The Trend Micro Managed XDR and Incident Response (IR) teams recently analyzed incidents where threat actors deploying Black Basta and Cactus ransomware used the same BackConnect malware to strengthen their foothold on compromised machines.
The BackConnect malware is a tool that cybercriminals use to establish and maintain persistent control over compromised systems. Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute commands on the infected machine. This enables them to steal sensitive data, such as login credentials, financial information, and personal files.
Read more…
Source: Trend Micro
Related:
- Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
November 26, 2018
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October. Mobile malware, dubbed Rotexy, has evolved from being spyware to now a dangerous banking trojan packing a host of new clever features. Researchers report 70,000 attacks between August and October with targets primarily based in Russia. In a technical brief released ...
- Rowhammer attacks can now bypass ECC memory protections
November 22, 2018
Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...
- Lazarus APT Uses Modular Backdoor to Target Financial Institutions
November 21, 2018
The advanced persistent threat group Lazarus with North Korean links has been observed using a modular backdoor during last week to compromise a series of Latin American financial institutions by Trend Micro’s Lenart Bermejo and Joelson Soares. As unearthed by the Trend Micro research team, the APT38 threat group successfully compromised a number of computing systems ...
- L0rdix becomes the new Swiss Army knife of Windows hacking
November 21, 2018
A new hacking tool making the rounds in underground forums has been deemed the latest “go-to” universal offering for attackers targeting Microsoft Windows PCs. The software is called L0rdix and according to cybersecurity researchers from enSilo is “aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, can avoid malware analysis tools.” In a blog ...
- Russia’s Elite Hackers May Have New Phishing Tricks
November 20, 2018
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach. “There’s a lot of ramping ...
- True Identity of Notorious Hacker tessa88 Revealed
November 20, 2018
In early 2016, a previously unknown hacker operating under the alias of tessa88 publicly emerged after offering an extensive list of compromised, high-profile databases for sale. The hacker offered for sale the databases of companies such as VKontakte, Mobango, Myspace, Badoo, QIP, Dropbox, Rambler, LinkedIn, and Twitter, among others. Within several months of incredibly active ...