Malicious email and phishing scams are usually topical and follow a pattern of current events, and they typically are crafted around calendar and/or trending issues as attackers realize that victims are interested in all things relevant to the moment. Threat actors are aware that not all recipients will bite, but some will, hence the origin of the term “phishing.”…
Tag: SPAM
Appending a malicious file to an unsuspecting file format is one of the tricks our adversaries use to evade detection. Recently, we came across an interesting email campaign employing this technique to deliver the info stealer Vidar malware. First, let’s examine the email delivery mechanism, then go on to take a closer look at the Vidar malware itself.…
The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”, and “NFT” have become household terms and the sector is growing so fast that people and businesses are pouring in with dollar signs in their eyes and high hopes to get a piece of the pie.…
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras.
This post is also available in:日本語 (Japanese)
Українська (Ukrainian)
Executive SummarySince the beginning of the war in Ukraine, we have observed threat actors using email lures with themes related to the conflict, including humanitarian assistance and various types of fundraising.…The emails can be jarring, but the technique used by Qakbot (aka Qbot) seems to be especially convincing: The email-borne malware has a tendency to spread itself around by inserting malicious replies into the middle of existing email conversations, using the compromised accounts of other infection victims.…
February 3, 2022
by Steven Adair, Thomas Lancaster
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability was later assigned CVE-2022-24682 and was fixed in version 8.8.15P30 Update 2 of Zimbra Collaboration Suite.…
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection.
We observed Emotet spam campaigns using hexadecimal and octal representations of IP addresses, likely to evade detection via pattern matching. Both routines use social engineering techniques to trick users into enabling document macros and automate malware execution.…
In 2021, Kaspersky ICS CERT experts noticed a growing number of anomalous spyware attacks infecting ICS computers across the globe.
Although the malware used in these attacks belongs to well-known commodity spyware families, these attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample.…
By Sriram P & Lakshya Mathur
Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more. Recently at McAfee Labs, we observed Hancitor Doc VBA (Visual Basic for Applications) samples dropping the payload using the Windows clipboard through Selection.Copy…
Fake virus alert is the technique used by the Cyber criminals to trick users into thinking their system have a virus then tell them to install or buy fake applications, sometimes redirect them to spam websites.
A New fake virus alert spotted by Malware Bytes team says users that their device infected by a dangerous virus created by Chinese Hackers.…