Lazarus pivots to Linux attacks through Dacls Trojan

Lazarus, an advanced persistent threat (APT) group, has expanded its reach with the development and use of a Trojan designed to attack Linux systems. The APT, suspected to hail from North Korea, has previously been connected to global cyberattacks and Read More …

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of the Windows Read More …

APAC’s Compromised Domains Fuel Emotet Campaign

Discovered in 2014, Emotet is one of the most prolific malware families, infecting computer systems globally through its mass campaigns of spam email that delivers malware (AKA malspam). These campaigns have been widely documented by many organizations, including how Emotet Read More …

Imminent Monitor – a RAT Down Under

The availability of “commodity malware” – malware offered for sale – empowers a large population of criminals, who make up for their lack of technical sophistication with an abundance of malicious intent. Rather than looking just at the malware samples Read More …

Meet PyXie: A Nefarious New Python RAT

BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we’re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry. PyXie has been deployed in an ongoing campaign Read More …

New SectopRAT Trojan creates hidden second desktop to control browser sessions

A new Trojan, SectopRAT, has appeared in the wild which is able to launch a hidden secondary desktop to control browser sessions on infected machines. The new malware was first spotted by MalwareHunterTeam. In a tweet on 15 November, MalwareHunterTeam said Read More …

Calypso APT Emerges from the Shadows to Target Governments

A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India (34 percent), Brazil and Kazakhstan (18 percent respectively), Russia and Read More …

More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection

During our continued analysis of the xHunt campaign, we observed several domains with ties to the pasta58[.]com domain associated with known Sakabota command and control (C2) activity. In June 2019, we observed one of these overlapping domains, specifically, windows64x[.]com, being used as the Read More …

New Reductor Malware Hijacks HTTPS Traffic

Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server. Once infected, Read More …