Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
By: Jason Reaves and Joshua Platt
SocGholish AKA FAKEUPDATES was first reported in 2017. While the initial analysis and reporting did not gain much attention, over time the actor(s) behind the activity continued to expand and develop their operations. Partnering with Evil Corp, the FAKEUPDATE / SOCGHOLISH framework has become a major corporate initial access vector.…
Given the current fluctuations in the energy market and the related rise in prices to consumers, it should be no surprise that threat actors are using lures to exploit the global interest in this issue.
FortiGuard Labs recently discovered an e-mail using this tactic. The message was delivered to a coffee company in Ukraine that was seemingly sent by an oil provider in Saudi Arabia.…
This post is also available in: 日本語 (Japanese)
Executive SummaryEmotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement effort shut down this malware in January 2021, Emotet resumed operations in November 2021. Since then, Emotet has returned to its status as a prominent threat.…
Published On : 2022-05-12
Onyx Ransomware ReportSuspected Malware: onyx RansomwareFunction: RansomwareRisk Score: 8Confidence Level: HighThreat actor Associations: Unknown
Executive Summary:The activity of new ransomware named “Onyx” was first observed in the second half of April 2022. This ransomware group has seven victims listed on its data leak page[.onion…
Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.
In this analysis, I’ll reveal how the phishing campaign manages to transfer the fileless malware to the victim’s device, what mechanism it uses to load, deploy, and execute the fileless malware in the target process, and how it maintains persistence on the victim’s device.…
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of different countries’ authorities.…
SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious intent, the system can be used as a passage if the infected system utilizes SystemBC, which acts as a Proxy Bot.…
The Morphisec Labs team has conducted research on the new Mars infostealer. Mars is based on the older Oski Stealer and was first discovered in June 2021. The new Mars is available for sale on several underground forums and is reported to be under constant development.…
Malicious email and phishing scams are usually topical and follow a pattern of current events, and they typically are crafted around calendar and/or trending issues as attackers realize that victims are interested in all things relevant to the moment. Threat actors are aware that not all recipients will bite, but some will, hence the origin of the term “phishing.”…
Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself.…
The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”, and “NFT” have become household terms and the sector is growing so fast that people and businesses are pouring in with dollar signs in their eyes and high hopes to get a piece of the pie.…
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras.
This post is also available in:日本語 (Japanese)
Українська (Ukrainian)
Executive SummarySince the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various types of fundraising.…The emails can be jarring, but the technique used by Qakbot (aka Qbot) seems to be especially convincing: The email-borne malware has a tendency to spread itself around by inserting malicious replies into the middle of existing email conversations, using the compromised accounts of other infection victims.…
February 3, 2022
by Steven Adair, Thomas Lancaster
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability was later assigned CVE-2022-24682 and was fixed in version 8.8.15P30 Update 2 of Zimbra Collaboration Suite.…
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection.
We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution.…
In 2021, Kaspersky ICS CERT experts noticed a growing number of anomalous spyware attacks infecting ICS computers across the globe.
Although the malware used in these attacks belongs to well-known commodity spyware families, these attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample.…
By Sriram P & Lakshya Mathur
Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more. Recently at McAfee Labs, we observed Hancitor Doc VBA (Visual Basic for Applications) samples dropping the payload using the Windows clipboard through Selection.Copy…
Fake virus alert is the technique used by the Cyber criminals to trick users into thinking their system have a virus then tell them to install or buy fake applications, sometimes redirect them to spam websites.
A New fake virus alert spotted by Malware Bytes team says users that their device infected by a dangerous virus created by Chinese Hackers.…