Malware

August 25, 2023

  Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the ...

August 24, 2023

Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with ...

August 23, 2023

In July 2023, Malwarebytes researchers observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file came as an MSI installer containing an AutoIT script where the payload was obfuscated to avoid ...

August 22, 2023

A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, the attackers used malware signed with a legitimate Microsoft certificate. Most of the victims in this ...

August 15, 2023

Researchers have revealed that more than 100,000 hackers could be operating on compromised devices due to their involvement on cyber crime forums. A study from Hudson Rock identified around 120,000 devices infected with malware that contained login credentials for cyber crime forums. The firm said that many of the individuals operating with compromised machines may have ...

August 10, 2023

In June of 2023, researchers at Zscaler ThreatLabz discovered a threat actor targeting FinTech users in the LATAM region. JanelaRAT involves several tactics, techniques, and procedures (TTPs) such as DLL side-loading, dynamic C2 infrastructure, and a multi-stage attack. The final malware involved in this campaign is a heavily modified variant of BX RAT. Because of this, ...

August 9, 2023

On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...

August 9, 2023

FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx. FortiGuard Labs analysis also revealed a significant increase in injector ...

August 7, 2023

Ransomware gangs are consistently rebranding or merging with other groups, as highlighted in our 2022 Year in Review, or these actors work for multiple ransomware-as-a-service (RaaS) outfits at a time, and new groups are always emerging. This trend is already continuing this year. Since 2021, there have been multiple leaks of ransomware source code and builders ...

August 3, 2023

The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, Kaspersky researchers rely both on samples that they detect and their monitoring efforts, which cover botnets and underground forums. While doing so, the researchers found ...