Malware

September 11, 2023

In August, FortiGuard Labs obtained a Word document containing a malicious URL designed to entice victims to download a malware loader. This loader employs a binary padding evasion strategy that adds null bytes to increase the file’s size to 400 MB. The payloads of this loader include OriginBotnet for keylogging and password recovery, RedLine Clipper ...

September 11, 2023

The group’s offensives first got on Kaspersky researchers radar in late 2020. Back then, the cybercriminals had not yet adopted the moniker “Cuba”; they were known as “Tropical Scorpius”. Cuba mostly targets organizations in the United States, Canada and Europe. The gang has scored a series of resonant attacks on oil companies, financial services, government ...

September 8, 2023

UPDATE 11.09.2023. Google has informed us that all the apps were deleted from the Google Play store A while ago Kaspersky researchers discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a distributed network of data processing ...

September 7, 2023

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines. This activity has been ongoing since at least November 2021. The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max and SketchUp Pro, with malicious scripts and ...

September 5, 2023

During previous analysis of a campaign involving a Facebook stealer, Trend Micro researchers discovered another interesting stealer. It was written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a command-and-control (C&C) server, and employed GraphQL as a channel for C&C communication. This blog entry investigates this new stealer ...

September 5, 2023

FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access. It is often used for Malware-as-a-Service (MaaS). FortiGuard Labs researcher Xiaopeng Zhang performed an in-depth analysis of this campaign, from the initial phishing email to ...

August 31, 2023

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), ...

August 31, 2023

SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional attacks, including operations related ...

August 31, 2023

It’s a longstanding question: can your phone really take selfies without your knowledge? The answer is yes, but with a pretty big asterisk next to it. And that asterisk is known as spyware. Spyware can use your phone for snooping in several ways, including using your camera to take pictures and videos. What exactly is spyware? ...

August 30, 2023

In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. Zscaler team yielded valuable ...