Malware

December 4, 2024

Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads ...

December 3, 2024

INTERPOL has launched a campaign to raise awareness on the growing threat of cyber and financial crimes against vulnerable individuals and organizations. The Think Twice campaign, which includes a series of short videos, focuses on five rising online threats: ransomware attacks, malware attacks, phishing, generative AI scams, and romance baiting. These sophisticated scams have seen a ...

November 27, 2024

In Q3 2024, the Positive Technologies Expert Security Center (PT ESC) TI Department discovered a series of attacks on Russian government agencies. PT ESC researchers were unable to establish any connection with known groups using the same techniques. The main goal was espionage and gaining a foothold to follow through on further attacks. They dubbed the group ...

November 26, 2024

This week, the SonicWall Capture Labs threat research team investigated a sample of SteelFox malware. This is bundled with “software activators” for JetBrains and Foxit PDF readers. During installation, they run as a service and use vulnerable signed Windows drivers to exploit and attack the kernel. Secondarily, cryptominers such as XMRig are run in memory via ...

November 26, 2024

In a recent incident response case, Kaspersky dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim’s server after a successful brute force attack and then launch the ransomware. After that, the adversary was able to elevate their privileges by exploiting the ...

November 22, 2024

Google Chrome is the most widely used web browser in the world, and this dominance makes it a great vector for cybercriminals to use to spread malware to unsuspecting users. The SonicWall Capture Labs threat research team recently found what appears to be a legitimate website where a user can download and install Google Chrome. But ...

November 19, 2024

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. While some vendors suspect that the actor using LODEINFO might be APT10, we don’t have enough evidence to fully support this speculation. Currently, we view APT10 and Earth Kasha as different entities, although they ...

November 19, 2024

In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of an attack on a municipal energy company in Ukraine in early 2024. FrostyGoop is the ninth ...

November 18, 2024

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires ...

November 8, 2024

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While Malwarebytes Labs noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of ...