Tag: MONITOR

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses. 

Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including:

Cookies, saved logins and forms data from browsers Login credentials from email clients and messengers Files from crypto wallets Data from browser plugins and extension Arbitrary files based on commands from C&C

In addition, it’s able to download and execute arbitrary files by command from its C&C.…

Read More

Over the past year, FortiEDR has prevented multiple attacks that attempted to exploit various Microsoft Exchange server vulnerabilities, some of which we have previously covered.

Among these attacks, we identified a campaign operated by Moses Staff, a geo-political motivated threat group believed to be sponsored by the Iranian government.…

Read More

February 22, 2022 Editor’s Note: Since conducting his initial research, ZeroFox Intelligence Researcher Stephan Simon has uncovered additional details about the operators and the botnet. Updates have been published here.

In late October 2021, ZeroFox Intelligence discovered a previously unknown botnet called Kraken. Though still under active development, Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system.…

Read More
Key Findings   Proofpoint researchers have tracked a persistent cybercrime threat actor targeting aviation, aerospace, transportation, manufacturing, and defense industries for years.   The threat actor consistently uses remote access trojans (RATs) that can be used to remotely control compromised machines.   The threat actor uses consistent themes related to aviation, transportation, and travel.…
Read More

Despite being around for many years, blockchain captured the zeitgeist of the digital movement with the advent of Bitcoin. Digital currencies, however, are not the only application of this technology. Non-fungible tokens (NFT) entered the popular lexicon in 2021. An NFT is a digital token that uses blockchain to verify the authenticity of digital content and ownership, such as art, music, collectibles, and in-video-game items.…

Read More

Research by: Aliaksandr Trafimchuk, Raman Ladutska

This research comes as a follow-up to our previous article on Trickbot,  “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where we provided an overview of the Trickbot infrastructure after its takedown. Check Point Research (CPR) now sheds some light on the technical details of key Trickbot modules.…

Read More

Cisco Talos has observed a new campaign targeting Turkish private organizations  alongside governmental institutions.

Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran’s Ministry of Intelligence and Security (MOIS) by the U.S. Cyber Command. This campaign utilizes malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target’s enterprise.…
Read More

Broadcom Software, has found evidence of attempted attacks against a number of organizations in the country.

Active since at least 2013, Shuckworm specializes in cyber-espionage campaigns mainly against entities in Ukraine. The group is known to use phishing emails to distribute either freely available remote access tools, including Remote Manipulator System (RMS) and UltraVNC, or customized malware called Pterodo/Pteranodon to targets.…

Read More

Morphisec, through its breach prevention with Moving Target Defense technology, has identified a new, sophisticated campaign delivery which has been successfully evading the radar of many security vendors. Through a simple email phishing tactic with an html attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection.…

Read More
Introduction

In our previous article “Mobile banking fraud: BRATA strikes again” we’ve described how threat actors (TAs) leverage the Android banking trojan BRATA to perpetrate fraud via unauthorized wire transfers.

In this article, we are presenting further insights, on how BRATA is evolving in terms of both new targets and new features, such as:

Capability to perform the device factory reset: it appears that TAs are leveraging this feature to erase any trace, right after an unauthorized wire transfer attempt.…
Read More

TrickBot Bolsters Layered Defenses to Prevent Injection Research

Limor Kessem and Charlotte Hammond.

The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls.…

Read More

01/13/2022

Executive Summary

Recorded Future analysts continue to monitor the activities of the FIN7 group as they adapt and expand their cybercrime operations. Gemini has conducted a more in-depth investigation into these types of attack after a Gemini source provided analysts with the file “sketch_jul31a.ino”, which was linked to FIN7’s BadUSB attacks.…

Read More
Introduction

In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files contained decoy themes related to geo-political conflicts between Israel and Palestine. Such themes have been used in previous attack campaigns waged by the Molerats APT.…

Read More

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure.…

Read More

Authored by: Wenfeng Yu

McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in a game assistant tool called “DesiEsp” which is an assistant tool for PUBG game available on GitHub.…

Read More

Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically posing as app security scanners.

These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services.…

Read More
Researchers from Palo Alto Networks, has confirmed that Taomike, a Chinese mobile advertising company, has been distributing a malicious Software Development Kit (SDK) that allows Android developers for implementing in-app purchases (IAPs) for Android apps. The SDK, which can be downloaded for free via Taomike, steals all messages on infected phones and sends them to the Taomike controlled server.…
Read More