Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
The popularity of Cryptocurrency has increased exponentially over the recent years as dealing with crypto has become relatively hassle-free and more accessible. The financial returns of crypto investments have attracted many investors to invest in crypto markets.
As the demand for crypto investment has increased over the years, we can also see a corresponding rise in the number of crypto wallets.…
DLL (Dynamic-Link Library) sideloading is a technique used by Threat Actors to infect users using legitimate applications which load malicious DLL files that spoof legitimate ones. Recently Cyble Research Labs published a blog about Qakbot malware that leverages a calculator to perform DLL Sideloading.…
During a routine threat-hunting exercise, Cyble Research Labs discovered an unknown Rust-based stealer, which we have dubbed “Luca Stealer.” The source code of this stealer was leaked on a popular cybercrime forum for free on July 3, 2022. We have already witnessed over 25 samples based on this source code present in the wild.…
During a routine threat-hunting exercise, Cyble Research Labs came across a Twitter post wherein a researcher shared new IoCs related to the infamous Qakbot malware.
For initial infection, Qakbot uses an email mass spamming campaign. The Qakbot Threat Actors (TAs) have continuously evolved their infection techniques ever since it was initially identified in the wild.…
Cyble Research Labs discovered a new Remote Access Trojan (RAT) dubbed ApolloRAT. The RAT is written in Python and uses Discord as its Command and Control (C&C) Server. The TAs are selling this RAT for $15 on Telegram and their site, as shown in Figure 1.…
During our routine threat-hunting exercise, Cyble Research Labs came across a Twitter post wherein a researcher mentioned an interesting infection chain of Xloader malware.
The malware uses multiple file types such as PDF, XLSX, and RTF for its initial infection and execution. It is also designed to drop three modules in memory and execute the final payload using the Process-Hollowing technique.…
During our routine Threat-Hunting exercise, Cyble Research Labs came across a new stealer named “PennyWise” shared by a researcher. The stealer appears to have been developed recently. Though this stealer is fresh, the Threat Actor(s) (TA) has already rolled an updated version, 1.3.4.
Our investigation indicates that the stealer is an emerging threat, and we have witnessed multiple samples of this stealer active in the wild.…
Authored by Dexter Shin
Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol of a person’s popularity. Instagram’s large user base has not gone unnoticed to cybercriminals.…
Authored by Dexter Shin
McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials.…
Cyble Research Labs has constantly been tracking emerging threats and their delivery mechanisms. We have observed a surge in the use of .lnk files by various malware families. Some of the prevalent malware families using .lnk files for their payload delivery of late are:
Additionally, we have seen many APT instances where the Threat Actors (TAs) leverage .lnk…
ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.…
Zero-day exploits or recently patched/unpatched vulnerabilities are attractive targets for Threat Actors (TAs) to deploy malware efficiently. TAs leverages these vulnerabilities and exploits them to deliver the various types of malware to steal sensitive information for financial gain.
On June 11th, 2022, Microsoft tweeted a post where they mentioned that CVE-2022-26134 was being exploited to download and deploy the Cerber2021 ransomware (also known as “CerberImposter”).…
During our routine threat hunting exercise, Cyble Research Labs came across a Twitter Post wherein the researcher mentioned an Android malware variant published on the Play Store. The variant in question acts as a Hostile Downloader and downloads the Hydra Banking Trojan.
The downloaded app has the same functionality as recently encountered Hydra variants targeting Columbia.…
During the course of our work at Confiant, we see malicious activity on a daily basis. What matters the most for us is the ability to:
Protect our existing customers. Share unique threat intelligence. Keep finding unique vantage points for better detection.…In March 2022, a new malware named “Bumblebee” was discovered and reportedly distributed via spam campaigns. Researchers identified that Bumblebee is a replacement for BazarLoader malware, which has delivered Conti Ransomware in the past. Bumblebee acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc.…
In a recent blog post by Microsoft, a new Zero-Day vulnerability (CVE-2022-30190) was discussed. This vulnerability affects Microsoft Support Diagnostic Tool (MSDT), and the blog post provides some guidance on mitigating the impact of this vulnerability.
The post mentions that a Remote Code Execution (RCE) vulnerability present in MSDT allows the attackers to execute arbitrary code by exploiting it.…
Popular for compromising internet-connected devices and conducting distributed denial of service (DDoS) attacks, Mirai malware variants have been known to compromise devices that run on Linux builds ranging from mobile and Internet of Things (IoT) devices to cloud infrastructures. …