Recent postsHomeMalware Analysis Windows 11 UAC Bypass in Modern Malware

In this article, we’ve prepared a brief overview of UAC bypass methods in Windows 11 that are used in modern malware and provided examples of their implementation in active threats. We’ll cover: 

Exploitation of COM interfaces with the Auto-Elevate property  Modification of the ms-settings registry branch  Infinite UAC Prompt Loop (social engineering) 

Let’s investigate these methods. …

Read More

No one is safe from scams. In fact, scams targeting corporations and organizations employ meticulously social-engineered attack scenarios. Unlike smishing targeting individuals or online shopping scams, such attacks design tailored phishing scenarios based on previously collected information about the target. As such, it is not easy for the victim organization to recognize the scam.…

Read More

Published On : 2024-05-20

EXECUTIVE SUMMARY

At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team recently identified a binary in the wild, identified as an information stealer; “SamsStealer”. It is a 32-bit Windows executable designed to stealthily extract sensitive information from victims’ systems.…

Read More

Summary: This content highlights the misuse of the client management tool Quick Assist by the threat actor Storm-1811 in social engineering attacks, targeting users for financial gain.

Threat Actor: Storm-1811 | Storm-1811 Victim: Users targeted in social engineering attacks | Users targeted in social engineering attacks

Key Point :

Storm-1811, a financially motivated cybercriminal group, has been observed misusing the client management tool Quick Assist to target users in social engineering attacks.…
Read More

Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.

Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations

Key Point :

The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…
Read More

Summary: The Avast Q1/2023 Threat Report highlights the increase in social engineering scams and the evolving tactics used by cybercriminals to exploit deepfakes, YouTube, malvertising, and phishing.

Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations

Key Point :

Social engineering scams have increased by 61% on mobile and 23% on desktop.…
Read More

Summary: This article discusses an ongoing social engineering campaign targeting multiple managed detection and response (MDR) customers, where a threat actor overwhelms a user’s email with junk and offers assistance through remote connection software to harvest credentials and maintain persistence on the victim’s asset.

Threat Actor: Unknown | Unknown Victim: Multiple managed detection and response (MDR) customers | Multiple managed detection and response (MDR) customers

Key Point :

A social engineering campaign is targeting MDR customers by overwhelming their email with junk and offering remote assistance.…
Read More

Key Takeaways 

Cyble Research and Intelligence Labs (CRIL) recently uncovered a malicious website associated with the SideCopy APT group. 

Since 2019, the SideCopy threat group has been actively targeting South Asian nations, with a particular focus on India. 

Analysis of the malware website revealed a collection of files utilized in executing the malware campaign, indicating a sophisticated and coordinated effort by the threat actors. …
Read More

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge.…

Read More

Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to gain access to sensitive corporate data and assets.

Threat Actor: Scattered Spider | Scattered Spider Victim: Multiple companies in the finance and insurance industries | finance and insurance companies

Key Point :

Scattered Spider is aggressively targeting companies in the finance and insurance industries using convincing lookalike domains and login pages.…
Read More

Summary: This content discusses a phone scam where cybercriminals pose as the PayPal security team and trick victims into giving them access to their online accounts.

Threat Actor: Cybercriminals | cybercriminals Victim: PayPal users | PayPal users

Key Point :

Cybercriminals pretend to be the PayPal security team and call victims, claiming there is unusual activity on their accounts.…
Read More

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities.

This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity of protecting digital assets.

Utilizing Facebook for Initial Infiltration

According to a recent report from Genians, Kimsuky, a notorious cyber-espionage group, has recently been observed using Facebook to target individuals involved in North Korean human rights and security affairs.…

Read More

Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from theft, loss, or hacking.

Threat Actor: N/A

Victim: N/A

Key Point:

Password protection on files sent via email is not as secure as it may seem, as it can be easily circumvented.…
Read More

AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.

A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …

Read More

Malicious Google ad redirects to FakeBat, dropping zgRAT.

FakeBat, tested on May 5, 2024

FakeBat (EugenLoader) is a type of malware loader packaged in Microsoft installers (MSI or MSIX) distributed via social engineering lures. It is most commonly delivered via malicious ads (malvertising) on Google.

The often large installers conceal a malicious PowerShell script responsible for communicating with the malicious infrastructure and retrieving a followup payload.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More