IBM X-Force has identified Hive0147 as a prominent threat actor in the Latin American cyber landscape, particularly focusing on phishing and malware distribution. Recently, they have introduced a new downloader named “Picanha” to deploy the Mekotio banking trojan, alongside other banking trojans like Banker.FN.…
Author: SecurityIntelligence
Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails.…
MASEPIE, a new backdoor replacing Headlace to facilitate follow-on actions. In addition to MASEPIE, ITG05 developed another new backdoor dubbed OCEANMAP. X-Force analysis revealed the code basis of CREDOMAP was likely used in the creation of OCEANMAP. In place of CREDOMAP, ITG05 has opted for the use of a new simplified PowerShell script named STEELHOOK.…
Malware dubbed Fakext that uses a malicious Edge extension to perform man-in-the-browser and web-injection attacks.
Here’s what cyber professionals need to know about the Fakext campaign and the different attacks the extension performs. Lastly, we will explore some indicators of compromise (IOCs) and a remediation guide for this malware.…
Large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people.…