Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Online banking is convenient as it allows users to make money transfers, bill payments, verify their balance, and access accounts 24/7 at their fingertips. Like regular online banking customers, cybercriminals also benefit from online banking by committing financial fraud using various scams.…
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
SummaryQAKBOT’s malware distribution resumed on September 8, 2022 following a brief hiatus, when our researchers spotted several distribution mechanisms on this date.…
A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
We recently discovered a new piece of targeted ransomware that was created in the Go programming language and that explicitly targeted one of our customers.…
We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension.
Update (8/12/2022 2:05AM EST): We have updated the list of IOCs and detections.
We published our analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop.…
Victim: Ministry of Agriculture Rebublic Indonesia Country : ID Actor: vicesociety Source: Discovered: 2022-06-27 21:44:54.942418
Description: Indonesia’s rich natural resources are influenced by its tropical climate and geographical location between two continents, Asia and Australia, and two oceans, the Pacific Ocean and the Indian Ocean. Therefore, Indonesia is known as an agrarian country with a variety of products from agriculture, plantations, livestock, fisheries and forestry.…
Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed…
In 2021, we noticed a trend among several threat actors for deploying a backdoor within IIS after exploiting one of the ProxyLogon-type vulnerabilities within Microsoft Exchange servers.…
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.…
Users who download cracked software risk sensitive personal data being stolen by hackers.
Are you interested in downloading free, cracked software? If so, you should know what you’re getting into.
When you accidentally download malicious cracked software, attackers can take everything you have on your PC, and you’ll end up without your sensitive personal data and even without the software that you were trying to download in the first place.…
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of different countries’ authorities.…
Since its reemergence on Nov. 14, 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware distribution families which previously infected more than 1.6M devices and caused hundreds of millions of dollars in damage across critical infrastructure, healthcare, government organizations and enterprises around the world.…
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure.…