The executables and the command constitute a component of the threat actor’s attempt to hijack SSH connections with the objective of acquiring SSH credentials. Analysis of the executables and their …
Search Results for: cloak
The Brazilian financial sector is facing a formidable cyber threat known as CHAVECLOAK, a banking trojan that has emerged as a significant menace. This sophisticated malware is designed to breach …
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: Controls victim’s device and collects sensitive informationSeverity Level: High
FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate …
Good Day ransomware, a variant within the ARCrypter family, was first observed in-the-wild in May of 2023. Between June and August of 2023, we observed an uptick in Good Day …
This post is also available in: 日本語 (Japanese)
Executive SummaryRussia’s Foreign Intelligence Service hackers, which we call Cloaked Ursa (aka APT29, UAC-0004, Midnight Blizzard/Nobelium, Cozy Bear) are well known …
We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat …
Generally, organizations such as institutes and companies use various security products to prevent security threats. For endpoint systems alone, there are not only anti-malware solutions but also firewalls, APT defense …
Politically-motivated hacktivist groups are increasingly utilizing ransomware payloads both to disrupt targets and draw attention to their political causes. Notable among these hacktivist groups is Ikaruz Red Team, a threat …
Nitrogen via Google ad for Advanced IP Scanner
Nitrogen, tested on May 3, 2024
Malvertising, the use of ads to deliver malware, has become very popular in the past couple …
As many people know, popular websites often display a dialog window when you first visit them. This could be a paywall to read an article, a notice about cookies, or …
We have been tracking a threat actor who’s behind several malvertising campaigns impersonating popular software downloads. That advertiser uses different identities but their tactics, techniques and procedures are very similar …
Telegram’s Windows application was recently updated to address a critical zero-day flaw that permitted the execution of Python scripts without triggering security alerts, due to a typo in processing certain …
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results …
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to …
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains
‘darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more …
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones …
It was just a little over a year ago that the Rhadamanthys stealer was first publicly seen distributed via malicious ads. Throughout 2023, we observed a continuation in malvertising chains …
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
tldr: In order for malware to successfully infect its target, code obfuscation passed into cmd.exe is frequently used. …
This post is also available in: 日本語 (Japanese)
Executive SummaryDynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to …
This post is also available in: 日本語 (Japanese)
Executive SummaryThe ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. We found this …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver …
Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign presented to users in sponsored search engine results and social media posts, consistent with …
This post is also available in: 日本語 (Japanese)
Executive SummaryMalicious actors often acquire a large number of domain names (called stockpiled domains) at the same time or set up …
During the past month, we have observed an increase in the number of malicious ads on Google searches for “Zoom”, the popular piece of video conferencing software. Threat actors have …
The majority of malvertising campaigns delivering malicious utilities that we have tracked so far typically deceive victims with pages that are almost the exact replica of the software vendor being …
Published On : 2023-11-03
Ransomware of the WeekCYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – …
Coauthored by Karthickkumar Kathiresan of Uptycs Threat Research Team…
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which …
In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI’s GPT-4. Even though Google has been dominating the search industry for years, this event was …
A new malvertising campaign is targeting corporate users who are downloading the popular web conferencing software Webex. Threat actors have bought an advert that impersonates Cisco’s brand and is displayed …
Published On : 2023-08-23
EXECUTIVE SUMMARYAt Cyfirma, we are dedicated to providing you with up-to-date information on the most prevalent threats and tactics used by malicious actors to target …
Threat actors constantly take notice of the work and takedown efforts initiated by security researchers. In this constant game of cat and mouse chasing, tactics and techniques keep evolving from simple …
In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.
We found active campaign …
Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader. The group behind this malware is believed to operate a …
EclecticIQ analysts assess with high confidence that two observed PDF documents are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries. The PDF …
Phishing attacks are a major cyber threat that continue to evolve and become more sophisticated, causing billions of dollars in losses each year according to the recent Internet Crime Report. …
It is apparent from past evidence that threat actors (TAs) utilize social media platforms to demonstrate their technical expertise …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Confiant’s broad coverage in ad tech gives us visibility on some of the darkest corners of the ecosystem. We are strong believers that to …
This post is also available in: 日本語 (Japanese)
Executive SummaryWe’ve probably all received advice for how to avoid phishing, such as to be on the lookout for spelling errors …
Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and …
This blog post was authored by Jérôme Segura
Black Friday is the annual kick off to the shopping season for brick and mortar and online retailers. However, it’s not just …
11/07: Updated article to provide clarity around hunting techniques
Key points from our research:
Following our reporting on Robin Banks in July, Cloudflare disassociated Robin Banks phishing infrastructure from its…This post is also available in: 日本語 (Japanese)
Executive SummaryIn May 2021, Palo Alto Networks launched a proactive detector employing state-of-the-art methods to recognize malicious domains at the time …
Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that …