Research by: Jiri Vinopal
Highlights: Check Point Research (CPR) reveals the increasing abuse of BoxedApp products to deploy multiple known malware families. BoxedApp products are general packers built on top of…Search Results for: play
At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications. Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to …
Last updated at Thu, 21 Mar 2024 13:20:04 GMT
Co-authors are Christiaan Beek and Raj Samani
Within Rapid7 Labs we continually track and monitor threat groups. This is one of …
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023
Discord is the first choice for gamers when they want to chat with some friends while playing …
UPDATE 11.09.2023. Google has informed us that all the apps were deleted from the Google Play store
A while ago we discovered a bunch of Telegram mods on Google Play …
Good Day ransomware, a variant within the ARCrypter family, was first observed in-the-wild in May of 2023. Between June and August of 2023, we observed an uptick in Good Day …
The proliferation of Ransomware-as-a-Service (Raas) and the widespread availability of leaked source code from prominent ransomware strains have elevated ransomware attacks to a significant concern for individuals and organizations alike. …
Authored by Dexter Shin
Minecraft is a popular video game that can be played on a desktop or mobile. This is a sandbox game developed by Mojang Studios. Players create …
Scan mode
The Scan mode enumerates software and services via WMI, WinRM, Remote Registry, and Remote Services.
It then checks for the existence of the following security programs:
Defence Defender…On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report provides …
This post is also available in: 日本語 (Japanese)
Executive SummaryPlayful Taurus, also known as APT15, BackdoorDiplomacy, Vixen Panda, KeChang and NICKEL, is a Chinese advanced persistent threat group that …
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same …
Authored by Dexter Shin
McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files …
During a routine threat-hunting exercise, Cyble Research Labs came across a Twitter post wherein a researcher shared new IoCs related to the infamous …
During our routine threat hunting exercise, Cyble Research Labs came across a Twitter Post wherein the researcher mentioned an Android malware variant published on the Play Store. The variant in …
Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the …
In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure …
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically posing as app security scanners.
These malicious apps …
Summary
RisePro is a multifunctional information-stealer often sold on underground forums as part of a Malware-as-a-Service (MaaS) offering. Although this malware family was initially observed in late 2022, a sharp …
See RL’s Joshua Knox break down the Polyfill.io supply chain attack on YouTube.…
Published On : 2024-06-29
Executive SummaryAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This …
Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario
Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors …
ReversingLabs researchers have made it a priority to monitor public, open source repositories for malicious packages that may lurk on them in recent years. The number and frequency of malicious …
In this post we detail our comprehensive investigation into the phishing campaign encountered by our company. Our aim …
Threat actors are constantly working on novel ways to target users across the globe. This blog is about SpyMax, an Android RAT that targets Telegram users. A point to be …
P2Pinfect is a rust-based malware covered extensively by Cado Security in the past. It is a fairly sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and …
Every now and then you come across new malware variants and find something that attracts a little attention. A few days ago I acquired a VBS file, directed via a …
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
The past few years have seen a significant increase in the number …
documented by Trend in 2023. A version of the legitimate VLC Media Player masquerading as a Google file (googleupdate.exe) was used to sideload a Coolclient loader (file name: libvlc.dll). The loader …
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI …
Malware authors use protectors like Themida and VMProtect in the hope that they will …
This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. Organizations can use this information to understand the potential …
There has been a significant increase in QR code phishing attacks in 2024, with cybercriminals exploiting the technology to steal personal and financial information.
Threat Actors (TAs) are…
Key findings
Proofpoint researchers identified an increasingly popular technique leveraging unique social engineering to run PowerShell and install malware. Researchers observed TA571 and the ClearFake activity cluster use this technique. …
FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with …
It’s amazing to see how attackers reuse and combine known techniques to target their victims with new campaigns! Last week, I spotted some malicious MSIX packages on VT that drop a NetSupport[1] client …
The North Korean state-sponsored group known as Kimsuky has launched a sophisticated cyber-espionage campaign targeting a prominent weapons manufacturer in Western Europe.
This attack released on LinkedIn, discovered on May …
It’s amazing to see how attackers reuse and combine known techniques to target their victims with new campaigns! Last week, I spotted some malicious MSIX packages on VT that drop a NetSupport[1] client …
FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with …
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.
This blog …
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its …
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of …
Resecurity has identified a new activity of Smishing Triad, which has expanded its operations to Pakistan. The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post …
Devcore announced a critical remote code execution (RCE) vulnerability in PHP, designated CVE-2024-4577. This flaw affects all PHP versions from 5.x onward running on Windows servers, making it a significant …