Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group

Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns Read More …

QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides Read More …

Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

A newly uncovered trojan malware campaign is targeting businesses and higher education in what appears to be an effort to steal usernames, passwords and other private information as well as creating a persistent backdoor onto compromised systems. Jupyter infostealer has Read More …

Ghimob: a Tétrade threat actor moves to infect mobile devices

Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a Read More …

When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat Read More …

QBot phishing lures victims using US election interference emails

The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with Read More …

Wireshark Tutorial: Examining Dridex Infection Traffic

This tutorial is designed for security professionals who investigate suspicious network activity and review network packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Dridex is the name for a family Read More …