Malware

April 22, 2021

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan (RAT) dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware can take over file systems, install ransomware and leak data from victim’s PCs, ...

April 22, 2021

Theres’s been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports. While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a ...

April 21, 2021

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and asserting it is likely the work of one actor from an Arabic-speaking country. Researchers ...

April 12, 2021

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a copyright infringement by a photographer, illustrator or designer, and they contain a link ...

April 9, 2021

More than a year after Operation DRBControl, a campaign by a cyberespionage group that targets gambling and betting companies in Southeast Asia, we found evidence that the Iron Tiger threat actor is still interested in the gambling industry. This blog details how Iron Tiger threat actors have updated their toolkit with an updated SysUpdate malware variant ...

April 9, 2021

On March 8, 2021, Unit 42 published “Attack Chain Overview: Emotet in December 2020 and January 2021.” Based on that analysis, the updated version of Emotet talks to different command and control (C2) servers for data exfiltration or to implement further attacks. We observed attackers taking advantage of a sophisticated evasion technique and encryption algorithm ...

April 7, 2021

A new variant of Android malware has been discovered in an app on Google Play that entices users by promising free Netflix subscriptions. On Wednesday, Check Point Research (CPR) said the “wormable” mobile malware was discovered in the Google Play Store, the official repository for Android apps. The malicious software, dubbed “FlixOnline,” disguises itself as a ...

April 6, 2021

A banking Trojan striking corporate targets across Brazil has been unmasked by researchers. On Tuesday, ESET published an advisory on the malware, which has been in development since 2018. Dubbed Janeleiro, the Trojan appears to be focused on Brazil as a hunting ground and has been used in cyberattacks against corporate players in sectors including healthcare, engineering, ...

April 5, 2021

In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropped from a self-extracting archive. Initially considered to be the ...

April 1, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has instructed US government agencies with on-premise Exchange systems to run Microsoft malware scanners and report results by April 5. CISA issued supplementary direction to its “ED 21-02” directive; the new request applies to any federal agency that had an Exchange server connected directly or indirectly to the internet ...