On May 13, 2024, Kaspersky consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. Since Lazarus rarely attacks individuals, this piqued Kaspersky researchers interest and they decided to take a closer look.
The researchers discovered that prior to the detection of Manuscrypt, Kaspersky technologies also detected exploitation of the Google Chrome web browser originating from the website detankzone[.]com. On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version. But that was just a disguise. Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit.
Read more…
Source: Kaspersky
Related:
- LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File
February 14, 2020
LokiBot, which has the ability to harvest sensitive data such as passwords as well as cryptocurrency information, proves that the actors behind it is invested in evolving the threat. In the past, we have seen a campaign that exploits a remote code execution vulnerability to deliver LokiBot using the Windows Installer service, a Lokibot variant that uses ISO ...
- US Cyber Command, DHS, and FBI expose new North Korean malware
February 14, 2020
US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have exposed today a new North Korean hacking operation. Authorities have published security advisories detailing six new malware families that are currently being used by North Korean hackers. According to the Twitter account of the Cyber National Mission Force (CNMF), a subordinate unit ...
- Wireshark Tutorial: Examining Qakbot Infections
February 13, 2020
Qakbot is an information stealer also known as Qbot. This family of malware has been active for years, and Qakbot generates distinct traffic patterns. This Wireshark tutorial reviews a recent packet capture (pcap) from a Qakbot infection. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Qakbot infections. Note: This tutorial assumes you have ...
- Emotet Now Spreads via Wi-Fi
February 13, 2020
A new strain of Emotet was found spreading through wireless internet connections, deviating from the email spam campaigns that the malware commonly utilizes as a means of propagation. According to researchers from Binary Defense, this new loader type takes advantage of the wlanAPI interface to spread from an infected device to an unsecure Wi-Fi network. Emotet was discovered by Trend ...
- An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)
February 13, 2020
The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of the CryptoAPI system. Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create ...
- New Cyber Espionage Campaigns Targeting Palestinians: The Spark and Pierogi Campaigns
February 13, 2020
Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks attributed to a group called MoleRATs (aka The Gaza Cybergang), an Arabic-speaking, politically motivated group that has operated ...