Executive Summary
SentinelLabs has identified a new Python-based infostealer and hacktool called ‘Predator AI’ that is designed to target cloud services.
The Predator AI developer implemented a ChatGPT-driven class into the Python script, which is designed to make the tool easier to use and to serve as a single text-driven interface between disparate features.…
Read More
Tag: MOBILE
It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some of these mods contain malware alongside legitimate enhancements.…
Key takeaways
The blog provides deep insights into a newly identified stealer known as “Trap Stealer” – an open-source Python-based program.
The developer of this stealer claims that it is designed to extract a wide range of sensitive data from compromised systems in just 6 seconds.…
Read More
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems continued to use the flawed software, allowing the threat actor to exploit them.…
Introduction
Read More
In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this operation was quite stealthy.…
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) has discovered a new Advanced Persistent Threat (APT) campaign focusing on luring unsuspecting victims through phishing websites mimicking well-known software applications.
In this campaign, a phishing website was observed masquerading as OpenVPN software tailored for Chinese users and serves as a host to deliver the malicious payload.…
Read More
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A recent article from the South China Morning Post discussed an increase in malicious webpages for the popular WhatsApp communication tool, driven via malicious Google ads. The paper described how these ads appeared to be exclusively targeted at people from Hong Kong and have caused losses of about USD$300K last month.…
Threat actors focus on gaining remote access and control of victims’ devices. For this they either use fake apps or masquerade as legitimate apps. This blog is about the Rusty Droid RAT, which masquerades Chrome browser for Android. The sample under consideration is taken from this tweet.…
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Blockchain, Botnets, Hexadecimal IP notation, Infostealers, and Ransomware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure…
Threat hunting encompasses a range of techniques and approaches aimed at discovering anomalies, threats, and risks associated with attacker activities. In the early days, log review by diligent system administrators was how these anomalies were detected, usually after the fact. This evolved into more structured methodologies created by security experts that attempted to identify these activities in real time.…
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Void Rabisu is an intrusion set associated with both financially motivated ransomware attacks and targeted campaigns on Ukraine and countries supporting Ukraine.…
By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023
Introduction:Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an acute spike of phishing emails, and another campaign that has been steadily going on since early 2022 with a slight variation in its TTPs.…
On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team became aware of a website hosting a Google Android Application (APK) impersonating the legitimate RedAlert – Rocket Alerts application (https://play.google.com/store/apps/details?id=com.red.alert&hl=en&pli=1). More than 5,000 rockets have been launched into Israel since the attacks from Hamas began on October 7th 2023.…
This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
IntroductionAs technology evolves and the world becomes more interconnected, so do the techniques used by threat actors against their victims. Threat actors pose a significant risk to organizations, individuals, and communities by continuously exploiting the intricate interdependencies within supply chains and codebases.…
Recent Attacks showcase AgentTesla spreading via CHM and PDF Files
Key Takeaways
This analysis emphasizes an interesting infection pathway to disseminate AgentTesla, a well-known malware strain.
The infection is initiated via a spam email containing a CHM file, which, upon execution, fetches a PowerShell script to start the AgentTesla infection on the victim’s system.…
Read More
THE THREAT
Read More
eSentire has observed an increase in Adversary-in-the-Middle (AitM) phishing attacks, starting in mid-September 2023. AitM phishing attacks involve socially-engineering end-users into opening malicious links contained in emails. Data is then proxied or relayed through attacker-controlled infrastructure, leading to the theft of user credentials, including Multi-Factor Authentication (MFA) codes and session cookies that would grant access to various accounts.…
A Short History Lesson
Read More
In 1923, the Soviet Union created the Nagorno-Karabakh Autonomous Oblast (an oblast is an administrative region or province) within the Azerbaijan Soviet Socialist Republic. This oblast has a 95% ethnically Armenian population. In 1988, Nagorno-Karabakh declared its intention to leave Azerbaijan and join the neighboring Republic of Armenia.…
Introduction
Read More
As long as cybercriminals want to make money, they’ll keep making malware, and as long as they keep making malware, we’ll keep analyzing it, publishing reports and providing protection. Last month we covered a wide range of cybercrime topics. For example, we published a private report on a new malware found on underground forums that we call ASMCrypt (related to the DoubleFinger loader).…
Learn how Checkmarx and AWS have partnered to help your financial services firm adapt to the evolving landscape
Read More
The way we bank has changed beyond recognition. Where transactions once took place in person within the walls of impressive buildings, we now see mobile and online banking on the rise.…