomware actors used to carry out their attacks.

Read more

Trend Joining App Defense Alliance Announced by Google

Credit to Author: Jon Clay| Date: Thu, 15 Dec 2022 00:00:00 +0000

Trend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store.

Read more

How Water Labbu Exploits Electron-Based Applications

Credit to Author: Joseph C Chen| Date: Wed, 05 Oct 2022 00:00:00 +0000

In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.

Read more

Tracking Earth Aughisky’s Malware and Changes

Credit to Author: CH Lei| Date: Tue, 04 Oct 2022 00:00:00 +0000

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

Read more

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Credit to Author: Joseph C Chen| Date: Mon, 03 Oct 2022 00:00:00 +0000

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

Read more

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Credit to Author: David Fiser| Date: Wed, 17 Aug 2022 00:00:00 +0000

While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows.

Read more