Affected Platforms: Microsoft WindowsImpacted Users: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity Level: Critical
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people.
Security researchers have detected Agent Tesla campaigns from time to time for years.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: Compromised machines are under the control of the threat actorSeverity Level: High
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Many game makers allow users to alter a game’s appearance or behavior to increase its enjoyment and replay value. Players can often also download packages created by others.…
Affected Platforms: D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlierImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High
In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Affected platforms: All platforms where PyPI packages can be installedImpacted parties: Any individuals or institutions that have these malicious packages installedImpact: Leak of credentials, sensitive information, etc.Severity level: High
Vigilance is paramount in cybersecurity, especially when it comes to understanding and dissecting potentially malicious code. In this blog post, we’ll delve into a piece of code designed (discordpy_bypass-1.7 ) to extract sensitive data from user systems.…
Affected Platforms: TP-Link Archer AX21 (AX1800) Version 1.1.4 Build 20230219 or priorImpacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: High
Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800).…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Affected platforms: All platforms with Java installed Impacted parties: Any organization Impact: Attackers gain control of the infected systems Severity level: High
Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT).…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: Controls victim’s device and collects sensitive informationSeverity Level: High
FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium
Spynote is a Remote Access Trojan that initially surfaced in 2020. Since then, it has grown into one of the most common families of malware for Android, with multiple samples, integration of other RATs (e.g.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft Windows UsersImpact: This loader has been used to load multiple RATs and info stealers, which can lead to compromised credentials and enable further malicious activitiesSeverity Level: Medium
Executive SummaryWhile analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
The Phobos ransomware family is a notorious group of malicious software designed to encrypt files on a victim’s computer. It emerged in 2019 and has since been involved in numerous cyber attacks. This ransomware typically appends encrypted files with a unique extension and demands a ransom payment in cryptocurrency for the decryption key.…
Affected platforms: All platforms where PyPI packages can be installedImpacted parties: Any individuals or institutions that have these malicious packages installedImpact: Leak of credentials, sensitive information, etc.Severity level: High
The Python Package Index (PyPI) is an open repository of software packages developed by the Python community to help people quickly develop or update applications.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The information collected can be used for future attacksSeverity Level: High
FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023.…