BROWSER Archives - Page 106 of 109 - Cybersecurity News Everyday

Threat Research

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II | FortiGuard Labs

May 17, 2022 Securonix

Fortinet’s FortiGuard Labs captured a phishing campaign that delivers three fileless malware onto a victim’s device. Once executed, they are able to control and steal sensitive information from that device to perform other actions according to the control commands from their server.

In Part I of this analysis, I introduced how these three fileless malware are delivered to the victim’s device via a phishing campaign, and what mechanism it uses to load, deploy, and execute these fileless malware in the target process.…

Threat Research

Grandoreiro Banking Malware Resurfaces for Tax Season

May 17, 2022 Securonix

Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out tax-themed phishing emails.

Views: 0…

Threat Research

Black Basta Besting Your Network?

May 16, 2022 Securonix

Black Basta Besting Your Network?

first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers not only execute ransomware but also steal data and threaten to release it publicly if the ransom demands are not met.…

Threat Research

Tandem Espionage – InQuest

May 16, 2022 Securonix

Some time ago, we discovered an interesting campaign distributing malicious documents. Which used the download chain as well as legitimate payload hosting services. In this report, we will show the technical side of this campaign as well as provide additional indicators.

Image 1: Coercive graphical lureImage 2: Low AV detection

A check on the VirusTotal service showed a very superficial detection.…

Threat Research

SocGholish Campaigns and Initial Access Kit

May 13, 2022 Securonix

By: Jason Reaves and Joshua Platt

SocGholish AKA FAKEUPDATES was first reported in 2017. While the initial analysis and reporting did not gain much attention, over time the actor(s) behind the activity continued to expand and develop their operations. Partnering with Evil Corp, the FAKEUPDATE / SOCGHOLISH framework has become a major corporate initial access vector.…

Threat Research

New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse | FortiGuard Labs

May 12, 2022 Securonix

Nokoyawa is a new Windows ransomware that appeared earlier this year. The earliest samples collected by FortiGuard researchers were compiled in February 2022 and share substantial code similarities with Karma, another ransomware that traces its lineage to Nemty through a long string of variants. Nemty is a ransomware family that FortiGuard Labs researchers reported on back in 2019.…

Threat Research

Vidar distributed through backdoored Windows 11 downloads and abusing Telegram

May 11, 2022 Securonix

Summary

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. We discovered these domains by monitoring suspicious traffic in our Zscaler cloud. The spoofed sites were created to distribute malicious ISO files which lead to a Vidar infostealer infection on the endpoint.…

Threat Research

Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) – ASEC BLOG

April 18, 2022 Securonix

In December last year, the vulnerability (CVE-2021-44228) of Java-based logging utility Log4j became a worldwide issue. It is a remote code execution vulnerability that can include the remote Java object address in the log message and send it to the server using Log4j to run the Java object in the server.…

Threat Research

Bumblebee Malware from TransferXL URLs

April 18, 2022 Securonix

Introduction

Last month, Google’s Threat Analysis Group (TAG) reported on EXOTIC LILY using file transfer services like TransferNow, TransferXL, WeTransfer, or OneDrive to distribute malware (link). Threat researchers like @k3dg3 occasionally report malware samples from this activity. Based on @k3dg3’s recent tweet, I searched through VirusTotal and found a handful of active TransferXL URLs delivering ISO files for Bumblebee malware.…

Threat Research

Emotet Summary: November 2021 Through January 2022

April 18, 2022 Securonix

This post is also available in: 日本語 (Japanese)

Executive Summary

Emotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement effort shut down this malware in January 2021, Emotet resumed operations in November 2021. Since then, Emotet has returned to its status as a prominent threat.…

Threat Research

KurayStealer: A Bandit Using Discord Webhooks

April 12, 2022 Securonix

Research by: Ashwin Vamshi and Shilpesh Trivedi

Views: 0…

Threat Research

COBALT MIRAGE conducts ransomware operations in U.S.

April 11, 2022 Securonix

Secureworks® Counter Threat Unit™ (CTU) researchers are investigating attacks by the Iranian COBALT MIRAGE threat group, which has been operating since at least June 2020. COBALT MIRAGE is linked to the Iranian COBALT ILLUSION threat group, which predominantly uses persistent phishing campaigns to obtain initial access.…

Threat Research

Ursnif Malware Banks on News Events for Phishing Attacks | Qualys Security Blog

April 7, 2022 Securonix

Table of Contents

Ursnif (aka Gozi, Dreambot, ISFB) is one of the most widespread banking trojans. It has been observed evolving over the past few years. Ursnif has shown incredible theft capabilities. In 2020 Ursnif rose to prominence becoming one of the top ten most prolific pieces of malware.…

Threat Research

REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence

April 7, 2022 Securonix

Secureworks® Counter Threat Unit™ (CTU) researchers analyzed REvil ransomware samples that were uploaded to the VirusTotal analysis service after the GOLD SOUTHFIELD threat group’s infrastructure resumed activity in April 2022. The infrastructure had been shuttered since October 2021. Analysis of these samples indicates that the developer has access to REvil’s source code, reinforcing the likelihood that the threat group has reemerged.…

Threat Research

New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns

April 1, 2022 Securonix

This post is also available in: 日本語 (Japanese)

Executive Summary

Recently, we’ve identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered through search engine optimization (SEO) manipulation to convince users to download malicious documents.

Some of SolarMarker’s capabilities include the exfiltration of auto-fill data, saved passwords and saved credit card information from victims’ web browsers.…

Threat Research

FFDroider Stealer Targeting Social Media Platform Users

March 29, 2022 Securonix

Introduction

Credential stealing malware is commonly observed in the landscape of cyber attacks today. Zscaler ThreatLabz team has discovered many new types of stealer malwares across different attack campaigns. Stealers are malicious programs that threat actors use to collect sensitive information with various techniques including keylogging, cookie stealing, and sending stolen information to the Command and Control Server. …

Threat Research

Parrot TDS takes over web servers and threatens millions – Avast Threat Labs

March 25, 2022 Securonix

A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the world. The TDS has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.…

Threat Research

The Latest Remcos RAT Driven By Phishing Campaign | FortiGuard Labs

March 25, 2022 Securonix

Remcos RAT (Remote Access Trojan) was originally designed as a professional tool to remotely control computers. Remcos RAT is recognized as a malware family because it has been abused by hackers to secretly control victims’ devices since its first version was published on July 21, 2016.…

Threat Research

Lazarus Trojanized DeFi app for delivering malware

March 23, 2022 Securonix

For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving.…

Threat Research

Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

March 23, 2022 Securonix

Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.

The Trend MicroTM Managed XDR team has made a series of discoveries involving the BLISTER loader and SocGholish.…