In this article, we will explore the FalseFont Backdoor used by Peach Sandstorm APT to target defense contractors worldwide. The backdoor was initially identified and reported on by Microsoft. The malware features data exfiltration and remote access capabilities. It poses as a legitimate application from US Defense and Intelligence Contractor Maxar Technologies, and provides the user with a realistic UI and behavior.…

Read More
In the last weeks, we observed an increase in .NET based malware using DLL sideloading. A prominent example is JanelaRAT, a recent campaign targeting Latin American FinTech users.Their initial attack involves a phishing email, mainly in Portuguese language. The user is tricked into running a VisualBasic script, which then downloads the legitimate app used for sideloading and the payload posing as a legitimate DLL file.…
Read More