The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]
Last week, F5 Networks, one of the world’s largest provider of application delivery networking products, released a security advisory to warn their customers about a dangerous vulnerability that cybercriminals could start exploiting in the near future if it wasn’t already exploiting in the wild. The security flaw was discovered in multi-purpose networking devices (BIP-IP) that […]
Another ransomware family appeared this spring and is actively used in targeted attacks against enterprises and government agencies. In mid-May, cybercriminals attacked the network of the Texas Department of Transportation, but unauthorized access was discovered, and as a result, only part of the systems was encrypted. In this attack was used new ransomware – Ransom […]
As Google and Mozilla bring the widespread use of DNS over HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. The recently discovered versions of PsiXBot abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure. The malware appeared in 2017 as a simple infostealer that is capable […]
It’s no secret that phishing attacks are one of the most effective ways to infect the target with malware. Typically, adversaries expect to convince a user to open a malicious document and enable macros or use vulnerabilities in MS Office for deploy malware. We regularly publish rules (1, 2, 3) for detecting phishing campaigns or […]
Latin American banking trojans are just about to make a separate trend in malware writing. Adversaries regularly create new Trojans or Exploit Kits to attack bank users in Brazil, Mexico, and Peru, and with each new malicious campaign expand their target lists first to neighboring countries, and then to worldwide campaigns. In our recently published […]
Lokibot is trojan-type malware designed to collect a wide range of sensitive data. It was first noticed in 2015 and remains very popular among cybercriminals as it can be purchased at the underground forum by any attacker. A couple of years ago, “tinkerers” learned how to add C&C infrastructure addresses to the Trojan on their […]
Despite the fact that new ransomware families appear quite often, most of them are focused exclusively on Windows systems. Way more interesting is Tycoon, a multi-platform Java ransomware that can encrypt files on both Windows and Linux systems. This family has been observed in-the-wild since at least December 2019. Its authors compiled it into a […]
Today’s post is dedicated to the Himera loader malware that adversaries have been using in COVID-19 related phishing campaigns since last month. Cybercriminals continue to exploit the Family and Medical Leave Act requests related to the ongoing COVID19 pandemics as a lure, as this theme have already proven its effectiveness in distributing Trickbot and Kpot […]
We recently published a rule to discover one of the latest tools of the notorious APT38 group more known as Lazarus or Hidden Cobra. And it is time to continue publishing content to discover this sophisticated cybercriminal group. In today’s article, we will give the links on fresh detection content from one of the first […]