News – December 2019


  • APT review: what the world’s threat actors got up to in 2019

    December 4, 2019

    What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to approach ...

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign

    December 4, 2019

    In November 2019, Trend Micro published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristics: notably that these samples were making use of ...

  • Buer, a new loader emerges in the underground marketplace

    December 4, 2019

    For several years, Proofpoint researchers have been tracking the use of first-stage downloaders, which are used by threat actors to install other forms of malware during and after their malicious email campaigns. In particular, over the last two years, these downloaders have become increasingly robust, providing advanced profiling and targeting capabilities. More importantly, downloaders and other ...

  • FBI warns about snoopy smart TVs spying on you

    December 3, 2019

    She laughed. I laughed. The TV laughed. I shot the TV. “Blasted Decepticons!” That’s how a popular meme went after the Transformer movies hit it big. Today, it’s not so funny. A recent FBI report warned smart TV users that hackers can also take control of your unsecured TV. “At the low end of the risk spectrum, they can ...

  • Biometric data processing and storage system threats

    December 2, 2019

    Initially, digital biometric data processing systems were used primarily by government agencies and special services (police, customs, etc.). However, the rapid evolution of information technology has made biometric systems accessible for ‘civil’ use. They are increasingly becoming part of our everyday lives, augmenting and replacing traditional authentication methods, such as those based on logins and ...

  • Android: New StrandHogg vulnerability is being exploited in the wild

    December 2, 2019

    Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions ...

  • Imminent Monitor – a RAT Down Under

    December 2, 2019

    The availability of “commodity malware” – malware offered for sale – empowers a large population of criminals, who make up for their lack of technical sophistication with an abundance of malicious intent. Rather than looking just at the malware samples and functionality themselves, we’ve taken an interest in the commodity malware ecosystem; especially into the malware ...

  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

    December 2, 2019

    Trend Micro found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://goooglepress/, which was advertising a chat app called “Chatrious.” Users can ...

  • Meet PyXie: A Nefarious New Python RAT

    December 2, 2019

    BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we’re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry. PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike ...