New Orcinius Trojan Uses VBA Stomping to Mask Infection

This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. It contains an obfuscated VBA macro Read More …

Hellhounds: Operation Lahat. Part 2

In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Read More …

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or Read More …

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins

Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to Read More …

TicTacToe Dropper

While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023. Malware droppers are malicious software designed to deliver and execute additional malware on a victim Read More …

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM Read More …

Spyware Employs Various Obfuscation Techniques to Bypass Static Analysis

With the surging popularity of mobile applications, the landscape of cybersecurity is encountering increasingly intricate and discreet forms of malicious software. One common strategy in the realm of cybersecurity is code obfuscation. This practice involves the deliberate alteration of various Read More …

DarkGate reloaded via malvertising and SEO poisoning campaigns

In July 2023, Malwarebytes researchers observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file Read More …