Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
During a routine investigation, Cyble Research and Intelligence Labs (CRIL) discovered multiple Chrome extensions that compromised over two million users with Browser Hijackers. A browser hijacker is an unwanted program that modifies browser settings without user permission and redirects them to specific web pages that they do not intend to visit.…
In July 2022, Sekoia.io discovered a new Golang botnet advertised by its alleged developer as Aurora botnet since April 2022. Since we published an analysis of the malware and the profile of the threat actor advertising Aurora on underground forums for our clients, the botnet’s activity slowed down.…
Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF.
This report analyzes the threat landscape ahead of the 2022 FIFA World Cup hosted in Qatar that begins on November 20, 2022.…
Summary
Actions to Take Today to Mitigate Cyber Threats from Ransomware:
• Prioritize remediating known exploited vulnerabilities.• Enable and enforce multifactor authentication with strong passwords• Close unused ports and remove any application not deemed necessary for day-to-day operations.
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.…
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.
The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites.…
Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day.
Proofpoint observed multiple changes to Emotet and its payloads including the lures used, and changes to the Emotet modules, loader, and packer.…This post is also available in: 日本語 (Japanese)
Executive SummaryIn early August 2022, Cyble Research Labs (a cybercrime monitoring service) uncovered a new crypto miner/stealer for hire that the malware author named Typhon Stealer. Shortly thereafter, they released an updated version called Typhon Reborn. Both versions have the ability to steal crypto wallets, monitor keystrokes in sensitive applications and evade antivirus products.…
It was discovered that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is being distributed in Korea. It was first found through AhnLab ASD infrastructure’s suspicious ransomware behavior block history. In October, it was also reported to AhnLab as a suspicious file by a Korean organization.…
Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug (aka Lotus Blossom, Thrip) is a long-established advanced persistent threat (APT) group that is believed to have been active since at least 2009.…
In our newest category #ShortAndMalicious DCSO CyTec aims to briefly highlight new and interesting samples we come across in our daily hunt for malware.
For the first entry in the series, we take a brief look at an undocumented custom malware we have been analysing under the moniker “StrelaStealer” (“Стрела” == arrow) which appears to be purpose-built to steal mail login data.…
Share this blog
Web browsers contain the most lucrative pieces of information about a user and thus are becoming an interesting target for malware developers. Every keystroke or session cookie can contain very private information about a user, and access to such information can create critical security and privacy issues.…
FormBook stealer is an infostealer trojan available as a malware-as-service. This malware is often used by attackers with low technical literacy and little programming knowledge. FormBook can be used to steal various information from infected machines.
Despite how easy it is to set up and use, the malware has advanced stealing and evasion functions including the ability to pull stored and recorded user input.…
11/07: Updated article to provide clarity around hunting techniques
Key points from our research:
Following our reporting on Robin Banks in July, Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations. In response, Robin Banks administrators made several changes, including relocating its infrastructure to a notorious Russian provider and changing features of its kits to be more evasive.…APT-36 (also known as Transparent Tribe) is an advanced persistent threat group attributed to Pakistan that primarily targets users working at Indian government organizations. Zscaler ThreatLabz has been closely monitoring the activities of this group throughout 2022. Our tracking efforts have yielded new intelligence about this APT group that has not previously been documented.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Cyble Research and Intelligence Labs (CRIL) has continuously monitored malware campaigns that distribute different malware families, such as stealer, clipper, and ransomware.
Recently, CRIL observed a malware strain known as SmokeLoader, which carries popular malware family samples such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users.…
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
IntroductionA recently released critical vulnerability for Apache Commons Text library is currently being exploited in the wild. The Apache Commons project provides a large number of Java-based utilities and packages for a wide range of applications.…