Authored by Preksha Saxena

McAfee labs observed a Remcos RAT campaign where malicious VBS files were delivered via phishing email. A phishing email contained a ZIP/RAR attachment. Inside this ZIP, was a heavily obfuscated VBS file. 

Remcos is a sophisticated RAT which provides an attacker with backdoor access to the infected system and collects a variety of sensitive information.…

Read More

On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we will detail additional tactics, techniques, and procedures (TTPs) employed by UNC4841 that have since been uncovered through Mandiant’s incident response engagements, as well as through collaborative efforts with Barracuda Networks and our International Government partners. …

Read More

The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.

The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat (detected by TrendMicro as AndroidOS_MMRat.HRX),…

Read More

In May 2023, a vulnerability affecting RocketMQ servers (CVE-2023-33246), which allows remote code execution, was publicly disclosed. In a recent blog post, Juniper Threat Labs provided a detailed explanation of how an exploit targeting this vulnerability works.

This vulnerability opened the gates for hackers to exploit the RocketMQ platform, leading to a series of attacks.…

Read More

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the threat actor deploying the final ransomware only 12 hours after the initial compromise.

This threat actor delivered a password protected ZIP file via HTML smuggling to organizations back in late October, early November 2022.…

Read More

Summary

Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks.…

Read More

By Aleksandar Milenkoski and Tom Hegel

Executive SummarySentinelLabs has identified suspected-Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia. The threat actors drop Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan executables vulnerable to DLL hijacking to deploy Cobalt Strike beacons.…
Read More

XLoader is a long-running malware-as-a-service infostealer and botnet that has been around in some form or another since 2015. Its first macOS variant was spotted in 2021 and was notable for being distributed as a Java program. As we noted at the time, the Java Runtime Environment hasn’t shipped by default on macOS since the days of Snow Leopard, meaning the malware was limited in its targeting to environments where Java had been optionally installed.…

Read More

Web servers are vulnerable to attacks because they are publicly accessible to a wide range of users for the purpose of delivering web services. This accessibility makes them a prime target for threat actors. AhnLab Security Emergency response Center (ASEC) is monitoring attacks targeting vulnerable web servers that have not been patched or are poorly managed.…

Read More